电力监控系统网络安全管理平台端点Agent体系架构及关键技术

Power Monitoring System Network Security Management Platform Endpoint Agent Architecture and Key Technologies

  • 摘要: 为了进一步提升网络安全监测能力,国家电网公司制定了资产及行为数据全采集的工作目标,针对工作目标和目前端点Agent存在的系统事件采集不全、采集项少且不规范、技术架构不清晰等问题,应用端点检测与响应技术,重构原端点Agent的体系架构,制定新的端点系统信息采集规范,突破系统信息采集、系统事件订阅、系统资源占用监视和限制等关键技术,研发了新的端点Agent产品。经实验验证,重构后的端点Agent性能和系统资源占用满足监测能力提升要求。最后对端点Agent和端点检测与响应技术在电力监控系统的应用前景做出展望。

     

    Abstract: In order to further improve the capabilities to monitor the network security, the State Grid Corporation of China formulated the work goal of full collection of asset and behavior data, applied endpoint detection and response technology, reconstructed the architecture of the original endpoint agent, formulated new endpoint system information collection specifications, and break through key technologies such as endpoint system information collection, system event subscription, system resource consumption monitoring and throttling, And then new endpoint agent product was developed. After experimental verification, the reconfigured endpoint agent performance and system resource occupation meet the requirements for monitoring capability improvement. Finally, the application prospect of endpoint agent and endpoint detection and response technology in power monitoring system is prospected.

     

/

返回文章
返回