PRODUCTS
current location:PRODUCTS
PRODUCTS
USM
Venusense USM
The big data version of Venusense Unified Security Management Platform (USM) is the next generation of big data security management platform developed base on the traditional security management platform. Building on 10-year USM research experience and big data technologies, Venusense USM uses the big data processing technology to rebuild a security management platform. Based on IT assets, Venusense USM takes the service information system as the core, secure data as the drive, and customer experience as the direction, and builds a measurable uniform service support platform from the dimensions of monitoring, audit, risk management, as well operation and maintenance. Users can monitor the availability and performance of service information systems, analyze, audit, and generate warnings for configurations and events, measure and assess risks and situations, and develop a standard, routine, and normal security operation process, to finally achieve the continuous and secure operation of service information systems. In additional to traditional security management functions, Venusense USM provides stronger data analysis performance and more interactive analysis functions, which becomes an effective tool for security analysts.
As one of the earliest and most advanced security management platforms, Venusense USM has more than 10 patents and is widely used in China after more than 10 years of development. A report released by IDC Consulting shows that Venusense USM has ranked No. 1 in domestic security management platform market share for eight consecutive years from 2008 to 2015, and become the No. 1 security management platform brand in China.
1Security Big Data Analysis Function Overview


2Features:
 
3Value

By using the big data technology, users can make daily security management ordered and simplified, to promote the overall network security management capability by:

 Improving local security to global security.

● Improving single-point prevention to collaborative prevention.

 Improving fuzzy management to quantitative management.

 Expanding from compliance analysis to threat detection.

4Advantages:

 Big data security analysis architecture

Adopts patented CupidMQ message bus and CupidDB non-relational database technology and stream analysis, continuous aggregation, interactive analysis, full-text retrieval, and playback engine to provide multiple high performance security analysis capabilities.


 Powerful data processing capability

The event analysis library writing capability is improved more than 4 times and retrieval performance is improved more than 100 times. System deployment is flexible and can be expanded horizontally.


 Service-focused unified security management

The system has a built-in service modeling tool. Users can build a service topology to reflect the assets in the service support system. The system can automatically build a service health indicator system to assess the health situation of a service based on its performance and availability, vulnerability, and threats, which helps users analyze the availability, security events, and alerts associated with the service.


 Complete monitoring on performance and availability

The system monitors the status of IT assets on an entire network in real time and in fine-grained manner to discover availability faults timely, locate faults and alerts. This ensures the availability and service continuity of important service information systems and visually displays the network topologies of users.


 All-round security information collection

Venusense USM can use various methods to collect log, performance, weakness, and stream information about devices and service systems, such as the Syslog, SNMP, SNMP trap, FTP, OPSEC LEA, NETBIOS, ODBC, WMI, Shell scripts, SSH, NetFlow, Telnet, RDP, and Web Service information.


 Flexible full-text retrieval

The system provides the distributed full-text retrieval technology, supports speedy information collection as well as token division and indexing for security events without normalization, and implements high speed full-text retrieval on event content, as convenient as a search engine.


 Powerful interactive security analysis

Based on detailed log normalization and categorization technologies, the system uses a big data technology-based distributed non-relational database to implement full-text indexing for formatted data and original logs. Working together with distributed processing, the system provides policy-based security event analysis, interactive query through a visualization dashboard, and powerful event hybrid retrieval capability by merging multiple log analysis technologies. The system provides a powerful interactive security analysis tool for security analysts.


 Intelligent security event association analysis

By using the advanced intelligent event association analysis engine, the system continuously implements security event association analysis on all normalized log streams in real time. It provides the following event association analysis technologies: rule-based association analysis, context-based association analysis, and behavior-based association analysis. In addition, it provides rich visible security event analysis views to improve analysis efficiency and help security analysts discover security problems based on threat information.


 Intelligent stream security analysis

By capturing, generating, and intelligently analyzing service network stream information, the system builds the stream behavior outline, recognizes asset attributes, detects abnormal service streams, checks compliance, and implements cross analysis and tracing on streams and security events.


 Complete vulnerability management and risk assessment

Efficiently associating with multiple vulnerability scanning systems in real time, the system has the built-in configuration check function to fully manage and control vulnerabilities. By referencing national and international standards, the system can quantitatively estimate and assess security risks based on the risk matrix.


 Proactive warning management

The system uses the warning management function to issue early internal and external warning information, and associates such information with IP assets on the network to analyze the affected assets, which helps users know possible attacks and potential security risks encountered by service systems. The system supports both internal and external warning. The warning types include security notification, attack warning, vulnerability warning, and virus warning. Warning information can be in preparatory, formal, or archived status.


 Proactive network threat information collection and use

The system proactively collects threat information in real time and uses rule association and observation list to help security management personnel discover threats from known external attack sources. At the same time, the system generates threat intelligence for security analysts.

Venustech cooperates with FengHuo Tai CTI Alliance and other famous independent threat intelligence service providers. The system integrates numerous third-party threat intelligence sources to provide more comprehensive and precise threat intelligence.


 Indicator-based macro situational awareness

Based on collected massive security events, the system uses data mining technologies such as address entropy analysis, hotspot analysis, threat situation analysis, and KPI analysis to help administrators estimate the macro security situation and identify, locate, trace, and predict major threats.


 Various security response management and reports

The system has the excellent response management function. Based on configured trigger conditions, the system notifies users by various methods (such as by email, short message, voice, SNMP trap, instant message, WeChat, and work orders), triggers the response handling process, and traces problem handling until completion to achieve security event close-loop management. The system provides various security reports based on different users.


 Integrated security management control user interface

The system provides the powerful integrated security management & control interface and multi-perspective and -level management views for different users.


Components


 Security management center

   Includes the Venusense USM core function of the big data CupidDB version.

   Built-in performance collection module with complete monitoring functions.

   Built-in event collection module with complete events collecting functions.


 Performance collector

The performance collector can be installed and deployed independently or integrated with the event collector. Same as the function of the built-in performance collection module in the management center, the performance collector helps the management center to implement distributed performance collection and monitoring.


 Event collector

The event collector can be installed and deployed independently or integrated with the performance collector. Same as the function of the built-in event collection module in the management center, the event collector helps the management center to implement distributed event collection and load balancing.


 Log proxy

For Windows logs, the system provides separate Windows log proxy software, which is installed on a Windows host to collect information about Windows system logs.


 Stream collector

The stream collector can be installed and deployed independently to help the management center to collect and analyze information about network streams.


 Distributed data storage index node

The nodes are used to store, query, extract, and count massive events in distributed mode and perform other related processing operations.


 Configuration check collector

The configuration check collector can be installed and deployed independently to implement distributed configuration check or offline configuration check.


 Configuration check proxy

For the Windows OS, the system provides a configuration check proxy installed on Windows OS to implement configuration check.


5Deployment Mode


1. Single-stage hybrid distributed deployment


Collectors are deployed in distributed mode to collect log, performance, and configuration information. To meet massive data storage and analysis requirements, distributed storage index nodes are used. These nodes are elastically expanded as needed and managed by the security management center uniformly.



2. Multi-stage deployment


In multi-stage deployment mode, multiple management centers are deployed and a general center is built to connect to multiple sub centers. In this case, multiple management center components are deployed on the network. The administrator of each sub center uses the browser to log in to the sub center to manage the security of the jurisdictional network. The administrator of the general center uses the browser to log in to the general management center for uniform management and centralized display of the entire network. The administrator of the general center can also supervise the management of each sub-center.


This mode is applicable to enterprises that have branch offices or institutions that have subordinate agencies, to meet multi-stage management requirements.



6Certification and Honors



 Information Technology Security Assessment Certificate EAL3 Level issued by China Information Technology Security Evaluation Center 


 Military Information Security Certificate 


 CCID report shows that Venusense USM has ranked No. 1 in domestic market share for eight consecutive years from 2008 to 2015.