Recently, the report "IDC MarketScape: China Situational Awareness Solution Market 2021, Vendor Evaluation" was officially released. IDC conducted comprehensive interviews and evaluations of major situational awareness solution and service providers in China based on the global AIRO definition, and ultimately selected 22 representative vendors for the report. WebRAY, with outstanding technical capabilities and innovative solutions that deeply penetrate application scenarios, is firmly among the "major vendors" in the Chinese situational awareness market.

IDC believes that with the successive release and implementation of multiple laws and regulations related to network security and data security in China, including the Data Security Law and the Regulations on the Security Protection of Critical Information Infrastructure, it further demonstrates China's emphasis on network security and data security, and strengthens supervision in related fields. At the same time, business requirements such as cloud computing, remote work, and highly flexible IT architecture have become important components of the digital transformation process of enterprises under the new normal of epidemic prevention and control.

In this scenario, enterprises need to deploy more and more security products and tools to address thorny issues such as network boundary generalization, surge of malicious threats, and legal compliance supervision. However, due to the lack of professional network security technicians in enterprises, facing the massive amount of network threat alarm information and urgent security incidents that need to be dealt with every day, security managers are often overwhelmed and aimless.

Therefore, situational awareness solutions based on "Network Security Analysis, Intelligence, Response, and Organization (AIRO)" have become the main choice for many enterprises, especially medium and large enterprises. As the "smart brain" of active security defense system, situational awareness is playing an increasingly critical role in the overall network security of enterprises.

During the research process of this report, IDC conducted in-depth interviews with multiple domestic network security product and service providers, and carefully understood the technical characteristics and project application of their situational awareness solutions. The selected manufacturers need to have a clear market positioning and long-term planning in the field of situational awareness. The solutions provided must have at least the following functions: analysis and intelligence, response, orchestration, and have implemented projects in the Chinese market. WebRAY has once again been included in the report and has maintained its position as a "major vendor" in the Chinese situational awareness market, which is an authoritative third-party institution's recognition of the company's technical capabilities and comprehensive strength in the field of situational awareness.

WebRAY Multi dimensional and Multi scenario Situation Awareness Solution

After years of in-depth research on customer actual needs, WebRAY has carefully polished its products and solutions. Currently, it can flexibly respond to the pain points of different industry scenarios, and build multi-dimensional and multi scenario situational awareness solutions for different analysis perspectives. It meets the technical requirements of situational awareness system with different personalized scenario expansion and adaptation based on the general analysis model. The advantages of Shengbang's security situational awareness solution in terms of product concept, technological implementation, and market application are mainly reflected in the following aspects:

Rich data sources

The plan includes various types of database resources such as asset ledger information, asset vulnerability data, intrusion threat events, advanced threat events, and horizontal abnormal behavior. It can extract metadata from various dimensions such as asset IP, ports, services, systems, middleware, security vulnerabilities, weak passwords, webshell backdoors, content auditing, malicious access, illegal scanning, zombie hosts, Trojans, worm attacks, brute force cracking, injection, cross site scripting, request forgery, etc. The original information is rich and the judgment basis is comprehensive, providing reliable data support for situational awareness and detailed clues during event judgment.

Dynamic Asset Perspective

The plan establishes a situational awareness model from the perspective of asset governance security, starting from network asset management and analyzing the correlation between asset attributes, management status, self security, and attack risk. Based on intrusion monitoring and vulnerability monitoring, it further supplements the dimensions of event analysis. By combining online perception, event learning, and manual sorting, a dynamically updated asset ledger is formed, taking into account the accuracy and timeliness of asset management, assisting users in sorting out security situations from a business perspective, accurately identifying security risks, and implementing emergency response measures reasonably.

Accurate correlation analysis

The plan includes original security events from different dimensions, which can effectively improve the accuracy of event correlation analysis; Traditional security management scenarios face a large number of independent security products, and limited information on a single event type cannot accurately assess the degree of threat and actual impact. The Shengbang Security Situation Awareness Program identifies the connections between different types of security incidents through integration and correlation analysis, eliminates interfering factors, extracts effective information, and accurately judges the impact of the incident based on the health status of assets, the possibility of threats, the degree of threat damage, and other information, and provides disposal recommendations for the next step of reporting, warning, and response actions.

Closed loop disposal process

The overall design concept of the plan covers all aspects of security event situation monitoring, correlation analysis, event analysis, notification and warning, and emergency response. It can provide a complete process from discovery and analysis to disposal tracking for a certain security event, and effectively combine security technology with management operations using notification and disposal functions to assist users in following up on the entire process of event disposal. Whether it is high-risk intrusion events, high-risk vulnerabilities, or illegal behaviors, it can truly achieve a secure closed-loop disposal.

7 suggestions provided by IDC

IDC has released the report "IDC MarketScape: China Situation Awareness Solution Market 2021, Vendor Evaluation", aiming to provide industry professionals with reference when choosing situation awareness solutions and service providers, and to offer the following 7 suggestions to technology buyers:

1. Business first: As the "smart brain" of the enterprise's proactive network security protection system, the situational awareness platform should not become an obstacle to business development. The platform needs to understand and adapt to the specific business scenarios of customers in different industries, especially providing strategy adjustments and customized development for the security needs and business characteristics of medium and large customers. For example, the regulatory situation awareness platform concerned by the government and industry regulatory authorities, the operational situation awareness platform concerned by enterprises, and the industrial Internet situation awareness platform concerned by industrial enterprises all have their own unique needs and focus on functional points, so that the situation awareness platform can play a more accurate role in security protection.

2. Enhancing the value of threat intelligence: Threat intelligence will play an increasingly important role in threat assessment and tracing, and can even help companies perceive industry related threats in advance, achieving proactive defense against malicious threats. Therefore, technology buyers should integrate high-quality threat intelligence into the situational awareness platform to improve the accuracy of platform threat determination and timely perception of new threats.

3. The integration of technology and products is a trend: Although many security vendors are striving to expand their own network security product categories and create comprehensive situational awareness solutions for technology buyers on their own, excellent security products require the polishing of technology and the accumulation of experience. Currently, security vendors have their own advantages in platform construction, big data analysis, network traffic detection, terminal security protection, response and orchestration automation, and other aspects. Especially for large technology buyers with strong technical capabilities, they should comprehensively evaluate the technical advantages and product features of various security vendors, choose suitable product combinations to create a high-quality situational awareness protection system.

4. Automation capability is the future direction of evolution: With the rapid development of enterprise scale and the continuous increase of IT assets, the amount of data obtained and managed by situational awareness platforms is increasing day by day, and enterprise security operation personnel need to face numerous alarm information and security events. Automated/semi automated analysis and handling capabilities can free up security operations personnel from simple and repetitive workflows, freeing up more energy to handle sudden and complex security incidents, reducing workloads, and enhancing work value.

5. Managed security services help enhance platform value: IDC defines three types of hosted security services. One is the On site Security Service (MSS-CPE), which is commonly used in large localized enterprise networks; The second is MSSHosted, which is commonly used in small and medium-sized localized networks; The third is cloud hosting security services (CHESS), which are more commonly used for public cloud tenants. For technology buyers who lack their own network security operation team, choosing a suitable security service model based on their own network and business attributes for hosting and operating a situational awareness platform is a wise choice. Professional security service personnel can more accurately analyze and quickly handle security incidents, fully leveraging the platform's capabilities.

6. In the case of limited budget, it is necessary to build the situational awareness platform in stages: the construction of the situational awareness platform is a continuous improvement process. With security detection, the situational awareness platform will carry more functional requirements, and achieving comprehensive planning and construction of the entire platform at once is a difficult goal to achieve. Especially in the case of limited budget, enterprises should make long-term planning and phased construction of projects.

7. Attention should be paid to product usability: Although it is not the core value of situational awareness platforms, for small and medium-sized enterprises, concise and clear functional and interface design can help network security managers quickly grasp the usage methods of products, timely detect and handle threat events, and solve complex problems through professional technical support channels, greatly realizing the value of situational awareness platforms; The situational awareness platforms of large enterprises, especially those in key industries, often cover numerous functions to achieve full lifecycle management of security events, which puts higher demands on the functional logic and interface design of products. How to help platform users easily view key information about enterprise security status at a glance, and quickly find the required information and functional modules without frequently jumping through numerous pages or windows, is even more important.