摘要 |
PURPOSE: A method and a system for operating a security call center to cope with security intrusion accidents are provided to offer an intelligent-type integrated security solution fit to the intrusions of a new type or a changed information communication environment, and correctly detect/cope with the intrusions or attacks in real-time. CONSTITUTION: A firewall connects between an external network and an internal network. Security agents monitor the data flow flowing in the internal network and a system call of a server. An ISE(Intelligent Security Engine) judges the attacks by analyzing a warning message, traffic information, and event information received from the security agents, and generates signatures through learning. An SPM(Security Policy Manager) manages/applies a security policy to each security agent based on a judging result of the ISE.
|