The most popular things that can not be ignored by

  • Detail

Dipu Technology: things that NGFW can't ignore

with the development of technology and the progress of corporate culture, in-depth integration, as the development needs of today's enterprises, has gone beyond the capacity of traditional firewalls. In order to meet the arrival of Web2.0 era, many manufacturers have launched next-generation firewall products. However, in recent years, network security has faced various threats and challenges. Under this background, IT168 network security channel invited Mr. zhuxiaokang, technical director of Depp technology security products, to explore the main needs of users for the next generation firewall and the development plan of the next generation firewall from the current situation and the future

zhuxiaokang, technical director of Depp technology security products

ngfw things that should not be ignored

according to the IDC industry white paper, the main features of the next generation firewall are divided into four parts, namely, intelligence, visualization, virtualization and collaboration. The next generation firewall products of dip technology are no exception. Zhuxiaokang also made a brief introduction to us from four aspects:

the intelligence of the next generation firewall of dip technology is mainly reflected in the following two parts:

as an independent protective device, the firewall has the function of brain. It can automatically identify various terminals through in-depth detection and analysis of various business interaction behaviors in the network Abnormal access to equipment and assets and correlation analysis are carried out to automatically form security policies, simplify user configuration, and realize active network security protection

as an important member of the Depp technology security defense system, the firewall not only plays the role of brain, but also provides the function of neuron. It feeds back the known security threats and various security risks found to the Depp technology situational awareness platform for visual display. At the same time, it also receives various security Threat Intelligence and linkage protection strategies returned from the situational awareness platform, and actively protects the business system in real time

in the face of new security challenges, Depp technology believes that visualization is the basic element of security protection, which can help users find security problems in time, and also visually reflect the security protection effect and the overall security status of the system. Through the next generation firewall of dip technology, users can intuitively understand the security threat trend, attack source, attack means, system security vulnerabilities and the actual protection effect of security equipment in the network from the perspective of operation and maintenance and management of the business system, and help users predict the system security vulnerabilities and implement defense measures in advance. At the same time, combined with the situational awareness platform, the protection status of firewalls and other security products can be visually displayed through big data association analysis and screening, so as to achieve the pre prediction, in-process protection and post traceability of security threats

cloud computing, as one of the main development trends, has developed very fast in recent years, and the next generation firewall is a relatively integrated product. Zhuxiaokang said that virtualization capability has always been the feature of Depp technology security products. Depp technology is the first manufacturer in the industry to propose a cloud security solution in the form of hardware. It virtualizes multiple independent hardware security devices into one security device through the original VSM (virtual switching matrix) technology, and then virtualizes the virtualized security devices into multiple independently running virtual security systems to build a large-scale cloud security resource pool. At the same time, in order to adapt to the cloud computing environment, the next generation firewall of dip technology also supports vxlan, evpn and other network features, which can easily realize the security requirements of virtual machine awareness and tenant isolation in cloud computing, and can be connected with openstack cloud management platform, effectively solving the security and management problems in the cloud computing environment

collaboration and linkage have been constantly mentioned in recent years, and in the next generation firewall, collaboration is no longer just a conceptual topic. Security products no longer exist in isolation and fight against attacks alone. The next generation firewall will usually build a cooperative working mechanism with other security defense systems in the IT system. Zhuxiaokang said that the vision of Depp technology is to make the network simpler, smarter and safer. Therefore, the product line is very broad, covering the fields of security, network and application delivery. There are not only NGFW, IPS, DDoS, WAF, flow control audit, vulnerability scanning and other traditional security products, but also security threat situation awareness, load balancing Since the combustion performance of polyurethane insulation core material fails to meet the standard, it cannot enter the market safety network and other products and solutions. Through real-time data sharing and strategic collaborative response among multiple products, a set of safety defense system with thinking ability is built, which breaks the limitations of independent operation and single point protection of various safety equipment in the traditional security architecture, and constructs a dynamic and active safety defense system

the large-scale management of threat intelligence is one of the main functions of NGFW. According to zhuxiaokang, Depp has a very rich product line. All kinds of products are widely used in operators, government, power, energy, finance, transportation, education, medical treatment, large enterprises and other industries. They are deployed in core network nodes such as operators' metropolitan areas, e-government backbone, education metropolitan areas, and have a deep understanding of the application of various industries, Have deep accumulation in Threat Intelligence

on the other hand, Dili's vehicles with magnesium components can be conditioned to accurately show the effect of energy saving. Pu technology also gets the shared vulnerability information, vulnerability early warning, threat notification and other intelligence information from major partners, domestic and foreign security organizations and other institutions. After obtaining the data source through the above ways, Depp technology uses the intelligent correlation algorithm to analyze the attack events from a large number of log data, and analyze the organized and purposeful targeted hacker attacks. By establishing a hacker portrait model for the attack source, it can accurately and continuously identify high-risk IP, and analyze the hacker tools, attack methods, attack process, attack scope and other dimensions, Analyze and identify the source of specific hackers, and show the geographical distribution, threat distribution, trend and other analysis data of attacker IP

facing malware

malware is a major problem faced by enterprises recently. In terms of the control of malware, Depp technology's next generation firewall can realize the detection and protection of malware. The expert team of Depp Technology Security Research Institute tracks the latest security threats in real time, and updates the latest security threat features on the next generation firewall to ensure that the equipment has security protection capabilities. The firewall will detect the security of the software in the software download phase, and find malicious software at the first time; For unknown malware, Depp technology will link the next generation firewall with the threat situation awareness platform if the security deployment length is insufficient. Through big data association analysis, attack path restoration, hacker portrait, Threat Intelligence and other technologies, it can predict the attack in advance, so as to achieve effective protection against malware

several killer maces of Depp technology are interpreted from multiple perspectives

at present, the next generation firewall market is not short of products. What are the killer maces of Depp technology's next generation firewall products that enable Depp technology's NGFW products to gain a place? Zhuxiaokang interpreted it from two dimensions: product function and product form

product function level: for example, security policy tightening and redundancy analysis can realize automatic deployment and in-depth optimization of firewall policy; One click troubleshooting intelligent operation and maintenance features; Security virtualization capability, self-service capability, threat traceability, dynamic protection, threat visualization and other characteristic functions can really help users to carry out better security operation and maintenance

product form: in addition to the traditional box type next generation firewall, Depp technology also provides distributed rack devices. The rack type equipment of dip technology can provide various functions of the next generation firewall with independent hardware boards. The performance and functions can be flexibly expanded, and the rich functions will not cause performance degradation. Therefore, in a sense, this rack type equipment is the real next generation firewall

face the challenge and meet the security needs

at the end of the interview, zhuxiaokang also briefly introduced the current network security development trend to us. He believed that the current network security situation has changed greatly compared with the past, and mainly faces the following four challenges:

virtual machine protection, tenant isolation, and security virtualization capabilities in the cloud computing environment need to be improved

how to change from single point and fragmented log and feature analysis to association behavior analysis through big data

how to predict and protect against new threats and new attack types in advance

with the increasing bandwidth and attack traffic, security products must have network level performance and cannot become a bottleneck

zhuxiaokang said that the design and planning of all security products of Depp technology, including the next generation firewall, are based on these aspects, so as to meet the security requirements under the new situation

Copyright © 2011 JIN SHI