Recently, the report "IDC MarketScape: China Situation Awareness Solution Market Research, 2023" was released. IDC believes that after years of development, situational awareness platform technology continues to evolve towards practicality and practicality, effectively helping customers respond to network attacks, and the platform's comprehensive capabilities are becoming increasingly mature. Shengbang Security was recognized by IDC as a "major vendor" in the 2023 China situational awareness solution market evaluation, once again gaining recognition from a well-known third-party consulting firm. This is a result of WebRAY's adherence to the "two precision and one depth" research and development strategy.

After years of technological accumulation and product refinement, Shengbang Security has flexibly responded to the pain points of different industry scenarios, and constructed multidimensional solutions corresponding to different analysis perspectives, which meets the technical requirements of situational awareness system with personalized scene understanding ability based on the general analysis model. In terms of product concept, technological implementation, and market application, it has the following characteristics:

Rich data sources

It contains various types of data such as asset ledger information, API asset data, asset vulnerability data, intrusion threat events, advanced threat events, and horizontal abnormal behavior. It can extract metadata from various dimensions such as asset IP, domain/subdomain, port, service, system, middleware, security vulnerabilities, weak passwords, website shell backdoors, content auditing, malicious access, illegal scanning, zombie hosts, Trojans, worm attacks, brute force cracking, injection, cross site scripting, request forgery, etc. The original information is rich and the judgment basis is comprehensive, which can provide reliable data support for situational awareness and detailed clues for event judgment.

Dynamic Asset Perspective

A situational awareness model has been established from the security perspective of asset governance, starting from network asset management and analyzing the correlation between asset attributes, management status, self security, and attack risk. Based on intrusion monitoring and vulnerability monitoring, the dimensions of incident analysis have been further enriched. By combining active surveying, passive surveying, agent collection, manual reporting, and manual sorting, a dynamically updated multi-source integrated asset ledger is formed to ensure the accuracy and timeliness of asset management, assist users in sorting out security situations from a business perspective, accurately identify security risks, and reasonably implement emergency response measures.

Accurate correlation analysis

The plan includes original security events from different dimensions, as well as integrating PDNS, Whois, organizational structure information, network intelligence, and threat intelligence, which can effectively improve the accuracy of event correlation analysis; Through the association analysis of SOAR security orchestration and automation engine, identify the connections between different types of security events, eliminate interfering factors, extract effective information, and accurately judge the impact of events based on the health status of assets, the possibility of threats, and the degree of damage caused by threats, and provide disposal recommendations.

Closed loop disposal process

The overall design concept of the plan covers the situation monitoring, correlation analysis, event analysis, notification and warning, and emergency response of security incidents. It can provide a complete process from discovery and analysis to disposal tracking for a certain security incident, and effectively combine security technology with management operations using notification and disposal functions to assist users in following up on the entire process of event disposal. Whether it is high-risk intrusion events, high-risk vulnerabilities, or illegal behavior, it can truly achieve a secure closed-loop disposal.

In the "IDC MarketScape: China Situation Awareness Solution Market Research, 2023" survey, IDC proposed the following suggestions:

Operate and measure security effectively

It is very important to reflect the value of the situational awareness platform after its construction is completed. Not only do we need to identify problems, but we also need to showcase the value of safety. This requires sufficient cooperation with technology providers and continuous operation to present the status and development trends of enterprise network security, becoming an important basis for obtaining security investment from corporate executives.

Focus on event analysis rather than log analysis

Log analysis only presents one or more fragments of the attack process, while event analysis can present the complete attack process and the harm it brings based on the attack chain. The current situational awareness platform has a wide range of telemetry data sources, which makes it easier for it to make more accurate judgments on network attack events. At the same time, based on the ATT&CK framework, it can better understand the attacker's tactics and help customers effectively understand and handle security incidents. Log analysis focuses on the process, while event analysis focuses on the results.

SOAR helps enhance automation capabilities

SOAR capability has become a standard feature of situational awareness platforms, further enhancing the efficiency of closed-loop handling of security incidents. Of course, it is necessary for users to understand its principles and customize a script that suits their own business characteristics.

Low code makes rapid customization possible

The demand for customized development of platform products is inevitable. In the past, for technology providers, providing customized development cycles for platform products was relatively long. However, with the widespread application of low code technology, the efficiency of customized development is rapidly improving. This not only benefits technology providers, but also shortens the delivery cycle of the entire project, allowing the platform to go live quickly.

Do a good job in ecological integration management

Large customer environments typically include a large number of security products from different brands, which are managed from a technical perspective through situational awareness platforms. However, customers need to manage different technology providers as an ecosystem to ensure their own security defense capabilities, which helps to improve overall security effectiveness and face network attacks calmly.

Actively try new technologies and focus on new abilities

Some situational awareness technology providers have begun to try to increase their capabilities in BAS, compliance management, etc., so that end customers can verify their value from their own perspective. More attempts at new technologies and functions not only help improve the detection effectiveness of their own network security system, but also promote the maturity of related technologies of technology providers.