SHAPE Integrated Security in

The Cloud

CNBG/SP

Bobby Zhou

2

1.0 Born in Cloud2.0Grow from CloudCloud

Rise of vertical industry clouds

• Internet Applications

• Agility, Innovation, Experience

• Mind Shift，Innovative business and Operation Model

• Embrace the cloud，Into the Cloud

To 2020, vertical cloud market growth compound rate 12.3%

3

Service-driven Planning

Hybrid Cloud Infra. Integration

(Secure & Reliable)

Agile PaaSIntegration

Proven Business Migration

Efficient Facility Integration

Telco Tiered Data Centers

Huawei DC Integration Solutions，Remodeling（S.H.A.P.E.）Cloud Business

Simplicity & Efficiency

IT Cloud

Rich & Competitive service

B2B Cloud

Telco Cloud

Optimal user experience

Unified Cloud Management Platform (CMP)

Edge DCs Regional DCs Core DCs3rd partyPublic Cloud

4

APT

APT : Advanced Persistent Threat (2006, Colonel Greg Rattray, USAF)

Security top concern for cloud adoptionThreats Everywhere Attacks Complicating

253%Attack Growth Rate

TOP2Focus by CIO in consecutive 5 years

50%APT target at ISP, Gov, FSI

Network

System Infra

Virtualization

VM

Apps0-day

PhishingTrojanVirus

DDoS……

SmartPhone, 2004

Cloud, 2010

IoT, 2016

2016，APT attack multi banks, loss > $100M

ForgeryPhishing

BotnetFileless

Ransom……

Source: IDC, KPMG 2016

87.5%

41%

28%

Top Challenge

Top priority for Telcos

Major security incident over last 2 years

5

Traditional Defense

Vuln .Worm

SpamSpyware Malwar

e

Web ThreatsP iphing

APT Mobi le/ IOTand C loud Or iented

Known Threats Unknown Threats

On premise/Static

NG Cloud Security Defense: Service-lized、Intelligent、Collaborative

Boundary in depth

Secur i ty HW/SW End Po int、Networkand C loud

Point Solution

Cloud-ification

Collaborative

SDSec, OrchestrationDistributed & Dynamic

Orchestration

Speedy Release

Detection Prevention Response

Intelligent situation awareness

Collaborative, intelligent defense

From“Static, standalone, known threats defense ”to“dynamic, collaborative, unknown threat defense”

6

Security Integration Capability

C-SMART Test Platform• 12+ attack modeling、

test cases、script library

Huawei HiCloud CMP• Integrate devices

from 20+Security vendors

Huawei IT security KB• 10+ security control models• Multi-dimension analysis

model

Security Consultancy & Design

Intelligent Security Management

Regulatory Compliance

Secaas Integration

International/Domestic lawIndustry Regulation

Security Mgmt Platform IntegrationPlatform Security Tenant Security

HiCloud CMP

MV Security Prd. Integration

FW WAF

……

DLP

Auto-collaboration<60sec response

26 SecaasDeploy in a minuteAPT

Detection

Prevent

Response

Predict

Intel-Analytics

Security Infra.

Professional and Ease of use Secaas

Infra security VM Security

App Security

Data SecuritySec. Mgmt

IAMHypervisor

security

7

防火墙 VPN WAF IPS AntiDDoS

Awareness

Analysis

Log, Report

Awareness• Big data analytic situation

awareness

• 12 Secaas, self-service

• Security market space，

100+ on-demand security

service

In-depth• 100+ DDoS attack types

• Full-stack multi-layer,

multi-dimension security

architecture

Certifications• 10+ security certifications

for industry compliance

①

②

③

8

• Real-time Situation awareness and predication

• 99% accuracy，intuitive and configurable rule builder

• Automated security device collaboration，<60s response

• Intelligent Optimized detection models and protection policies

Huawei Global Threat Intelligent Center

CyberSecurity Intelligent System (CIS)

Behavioral Analysis

Machine Learning

Big DataAnalytics

Defense device Collaboration

Security Infrastructure

9

26 Secaas，Self-service portalPartners

Service Catalogue

Service Orchestrati

on

Security Infrastructu

re

Firewall DLP Vuln. ScanWAF Awareness

……

EPP

Security ResourcesCloud Resources

Cloud DC

WAN

HiCloud Cloud Mgmt Platform (CMP)

10

Master：Source Code Security analyzer

Risker：Fuzz Testing

Scanner：Vulnerability Scanning

Troublemaker：Penetration Test

Automata：automated security testing

Compass：Security Testing Framework

Know

n Vulnerab

ilityU

nknown V

ulnerability

C-SMART Platform• Build trusted cloud platform at software

component level and solution level• Complete security management life-

cycle• Enable efficient cloud application

security testing with fully automated testing procedure

Customer Value

Key Capabilities• 12+ Security KB，including Test cases,

attack PoC、scripts library• 40+ security testing tools，including

Redline scan、source code analyzer、Fuzz tool

• CLOUD OPEN LAB，integrated 57+ mainstream security products

11

10,000+Product vendors

1,000,000+Certified Business Use Cases

500+Vendor Certifications

350+Huawei Products

12

To compliant EU data and privacy protection laws/regulations

828 Security and Privacy

Protection Enhancement sOpenTelekomCloud

withDeutscheTelekom

13

Thanks !