SCC Help >> SCC Overview

SCC Overview

System Overview

Security Control Center (SCC) is an important component of the system. Based on the system network management platform, SCC provides a whole series of security management solutions, which cover security deployment, whole network monitoring, extensive threat detection, in-depth threat analysis, expert decision-making, and coordinated response.

SCC features the following advantages:

• Provides realtime attack alarm monitoring, helping you find out the network security status in real time.
• Provides basic query and advanced query for you to browse the concerned attack alarms.
• Supports security control policy management, which allows you to define the security control policies as needed and can automatically neutralize network threats.
• Provides reports, helping you view and analyze attacks from multiple aspects.
• Provides attack topologies, which visually display the links and related network devices where attack alarms occurred.
• Provides alarm matching policy management, allowing you to filter concerned attack alarms and take actions by defining matching rules for concerned alarms and action/alarm variable mappings. With action/alarm variable mappings defined, the SCC supports more actions such as message delivering and compliance check. In addition, there are dozens of system-defined alarm matching policies available to you.

Function Overview

SCC provides five functions: security control policy management, attack alarm management, report management, security topology management, and alarm matching policy management.

This function defines the actions to be taken in response to attack alarms. Upon receiving attack alarms, SCC can take actions according to the matched policies to remove the network security threats automatically. Besides, some of the actions support recovery operations. After the network threats are removed, you can resume the normal network status in time.

This function displays attack alarms and the matched policies, and at the same time, it can take actions according to the pre-defined policies, helping you monitor and analyze the operation of the network effectively.

This function displays summary information about attack alarms occurred in the last hour, allowing you to know the alarm information from multiple perspectives.

This function displays the attack alarms in the form of a topology, helping you find out the network devices where alarms occurs and the network environments where security threats exist.

The system provides alarm matching policies for SecCenter attack alarms by default. You can also define concerned alarms, alarm matching rules, and action/alarm variable mappings, and modify configured alarm matching policies. Alarm matching rules help the SCC identify user-defined alarms. When an alarm arrives, the SCC component determines whether to pay attention to the alarm according to the alarm OID and then determines whether the alarm is a concerned one according to the configured regular expression. If the alarm matches the regular expression, the SCC component considers it as a concerned alarm. Then, the SCC component assigns a value to the action variable according to the action/alarm variable mapping for the purpose of taking action subsequently.

• Security Control Policy Management
• Attack Alarm Management
• Report Management
• Security Topology Management
• Alarm Matching Policy Management

Usage Guide

To acquaint yourself with SCC quickly, see SCC Quick Start.

FAQ

For problems that might occur during SCC operations, see FAQ.

Typical Applications

Using a typical application scenario, this section provides the detailed operation procedures, allowing you to know the SCC application quickly. For more information, see SCC Typical Application.