观安观智全链路数据流转监测与分析系统

观安全链路数据流转监测与分析系统（以下简称“EFM”），基于旁路全链路流量模式下，自动识别出应用、数据库等业务资产产生的敏感流量，并对资产主体产生的敏感流量进行业务审计、风险监测、溯源分析等，从而建立一站式数据安全监测体系，帮助用户完成“事前事中事后”三个阶段的日常数据安全运营工作，达到数据安全治理目的。 EFM系统作为单系统而言，可以作为全链路全流量的审计类型系统，对网络传输流量的抓取、解析、识别，将流量中敏感数据进行提取，同时根据敏感数据识别规则或敏感场景识别策略，对传输过程中包含的敏感内容或敏感文件进行区分和梳理。对流量中存在的风险行为，进行预防性检测和定位。进而在发生泄漏等安全事故时，进行数据线索溯源。

The Full-Link Security Data Flow Monitoring and Analysis System (hereinafter referred to as "EFM") operates based on the bypass full-link traffic mode. It automatically identifies sensitive traffic generated by business assets such as applications and databases, and conducts business audits, risk monitoring, traceability analysis and other related operations on the sensitive traffic generated by these asset subjects. By doing so, a one-stop data security monitoring system is built, which helps users complete daily data security operation work in the three stages of pre-event, in-progress event and post-event, so as to achieve the goal of data security governance. As a standalone system, EFM can function as a full-link, full-traffic audit system. It captures, parses and identifies network transmission traffic, extracts sensitive data from the traffic, and differentiates and organizes sensitive content or sensitive files contained in the transmission process according to sensitive data identification rules or sensitive scenario identification strategies. It performs preventive detection and positioning for risky behaviors existing in the traffic, and traces data clues when security incidents such as data leakage occur.