主机安全能力建设指南 (2022年) m o U b u A Z Q H h t i g W J c . 5 青藤云安全 lo ck 2022年6月 ca ps ta b 中国信息通信研究院云计算与大数据研究所 目录 1. 概述 ............................................................................................................................................... 1 2. 主机安全能力发展态势 ...............................................................................................................2 2.1 持续检测是基础 ................................................................................................................ 2 2.2 快速响应是动力 ................................................................................................................ 3 m o c . 5 2.3 架构适配是未来 ................................................................................................................ 4 2.3.1 云工作负载保护平台 .............................................................................................. 5 2.3.2 全生命周期的云原生安全体系 ..............................................................................6 b u 3. 主机安全关键能力及技术要求 ...................................................................................................7 3.1 基础级 .................................................................................................................................9 h t i g 3.1.1 资产清点 .................................................................................................................. 9 3.1.2 风险发现 ................................................................................................................ 10 3.1.3 入侵检测 ................................................................................................................ 11 3.1.4 合规基线 ................................................................................................................ 13 3.2 增强级 ................................................................................................................................14 3.2.1 病毒查杀 ................................................................................................................ 15 3.2.2 文件完整性 ............................................................................................................ 16 3.2.3 内存马检测 ............................................................................................................ 17 3.2.4 主机型蜜罐 ............................................................................................................ 19 3.3 先进级 ................................................................................................................................20 3.3.1 供应链安全 ............................................................................................................ 20 1 3.3.2 微隔离 .................................................................................................................... 22 3.3.3 威胁狩猎 ................................................................................................................ 24 4. 重点行业主机安全能力需求分析 .............................................................................................25 5. 主机安全能力建设流程 .............................................................................................................29 5.1 主机安全平台评估 .......................................................................................................... 29 5.2 资质评估 ...........................................................................................................................31 5.2.1 企业资质 ................................................................................................................ 31 m o c . 5 5.2.2 产品资质 ................................................................................................................ 32 5.2.3 测试报告 ................................................................................................................ 32 5.2.4 知识产权 ................................................................................................................ 32 b u 5.3 成本评估 ............................................................................................................................33 h t i g 5.4 合同签订 ............................................................................................................................33 6. 出版单位介绍 .............................................................................................................................34 6.1 青藤云安全简介 .......................................................................................