In recent years, enterprises have gained momentum in the cloud, and they have started the mode of "cloud" driving "service". While enterprises enjoy the many conveniences brought by the cloud, the accompanying security problems are frightening.
The so-called "easy to build a website is also difficult to keep", the main security problems faced by enterprises are:
1) It's hard to see.
Business assets are not clearly sorted out, vulnerabilities are frequent, and the security status is difficult to see.
There are many types of security equipment, alarms are miscellaneous, and security threats are difficult to see.
2) Difficult to prevent.
Hacker attack methods are constantly escalating, and the offensive and defensive capabilities are not equal.
The number of new attack variants has increased, making it more difficult to protect against them.
3) Difficult to close the loop.
There is a lack of automated disposal methods, a lack of full-time security personnel, and an untimely response to security incidents.
There are many alarms, false positives are high, and it is difficult to trace the source of security incidents.
In order to solve the above problems, based on the integrated security concept of "network + security", China Mobile Smart Home Center has established a highly reliable, high-availability, and high-security cloud-network collaborative service security protection solution. By attaching security capabilities such as scanning, monitoring, and protection to cloud nodes, and relying on the advantages of China Mobile's network resources, it intelligently dispatches traffic to the nearest node for security inspection, intercepts abnormal traffic, and returns normal traffic to the service server in a timely manner, realizing the whole process of closed-loop processing of "event discovery, risk analysis, early warning management, and emergency response and disposal", creating a safe and low-latency access and protection experience. Help enterprises achieve business systems that are not controlled, attack threats are unreachable, and network assets are agnostic.
Currently, the solution has been applied to the following scenarios:
1) 0day bug fix.
The 0-day vulnerability is a major security threat to the business, and attackers can use the 0-day vulnerability to invade web servers, obtain sensitive business information, and even paralyze business systems. The solution provides automatic 0-day vulnerability protection services, and the professional security operation team issues virtual patches as soon as possible, quickly updates rules, and effectively defends against attacks.
2) Prevent data leakage.
For business gains, attackers will invade the enterprise's database and steal sensitive information through SQL injection, Trojan horses, and other means. Based on the multi-engine linkage analysis capability, the solution can accurately identify attack traffic, detect and protect the leakage of sensitive information such as ID cards, bank cards, mobile phone numbers, and sensitive words, and ensure data security.
3) Anti-CC attack.
*CC attacks may cause slow business response or failure to provide services to the outside world, affecting normal customer access. The solution can accurately judge and block malicious CC attacks through flexible IP rate limiting and access frequency control policies to ensure the normal operation of server services.
4) Anti-crawler and anti-brush.
Malicious crawlers not only cause data leaks, but also put pressure on business systems. According to the requirements of actual business scenarios, the solution prevents and controls the crawler risks of various types of web services, accurately identifies malicious crawlers, business interface brushing and other behaviors, and helps enterprises prevent and control business cheating and wool picking.
5) Prevention of illegal information infringement.
Web page tampering is a serious cybersecurity threat that can lead to damage to corporate image, user data leakage, and even violations of laws and regulations. The solution uses machine learning algorithm models to monitor and alert businesses for illegal content such as pornography, gambling, drugs, and violence, reducing content compliance risks.
At present, China Mobile's cloud-network collaborative business security protection solution has been applied to different security demand scenarios in different industries such as education, medical care, and e-commerce, and has successfully completed the guarantee task in national network attack and defense exercises for many times. Up to now, it has served more than 7,000 application systems, and the security capability has been called more than 28 trillion times, and the total number of attacks intercepted reached 7500 million times. In the future, China Mobile will continue to consolidate its basic security capabilities, empower more enterprises, and help enterprises stay safe and secure in the cloud.