“While the development of Internet of Things (IoT) makes life more convenient, it also amplifies network security threats,” said Mr. Liu Lizhu, General Manager of the Network Security, Switch and Enterprise Communications Product Line, Huawei. “Due to the lack of authentication and transmission encryption practices, 70% of IoT devices suffer from security vulnerability. This has the potential to result in security issues spreading to every corner of our lives. However, the deployment of IoT greatly increases the number of security attack targets, making IoT devices the springboard of APT attacks and target for botnet attacks.”
Huawei FireHunter Security Sandbox Products
Launched at the RSA Conference 2015, Huawei’s new FireHunter series of security sandboxes are designed to detect and defend against APT attacks using advanced malware to prevent them from penetrating enterprise networks. Equipped with reputation system and multilayer inspection technology, FireHunter security sandboxes can inspect over 180,000 files per day, reaching the industry’s fastest inspection speed at 1.5 times that of other products currently available. It is the only product of its kind in China, and one of three globally, that supports zero-day vulnerability detection for web pages. For example, one project that deployed Huawei’s security sandbox successfully detected 230 unknown threats within two months, 72 of which had never before been encountered in the industry.
Cyber-security Intelligent System
Huawei’s CIS system provides early warning and protection from APT attacks for enterprise networks. “APT attacks are very stealthy and often evade security detection. Hiding in the normal network accesses, APT attacks may remain undetected for a long time after successful penetration. During the latent period, APT attack malware will continue to spread until it has successfully stolen key information,” Mr. Liu Lizhu added.
Based on a big data platform, the CIS system conducts extensive correlation analysis of mass data including key traffic, logs, contexts, and external information to detect over 350 types of suspicious behavior, which is two times higher than the industry average. It then flags the infected targets in timely manner to prevent further APT attack penetration, and quickly and precisely traces the source, blocking and eliminating the APT attacks detected in the process.
Huawei USG6000V Software Firewall Series
In addition to hardware security devices, Huawei’s APT Big Data Security Solution is able to block and eliminate security threats on cloud, pipe, and devices using virtualized cross-platform software firewalls. The Huawei USG6000V series of software firewalls can be flexibly deployed on agile switches and agile routers based on service demands, providing security capabilities to all network element devices. Huawei USG6000V enables ubiquitous network security protection by integrating its comprehensive security functions with an Agile Controller or other Software-defined networking (SDN) controllers. By adopting Intel’s latest Data Plane Development Kit (DPDK) using Single Root I/O Virtualization (SR-IOV) technology and a HyperScan software pattern-matching engine, every Huawei USG6000V software firewall can provide up to 40 Gbps performance, five times the industry average.
Cloud Clean Alliance
At HNC 2015, Huawei announced that it will partner with companies including China Telecom and Qingsong Technology to establish the Cloud Clean Alliance. The alliance aims to establish a big data-based cloud Service on Chip (SoC) platform to synergize the anti-DDoS resources of telecom operators and large- and medium-sized Internet Data Centers (IDCs) worldwide to deliver real-time analysis and response to DDoS attacks. Once established, the Cloud Clean Alliance will provide a comprehensive global DDoS traffic cleaning service, benefitting end users, partners, and Huawei.