Introduction to SOC
The Security Operating Center (SOC) determines whether the NetEngine 8000 F is being attacked by constantly monitoring statistics collected by security detection modules, service modules, and system monitoring modules, and takes measures accordingly to defend against attacks.
To ensure system reliability and protect services against attacks, the NetEngine 8000 F supports security techniques, such as rate limiting by committed access rate (CAR), attack detection, and attack defense. However, in absence of a global management center that can summarize and analyze all attack information, attack detection and defense are not comprehensive for the NetEngine 8000 F.
To address this problem, the SOC has been developed to summarize and analyze information reported by all security detection modules in the system. Then the SOC presents attack event reports, attack sources, cause analysis, and solutions in a centralized and concise manner.
The SOC does not display information about minor attack events that affect only a function in the system. The SOC also does not display information about events that cause system breakdown by sending constructed malformed packets or a small number of packets to attack the system. Information about the events that cause system breakdown is displayed by service modules, the NMS, the log function, and the attack source tracing function.
CPU usage when the attack event occurs is much higher than that in normal cases.
The rate of packet loss caused by CPCAR exceeds a normal threshold.
A protocol module detects a large number of invalid packets or sessions, and the percentage of the number of invalid packets or sessions to the total number of packets or sessions exceeds a normal threshold.