构建智能ICT基础设施安全主动防御体系

1、构建智能ICT基础设施安全主动防御体系Build an intelligent proactive security protection system forICT infrastructure60%23万亿$风险丛生效率提升Increased efficiency到2025 年，智能联接会撬动23万亿美元的机会By 2025, smart connections will create opportunities worth USD 23 trillion.到2020年，60%的数字化公司将遭遇重大的服务故障By 2020, 60% of digital companies will en

2、counter major service faults.Considerable risks电力电网智能化Smart grid电表、工作站成为攻击入口 Electrical meters and workstations as attack entry points提升投资效率ROI improvement入侵入口增加Increased intrusion entrypoints新技术融合 Convergence of new technologies互联网业务引入新风险New risks brought by Internetservices优化城市治安Heightened city se

3、curity摄像头非法控制Unauthorized camera control关键ICT基础设施面临前所未有的安全挑战Critical ICT infrastructure is facing unprecedentedsecurity challenges.5G网络提速Network acceleration海量终端访问控制 Access control over numerous terminalsElectric Power电信Telecom交通Transportation平安城市Safe City16年10月，Mirai攻陷了超过200万台摄像头等IoT设备，导致美国大面积断网。物联

4、网终端2020年将达200亿，如何避免成为黑客利用对象？In October 2016, Mirai infected over 2 million IoT devices, especially security cameras. As a result, the network failed to provide services in most areas of the US. By 2020, there will be 20 billionIoT terminals. How can we prevent hackers from exploiting these terminals

5、?In October and November 2017, the e-government clouds of multiple provinces were infected with mining Trojan horses, and the e-government service was unavailable for several hours. This newtype of attack aims to steal system resources and gain digital currency, substituting for data theft and extor

6、tion.17年10月-11月，多省政务云被挖矿木马感染，导致电子政务业务中断长达数小时。这种新型攻击形态以窃取系统资源并赚取数字货币为目的，取代了以往的攻击手段。交通Transportation制造Manufacturing政府Government金融Finance能源Energy平安城市Safe city云计算5GIoTCloud computing 5GIoT电信Telecom如何保障ICT基础设施的安全How to ensure ICT infrastructure security问题一：安全是独立于ICT基础设施的存在吗？Question 1: Is security indepe

7、ndent of ICT infrastructure?制造台积电勒索软件事件TSMC ransomware incident思考：这种问题安全体系若孤立存在，如何面对？Thinking: How can we deal with such issues if the security system is separate?H O W ?8月3日午夜，位于新竹科学园区的12英寸晶圆厂和营运总部因电脑遭遇病毒而生产线停摆，几小时之后，其他园区也遭遇同样情况At midnight on August 3, 2018, the 12-inch wafer plant and operations h

8、eadquarters in the Hsinchu Science Park suffered a computer virus attack, and the productionline ground to a halt. Several hours later, the same situation occurred in other campuses.8月6日下午，台积电确认该公司此次遭遇的病毒为“WannaCry”，损失超10亿元RMBIn the afternoon of August 6, TSMC confirmed that the virus was WannaCry a

9、nd the loss exceeded CNY 1 billion.FW/IPSFW/IPS工业园区Industrial park新加入电脑Newly connected computer政府思考：单个摄像头被暴力破解容易防备，若 1万个摄像头分 别被尝试登陆5次，如何发现并防御？平安城市摄像头被暴力破解Brute force cracking of safe city camerasThinking: It is relatively easy to prevent the brute force cracking of a single camera, but how can we de

10、tect andprevent malicious users making 5 consecutive login attempts to each of 10,000 cameras?H O W ?问题二：安全产品兢兢业业、各司其职，是不是就可以了？Question 2: Is it secure if security products all function properly and fulfill their roles?防火墙AntiDDoS入侵防御WEB应用防火墙终端安全FirewallAntiDDoSIPSWAFTerminal security交通公路收费网络在“完备”的保

11、护下被入侵Intrusion into a highway toll network with adequate protectionThinking: The security system discovered the intrusion but failed to handle it promptly. Howcan we resolve this issue?H O W ?思考：安全大脑发现了入侵行为，却错过了处置时机，何解？全网威胁监控Network-widethreat awareness一卡通Smart card公众出行服务Public transportation servic

12、e视频监控Video surveillance收费Billing管理Management办公系统Office system问题三：有一个智能的安全大脑是否就够了？Question 3: Is it sufficient to have an intelligent security system?金融银行：打造智能安全大脑的成本有多高？Bank: How much does it cost to build an intelligent security system?Thinking: What can we do given that the high cost of building a

13、n intelligent security system hinders its popularity?H O W ?思考：这么高的智能安全大脑打造成本阻碍了它的普及，怎么办？金 融 全 网 安 全 分 析 平台DC分行BranchInternet全网探针，高额的投入Network probe, high investmentFinancial network-wide security analysis platform办公区Office与ICT基础设施充分配合，业务驱动云上和云下智能联动，集中智能和边缘智能配合基于软件定义的安全产品间动态配合，开放架构基于软件定义安全（SDSec） 解决

14、方案架构的HiSec华为智能安全解决方案Huawei Intelligent Security Solution (HiSec) based on Software-Defined Security (SDSec) ArchitectureOn- and off-cloud intelligent linkage, centralizedintelligence & edge intelligenceFull collaboration with ICT infrastructure,business-drivenDynamic collaboration between software-d

15、efinedsecurity products, open architecture本地智能 Local intelligence分析器CISFireHunter5GIoT云端智能 Cloud intelligence控制器SecoManager Agile ControllerSwitchRouterWIFIAntiDDoSIPS边缘智能 Edge intelligencePCWAFFirewall平安城市 Safe city云计算 Cloud computingAnalyzerController华为云EIHuawei Cloud EI联动处置联动网络执行单元NGFWSecoManager

16、安全控制器 vNGFW联动安全执行单元安全威胁事件分析网络控制器SwitchvSwitch安全隔离策略执行安全威胁数据采集通过安全与ICT基础设施的配合，优雅地解决“台积电”难题Effectively resolving issues similar to those encountered by TSMCthrough the cooperation of security and ICT infrastructure威胁扩散范围从区域边界降低为主机边界Threat spread scope decreased from the area border to the host border威

17、胁响应能力从安全孤岛升级为联合战线Threat responsiveness upgraded from security islands to joint frontsEDR控制中心EEEEEEEDR客户端信息收集上送终端处置策略下发CIS日志采集器感 染 范 围 分 析安全威胁事件分析EDR联动FireHunter 沙箱调联查动取处证置通过安全分析大脑和不同厂商终端安全产品的配合， 快速地应对高级安全风险Quickly responding to advanced security risks through collaboration between the security analy

18、sis system and multi- vendor security products1终端威胁调查取证Terminal threat investigation and evidence collection2终端威胁事件溯源Terminal threat event source tracing3终端威胁联动响应Terminal threat joint response4终端威胁可视化Terminal threat visualizationEE边缘智能安全网关部署高级安全分析能力边缘智能安全网关将通信压力分散到了边缘节点，减少实时数据传输Capex80%90%带宽占用1s威胁检测

19、时间Firewall10sThe edge intelligence security gateway supports advanced security analysis.The edge intelligence security gateway distributes communication traffic toedge nodes, reducing real-time data transmission.边缘智能和云端智能深度联动，提升边缘安全网关威胁检测能力Edge intelligence and cloud intelligence collaborate closely

20、 to improvethe threat detection capability of the edge intelligence security gateway.Threat detection timeBandwidth usage数据同步Data synchronization控制管理Control and management边缘智能Edge intelligence实时采集、实时分析、实时控制Real-time collection, analysis, and control通过边缘智能安全网关的部署，低成本地引入全网智能Introducing Network-Wide In

21、telligence in a Cost-Effective Manner by Deploying the Edge Intelligence Security Gateway智能创“芯”融合IntelligentInnovativeConvergedUSG6000E系列（共25款）USG6000E series (25 models in total)创新VNF架构，可融合第三方安全能力Innovative VNF architecture3rdparty security capabilities can be integrated全新自研加速芯片，性能提升至业界2倍New Huawei-developed acceleration chip Performance 2x higher than the industry average基于AI技术的高级威胁检测，检出率大于