Function Overview

SecMaster is a new generation cloud native security operation platform. Based on years of cloud security experience of Huawei Cloud, it enables integrated and automatic security operations through cloud asset management, security posture management, security information and event management, security orchestration and automatic response, cloud security overview, simplified cloud security configuration, configurable defense policies, and intelligent and fast threat detection and response.

Security Overview consists of Security Score, Security Monitoring, and Your Security Score over Time. SecMaster works with other cloud security services to display real-time security assessment results. On the Security Overview page, you can view security status of your cloud resources, take required actions with just a few clicks, and manage risks centrally.

Workspaces are operation platforms of SecMaster resources. A single workspace can be bound to common projects, regions, and enterprise projects for different application scenarios.

• Workspace data entrustment: All workspaces of a single tenant are aggregated to a workspace for centralized security operation. Security operations of cross-tenant workspaces are centralized (no compliance requirement, data aggregation allowed).
• Workspace delegation: allows cross-account secure operation. You can centrally view asset risks, alerts, and incidents.

Security Governance provides you with a security governance template and compliance scanning service and converts the standard clauses in the security compliance pack into check item.

Note: To enable this feature, submit a service ticket.

You can view the security overview on the large screen in real time and periodically subscribe to security operation reports to know your key security indicators.

• Situation Overview: Displays the security evaluation of resources in the current workspace in real time.
• Large Screen: AI analyzes and classifies massive cloud security data and then displays security incidents in real time on a large screen. The large screen display gives you a simple, intuitive, bird's eye view of the security of your entire network clearly and efficiently.
• Reports: You can generate analysis reports. In this way, you can learn about the security status of your assets in a timely manner.
• Task Center: Displays the tasks to be processed in a centralized manner.

SecMaster automatically discovers and manages all assets on and off the cloud and displays the real-time security status of your assets.

Risk prevention provides baseline check and vulnerability management to help your cloud security configuration meet authoritative security standards, such as DJCP, ISO, and PCI, as well as Huawei Cloud security best practice standards. You can learn about the global vulnerability distribution and fix vulnerabilities with one click.

• Baseline Inspection: SecMaster can scan cloud baseline configurations to find out unsafe settings, report alerts for incidents, and offer hardening suggestions to you.
• Vulnerabilities: Automatically synchronizes vulnerability scanning result from Huawei Cloud Host Security Service (HSS), displays vulnerability scanning details by category, allows users to view vulnerability details, and provides vulnerability fixing suggestions.
• Emergency Vulnerability Notices: SecMaster collects the latest information on known host security vulnerabilities every 5 minutes.
• Policy Management: SecMaster supports centralized management of defense and emergency policies.

Threat operation provides various threat detection models to help you detect threats from massive security logs and generate alerts; provides various security response playbooks to help you automatically analyze and handle alerts, and automatically harden security defense and security configurations.

• Incidents: Displays incident details in a centralized manner and supports manually or automatically turning alerts into incidents.
• Alerts: Integrates and displays alerts of various cloud services, including HSS, WAF, and Anti-DDoS.
• Indicators: Integrates indicators of many cloud services and extracts indicators based on custom alert and incident rules.
• Intelligent Modeling: Alert models can be built.
• Query and Analysis: Collect, aggregate, and analyze security logs and alarms from multiple products and sources based on predefined and user-defined threat detection rules. It helps quickly detect and respond to security incidents and protect cloud workloads, applications, and data.
• Data Delivery: SecMaster can deliver data to other pipelines or other Huawei Cloud products in real time so that you can store data or consume data with other systems.
• Data Consumption: Provides streaming communication interfaces for data consumption and production, provides data pipelines that are integrated with SDKs, and allows customers to set policies for data production and consumption. Provides Logstash open-source collection plug-ins for data consumption and production.
• Data Monitoring: Supports end-to-end data traffic monitoring and management.

SecMaster provides response playbooks for cloud security incidents. You can use playbooks to implement efficient and automatic response to security incidents.

• Objects: Manages operation objects such as data classes, data class types, and category mappings in a centralized manner.
• Playbooks: Supports full lifecycle management of playbooks, processes, connections, and instances.
• Layouts: Provides a visible low-code development platform that enables you to customize layouts.
• Plugins: Plug-ins used in the security orchestration process can be managed in a unified manner.

Collects various log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.

Integrate security ecosystem products for associated operations or data interconnection. After the integration, you can search for and analyze all collected logs.