Unified security management and operation and maintenance audit solution for operators
Industry pain points and needs

With the continuous expansion of telecom operators' information network scale, network internal control security management has increasingly become the focus of telecom operators' information construction. It is the basic guarantee of the internal information application management system of telecom operators. Only when the computer network is unblocked and network security is ensured, can telecom operators use the advanced information management system to improve internal management, so as to improve the efficiency, management level and competitiveness of film operators. However, with the complexity of internal information systems and personnel operating these systems, how to realize the safe access of operators' maintenance personnel to the maintenance network and internal network, and how to better ensure the maintenance personnel's authority management, operation process monitoring and behavior audit of network internal servers have become the problems that major operators have to face.

Industry demand
Combined with the current security situation faced by the informatization development of colleges and universities, there are mainly the following risks in operation and maintenance management:
1. Management status: at present, the business support network and value-added service network are important supports for the business operation of operators. The operation and maintenance management personnel shall conduct daily inspection on the comprehensive settlement system, billing and accounting system, business analysis system, customer relationship management system and partner relationship management system in the business support network; The systems of the value-added service network include intelligent network system, SMS system and MMS system for operation and maintenance management. There are many types of systems and complex business logic. The operation and maintenance personnel should be responsible for the operation and maintenance management of multiple business systems at the same time. There are problems of multi-point login, decentralized management and inaccurate identification and authorization control;
2. Password management risk: in the key core business of the whole information system, the password management and authority management of the application system and database are complex, and some compliance requirements require regular modification of the equipment management password, which brings unimaginable workload to the operation and maintenance personnel;
3. Permission allocation: the complexity of core business system application determines that multiple roles (system / database / security / audit administrator / maintenance agent, etc.) share accounts and cross manage. How to control personnel permissions according to the principle of minimum permission allocation;
4. Business terminal risk: the MIS configuration and misoperation of operation and maintenance personnel may directly affect the business continuity, which is not effectively and reasonably avoided, and it is difficult to prove and trace afterwards.
Our programme

How to effectively and standardize the management of operators and operation behavior is the core of data center operation and maintenance management. Palladium's unified security management and comprehensive audit system solution adopts the management idea of "prevention in advance, control in process and post audit". From the perspective of how to reduce operational risk, take people, operation and technology as the management core.

Through the construction of Palladium unified safety management and comprehensive audit system, the following effects are achieved:

one   Provide users with unified access and platform for operation and maintenance;

two   Realize the centralized control and management of account number, authentication, authorization and audit of business support system, DCN network operation management system, operating system, database, network equipment and other IT resources;

three   Realize centralized and role-based master-slave account management, and realize fine-grained permission allocation and management of role attribute level;

four   Realize centralized identity authentication and access portal;

five   Realize centralized access authorization, access control based on centralized control security policy and role authorization management;

six   Realize centralized security audit management, collect and record users' use of key and important resources of business support system;

seven   Meet the requirements of compliance audit and operation and maintenance management.

Deployment mode

Program advantages
Mature and stable

More than ten years of market verification and technology accumulation, and a large number of successful cases have been deployed in complex application production environment, especially many operators and financial cases;  

The equipment is easy to maintain and manage. It has obvious advantages in the case of multi machine deployment. It has participated in the deployment of large projects with 30 equipment deployment, 14 equipment for cluster management, 2000 concurrent users and 10000 asset authorization management;

There are many industry cases of operators: China Mobile Group Zhejiang Co., Ltd., China United Communications Co., Ltd. Zhejiang branch, China Telecom Co., Ltd. Shanghai branch and China Telecom Co., Ltd. Anhui Branch.

Safe and reliable

At the same time, two sets of unified operation and maintenance platforms with independent applications and complete functions are provided. The device HA can achieve real-time synchronization of configuration and audit log;

Strong adaptability to network environment, realize green deployment, do not change the original network topology, support cluster deployment and cross network segment deployment;

The system development and update shall follow the safety software development life cycle process to realize version management, and each iterative upgrade shall ensure that the best practices are met.

modern techniques

Support local authentication, ad domain authentication, radius authentication, fingerprint authentication, wechat authentication, SMS authentication, etc., with the most complete identity authentication methods in the industry;

The system login strategy of users can be set, including limiting login IP, login time period, port, account, etc., to ensure that new users can access the background resources they have permissions and realize controllable operation and maintenance;

Support the alarm and blocking of high-risk commands, and effectively control the risks caused by misoperation and high-risk operation in operation and maintenance;

Unified management of in band and out of band operation and maintenance, the only mainstream KVM over IP products in the industry that simultaneously support Avocent, Raritan, aten, etc;

The original database operation and maintenance audit platform covers mainstream commercial database enterprise applications and operation and maintenance operations.

Customer Benefits

1. Help customers meet the compliance requirements of network security level protection, network security law, ISO27001, SOX act, etc;

2. Realize centralized identity authentication and access portal, realize centralized access authorization, access control and role authorization management based on centralized control security policy, and ensure that various business delivery systems in the network center provide 7x24 hours of uninterrupted operation and maintenance;

3. Realize core data assets, intranet core network equipment, host equipment, database assets, virtualization equipment, comprehensive settlement system, billing and accounting system, business analysis system, customer relationship management system, partnership management system and value-added service network, including network center assets such as intelligent network system and short message system, so as to realize cross platform Centralized control and management of account number, authentication, authorization and audit of various IT resources across operating systems, across operation and maintenance protocols and across equipment types;

4. Ensure the security and integrity of business system data, and control the security status of network environment in real time.

Classic cases
  • China Telecom
  • China Mobile
  • China Unicom
  • Oriental Communication
  • Siemens Communications
Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co