GB/T 42453-2023
Information Security Technology Network Security Situational Awareness General Technical Requirements (English Version)
- Standard No.
- GB/T 42453-2023
- Language
- Chinese, Available in English version
- Release Date
- 2023
- Published By
- General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
- Latest
- GB/T 42453-2023
- Scope
- This document provides a technical framework for cybersecurity situational awareness and specifies the general technical requirements for the core components of the framework. This document is applicable to the planning, design, development, construction and evaluation of cybersecurity situational awareness products, systems or platforms.
- Introduction
1. Background and significance of the standard
Network Security Situation Awareness is a key technology in the current information security field. It aims to comprehensively grasp the network security status, predict security trends, and provide monitoring, early warning and decision-making support by collecting and analyzing multi-dimensional data such as network traffic, asset information, logs, and vulnerability information. The release of GB/T 42453-2023 fills the gap in technical requirements in this field in China and provides a unified technical specification for the planning, design, development and evaluation of network security situation awareness systems.
2. Overview of technical framework
According to GB/T 42453-2023, the network security situation awareness technical framework consists of front-end data sources, core components and other elements. The core components include six modules: data aggregation, data analysis, situation display, monitoring and early warning, data service interface and system management. This standard focuses on the general technical requirements of core components, and does not involve relatively independent front-end data sources and other elements.
Module Name Function Description Main Sub-Functions Data Aggregation Responsible for collecting, preprocessing and storing various types of network security data from front-end data sources. - Supports multiple collection protocols (Syslog, HTTP/HTTPS, SNMP, etc.)
- Data screening, conversion, completion and marking
- Structured, semi-structured and unstructured data storage
Data Analysis Based on various data analysis models, network attack analysis, asset risk assessment, abnormal behavior identification and security incident analysis are realized. - Supports multiple technologies such as feature matching, correlation analysis, and machine learning
- Establish knowledge databases such as threat information database and asset information database
- Generate attacker portraits and user behavior portraits
Situation display Provide network security situation assessment results to users in different roles through a variety of views and report formats. - Supports multiple visualization methods such as radar charts, geographic information charts, trend charts, etc.
- Provides multi-dimensional display of overall situation, asset situation, traffic situation, etc.
- Generates statistical reports and analysis reports
Actual application case: Implementation of a network security situation awareness system in a certain enterprise
A large enterprise has achieved comprehensive monitoring of internal network traffic, asset information and security incidents by deploying a situation awareness system that complies with the GB/T 42453-2023 standard. The system identifies multiple potential APT attacks by analyzing network logs and traffic data in real time, and issues early warnings in a timely manner to help enterprises take defensive measures before being attacked.
GB/T 42453-2023 Referenced Document
- GB/T 25069-2022 Information security techniques—Terminology
- GB/T 28458-2020 Information security technology—Cybersecurity vulnerability identification and description specification
- GB/T 28517-2012 Network incident object description and exchange format
- GB/T 30279-2020 Information security technology—Guidelines for categorization and classification of cybersecurity vulnerability
- GB/T 36643-2018 Information security technology—Cyber security threat information format
GB/T 42453-2023 history
- 2023 GB/T 42453-2023 Information Security Technology Network Security Situational Awareness General Technical Requirements