Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
SHAPE Integrated Security in
The Cloud
CNBG/SP
Bobby Zhou
2
1.0 Born in Cloud2.0Grow from CloudCloud
Rise of vertical industry clouds
• Internet Applications
• Agility, Innovation, Experience
• Mind Shift,Innovative business and Operation Model
• Embrace the cloud,Into the Cloud
To 2020, vertical cloud market growth compound rate 12.3%
3
Service-driven Planning
Hybrid Cloud Infra. Integration
(Secure & Reliable)
Agile PaaSIntegration
Proven Business Migration
Efficient Facility Integration
Telco Tiered Data Centers
Huawei DC Integration Solutions,Remodeling(S.H.A.P.E.)Cloud Business
Simplicity & Efficiency
IT Cloud
Rich & Competitive service
B2B Cloud
Telco Cloud
Optimal user experience
Unified Cloud Management Platform (CMP)
Edge DCs Regional DCs Core DCs3rd partyPublic Cloud
4
APT
APT : Advanced Persistent Threat (2006, Colonel Greg Rattray, USAF)
Security top concern for cloud adoptionThreats Everywhere Attacks Complicating
253%Attack Growth Rate
TOP2Focus by CIO in consecutive 5 years
50%APT target at ISP, Gov, FSI
Network
System Infra
Virtualization
VM
Apps0-day
PhishingTrojanVirus
DDoS……
SmartPhone, 2004
Cloud, 2010
IoT, 2016
2016,APT attack multi banks, loss > $100M
ForgeryPhishing
BotnetFileless
Ransom……
Source: IDC, KPMG 2016
87.5%
41%
28%
Top Challenge
Top priority for Telcos
Major security incident over last 2 years
5
Traditional Defense
Vuln .Worm
SpamSpyware Malwar
e
Web ThreatsP iphing
APT Mobi le/ IOTand C loud Or iented
Known Threats Unknown Threats
On premise/Static
NG Cloud Security Defense: Service-lized、Intelligent、Collaborative
Boundary in depth
Secur i ty HW/SW End Po int、Networkand C loud
Point Solution
Cloud-ification
Collaborative
SDSec, OrchestrationDistributed & Dynamic
Orchestration
Speedy Release
Detection Prevention Response
Intelligent situation awareness
Collaborative, intelligent defense
From“Static, standalone, known threats defense ”to“dynamic, collaborative, unknown threat defense”
6
Security Integration Capability
C-SMART Test Platform• 12+ attack modeling、
test cases、script library
Huawei HiCloud CMP• Integrate devices
from 20+Security vendors
Huawei IT security KB• 10+ security control models• Multi-dimension analysis
model
Security Consultancy & Design
Intelligent Security Management
Regulatory Compliance
Secaas Integration
International/Domestic lawIndustry Regulation
Security Mgmt Platform IntegrationPlatform Security Tenant Security
HiCloud CMP
MV Security Prd. Integration
FW WAF
……
DLP
Auto-collaboration<60sec response
26 SecaasDeploy in a minuteAPT
Detection
Prevent
Response
Predict
Intel-Analytics
Security Infra.
Professional and Ease of use Secaas
Infra security VM Security
App Security
Data SecuritySec. Mgmt
IAMHypervisor
security
7
防火墙 VPN WAF IPS AntiDDoS
Awareness
Analysis
Log, Report
Awareness• Big data analytic situation
awareness
• 12 Secaas, self-service
• Security market space,
100+ on-demand security
service
In-depth• 100+ DDoS attack types
• Full-stack multi-layer,
multi-dimension security
architecture
Certifications• 10+ security certifications
for industry compliance
①
②
③
8
• Real-time Situation awareness and predication
• 99% accuracy,intuitive and configurable rule builder
• Automated security device collaboration,<60s response
• Intelligent Optimized detection models and protection policies
Huawei Global Threat Intelligent Center
CyberSecurity Intelligent System (CIS)
Behavioral Analysis
Machine Learning
Big DataAnalytics
Defense device Collaboration
Security Infrastructure
9
26 Secaas,Self-service portalPartners
Service Catalogue
Service Orchestrati
on
Security Infrastructu
re
Firewall DLP Vuln. ScanWAF Awareness
……
EPP
Security ResourcesCloud Resources
Cloud DC
WAN
HiCloud Cloud Mgmt Platform (CMP)
10
Master:Source Code Security analyzer
Risker:Fuzz Testing
Scanner:Vulnerability Scanning
Troublemaker:Penetration Test
Automata:automated security testing
Compass:Security Testing Framework
Know
n Vulnerab
ilityU
nknown V
ulnerability
C-SMART Platform• Build trusted cloud platform at software
component level and solution level• Complete security management life-
cycle• Enable efficient cloud application
security testing with fully automated testing procedure
Customer Value
Key Capabilities• 12+ Security KB,including Test cases,
attack PoC、scripts library• 40+ security testing tools,including
Redline scan、source code analyzer、Fuzz tool
• CLOUD OPEN LAB,integrated 57+ mainstream security products
11
10,000+Product vendors
1,000,000+Certified Business Use Cases
500+Vendor Certifications
350+Huawei Products
12
To compliant EU data and privacy protection laws/regulations
828 Security and Privacy
Protection Enhancement sOpenTelekomCloud
withDeutscheTelekom
13
Thanks !