构建智能ICT基础设施安全主动防御体系

构建智能ICT基础设施安全主动防御体系Buildanintelligentproactivesecurityprotectionsystem

forICT

infrastructure60%23万亿$风险丛生效率提升Increased

efficiency到2025年，智能联接会撬动23万亿美元的机会By2025,smartconnectionswillcreateopportunitiesworthUSD23

trillion.到2020年，60%的数字化公司将遭遇重大的服务故障By2020,60%ofdigitalcompanieswillencountermajorservice

faults.Considerable

risks电力电网智能化Smart

grid电表、工作站成为攻击入口Electricalmetersand

workstationsasattackentry

points提升投资效率ROI

improvement入侵入口增加Increasedintrusion

entrypoints新技术融合Convergenceof

newtechnologies互联网业务引入新风险Newrisksbroughtby

Internetservices优化城市治安Heightenedcity

security摄像头非法控制Unauthorizedcamera

control关键ICT基础设施面临前所未有的安全挑战CriticalICTinfrastructureisfacing

unprecedentedsecurity

challenges.5G网络提速Network

acceleration海量终端访问控制Accesscontrolovernumerous

terminalsElectric

Power电信Telecom交通Transportation平安城市Safe

City16年10月，Mirai攻陷了超过200万台摄像头等IoT设备，导致美国大面积断网。物联网终端2020年将达200亿，如何避免成为黑客利用对象？InOctober2016,Miraiinfectedover2millionIoTdevices,especiallysecuritycameras.Asaresult,thenetworkfailedtoprovideservicesinmostareasoftheUS.By2020,therewillbe

20

billion IoTterminals.Howcanwepreventhackersfromexploitingthese

terminals?InOctoberandNovember2017,thee-governmentcloudsofmultipleprovinceswereinfectedwithminingTrojanhorses,andthee-governmentservicewasunavailableforseveralhours.This

newtypeofattackaimstostealsystemresourcesandgaindigitalcurrency,substitutingfordatatheftand

extortion.17年10月-11月，多省政务云被挖矿木马感染，导致电子政务业务中断长达数小时。这种新型攻击形态以窃取系统资源并赚取数字货币为目的，取代了以往的攻击手段。交通Transportation制造Manufacturing政府Government金融Finance能源Energy平安城市Safe

city云计算 5G IoTCloud

computing

5G IoT电信Telecom如何保障ICT基础设施的安全HowtoensureICTinfrastructure

security问题一：安全是独立于ICT基础设施的存在吗？Question1:IssecurityindependentofICT

infrastructure?@制造台积电勒索软件事件TSMCransomware

incident思考：这种问题安全体系若孤立存在，如何面对？Thinking:Howcanwedealwithsuchissuesifthesecuritysystemis

separate?H

O

W

?8月3日午夜，位于新竹科学园区的12英寸晶圆厂和营运总部因电脑遭遇病毒而生产线停摆，几小时之后，其他园区也遭遇同样情况Atmidnight

onAugust

3,2018,

the

12-inch

wafer

plant

and

operations

headquarters

in

the

HsinchuScience

Park

suffereda

computer

virusattack,

andthe

productionlinegroundtoahalt.Severalhourslater,thesamesituationoccurredinother

campuses.8月6日下午，台积电确认该公司此次遭遇的病毒为“WannaCry”，损失超10亿元RMBIntheafternoonofAugust6,TSMCconfirmedthattheviruswasWannaCryandthelossexceededCNY1

billion.FW/IPSFW/IPS工业园区Industrial

park新加入电脑Newlyconnected

computer·@政府思考：单个摄像头被暴力破解容易防备，若

1万个摄像头分别被尝试登陆5次，如何发现并防御？平安城市摄像头被暴力破解Bruteforcecrackingofsafecity

camerasThinking:Itisrelativelyeasytopreventthebruteforcecrackingofasinglecamera,buthowcanwedetect

andpreventmalicioususersmaking5consecutiveloginattemptstoeachof10,000cameras?H

O

W

?…问题二：安全产品兢兢业业、各司其职，是不是就可以了？Question2:Isitsecureifsecurityproductsallfunctionproperlyandfulfilltheir

roles?防火墙AntiDDoS入侵防御WEB应用防火墙终端安全FirewallAntiDDoSIPSWAFTerminal

security@交通公路收费网络在“完备”的保护下被入侵Intrusionintoahighwaytollnetworkwithadequate

protectionThinking:Thesecuritysystemdiscoveredtheintrusionbutfailedtohandleitpromptly.

Howcanweresolvethis

issue?H

O

W

?思考：安全大脑发现了入侵行为，却错过了处置时机，何解？全网威胁监控Network-widethreat

awareness一卡通Smart

card公众出行服务Public

transportationservice视频监控Video

surveillance收费Billing管理Management办公系统Office

system问题三：有一个智能的安全大脑是否就够了？Question3:Isitsufficienttohaveanintelligentsecurity

system?@金融银行：打造智能安全大脑的成本有多高？Bank:Howmuchdoesitcosttobuildanintelligentsecurity

system?Thinking:Whatcanwedogiventhatthehighcostof

buildinganintelligentsecuritysystemhindersits

popularity?H

O

W

?思考：这么高的智能安全大脑打造成本阻碍了它的普及，怎么办？金融全网安全分析平台DC分行BranchInternet全网探针，高额的投入Networkprobe,high

investmentFinancialnetwork-wide

securityanalysis

platform办公区Office与ICT基础设施充分配合，业务驱动云上和云下智能联动，集中智能和边缘智能配合基于软件定义的安全产品间动态配合，开放架构基于软件定义安全（SDSec）解决方案架构的HiSec华为智能安全解决方案HuaweiIntelligentSecuritySolution(HiSec)basedonSoftware-DefinedSecurity(SDSec)

ArchitectureOn-andoff-cloudintelligentlinkage,

centralizedintelligence&edge

intelligenceFullcollaborationwithICT

infrastructure,business-drivenDynamiccollaborationbetween

software-definedsecurityproducts,open

architecture本地智能

Local

intelligence分析器CISFireHunter5GIoT云端智能Cloud

intelligence控制器SecoManagerAgile

ControllerSwitchRouterWIFIAntiDDoSIPS边缘智能

Edge

intelligencePCWAFFirewall平安城市

Safe

city云计算

Cloud

computingAnalyzerController华为云EIHuaweiCloud

EI联动处置④联动网络执行单元NGFWSecoManager安全·控··制器

vNGFW③联动安全执行单元②安全威胁事件分析网络控制器···Switch vSwitch⑤安全隔离策略执行①安全威胁数据采集通过安全与ICT基础设施的配合，优雅地解决“台积电”难题Effectivelyresolvingissuessimilartothoseencounteredby

TSMCthroughthecooperationofsecurityandICT

infrastructure威胁扩散范围从区域边界降低为主机边界Threatspreadscopedecreasedfromtheareabordertothehost

border威胁响应能力从安全孤岛升级为联合战线Threatresponsivenessupgradedfrom

securityislandstojoint

frontsEDR控制中心EEEEEEEDR客户端信息收集上送终端处置策略下发CIS日志采集器感染范围分析安全威胁事件分析EDR联动FireHunter

沙箱调 联查 动取 处证 置通过安全分析大脑和不同厂商终端安全产品的配合，快速地应对高级安全风险Quicklyrespondingtoadvancedsecurityrisksthroughcollaborationbetweenthesecurityanalysissystemandmulti-vendorsecurity

products1 终端威胁调查取证Terminalthreatinvestigationandevidence

collection2 终端威胁事件溯源Terminalthreateventsourcetracing3 终端威胁联动响应Terminalthreatjoint

response4 终端威胁可视化Terminalthreat

visualizationEE边缘智能安全网关部署高级安全分析能力边缘智能安全网关将通信压力分散到了边缘节点，减少实时数据传输Capex

80%90%带宽占用1s威胁检测时间Firewall10sTheedgeintelligencesecuritygatewaysupportsadvancedsecurityanalysis.Theedgeintelligencesecuritygatewaydistributescommunicationtraffic

toedgenodes,reducingreal-timedata

transmission.边缘智能和云端智能深度联动，提升边缘安全网关威胁检测能力Edgeintelligenceandcloudintelligencecollaboratecloselyto

improvethethreatdetectioncapabilityoftheedgeintelligencesecurity

gateway.Threatdetection

timeBandwidth

usage数据同步Data

synchronization控制管理Controla