Border Protection and Response

**Table 1** Specifications
Level-1 Category	Level-2 Category	Item	Description
Management	Security situation dashboard	Compromised asset situation	Includes the compromised host trend, compromised host distribution, compromise event blocking rate, latest compromise events, top compromised hosts, top compromise types, and top compromise events.
		Basic security event situation	Includes the attack location, average threat detection duration, blocking rate, top attack types, latest threat events, and number of special events.
		External attack source situation	Includes the external attack source trend, attack source distribution, external attack blocking rate, latest external attacks, top attack sources, attack assets, and attack types.
	Periodic security report	Periodic security report	Sends security service reports to users' subscription mailboxes by week or month. Security service reports enable customers to clearly understand the following information: Overview of security service. Threat prevention times and trend. Number and details of compromised hosts. Number and trend of external attack sources. Number and trend of malicious files. Supports statistics collection of application access based on the source IP addresses, access time, and application distribution, and provides statistical analysis reports by week or month. Allows users to view and preview historical security reports. Allows users to download reports.
	Security zone management	Security zone status management	Monitors the security zone status and checks whether physical connections in the security zone are reversely connected. Sets trust labels for security zones.
	MSSP	MSSP-managed O&M	Creates an agency relationship for security services on the user O&M platform and creates roles (such as administrators and auditors) with different operation permissions for the delegated parties. After the agency relationship is established, the delegated party can check and handle security threat events.
		MSSP security dashboard	Displays threats for tenants managed by the MSSP.
		MSSP ticket transfer	Transfers tenants' tickets to the MSSP for analysis and handling.
Protection	Qiankun Shield/Firewall threat prevention	Malware protection	Supports multi-level protection technologies, detects multiple types of malicious code carriers, and updates the antivirus database in real time to cover popular high-risk malware. Note: Devices of 1 U high and desktop devices support a virus database containing 5 million viruses and 3 million viruses, respectively.
		Defense against botnets, Trojan horses, and worms	Supports precise role identification based on the botnet topology analysis technology; identifies 500+ botnets as well as 1000+ worms and Trojan horses.
		Service awareness	Identifies over 6000 applications and covers all mainstream application protocols.
		Web category	Supports a web category database with more than 120 million websites to regulate access behaviors and prevent malicious websites from attacking enterprise networks.
		Intrusion prevention	Supports attack detection technologies based on vulnerability and behavior analysis, anti-evasion technologies based on content restoration in context, a signature database containing more than 12,000 signatures, and automatic signature database update. Devices of 1 U high and desktop devices support a signature database containing 12,000 and 5000 signatures, respectively. Both of them support botnet detection and application server protection.
Response	Manual blocking	Manual blocking	Manually blocks the attack source based on the detected external attack source events.
	Automatic threat blocking	Automatic blocking of external attack sources	Accurately identifies external high-risk attack sources and automatically blacklists them to prevent subsequent attacks.
	Automatic threat blocking	Automatic blocking of malicious domain names	Automatically blocks malicious domain names based on DNS filtering to block the access of hosts on the user network to malicious domain names.
	Emergency security notification	SMS notification	Supports emergency notifications via SMS to notify users of threat events and provides timely response guidance.
		Email notification	Supports emergency notifications via email to notify users of threat events and provides timely response guidance.
		Alarm templates	Enables operations personnel to customize alarm templates for critical alarms that need to be sent to users.
	Blacklist and whitelist	Domain name blacklist	Configures a domain name blacklist to block access of hosts on the user network to malicious domain names.
		Device blacklist	Allows users to set blacklists to quickly block threat attack sources. Allows users to view historical device blacklists. Supports one-click clearance.
		Protected network segment	Supports association with protected network segments to protect existing services from being incorrectly blocked.
		Tenant global whitelist	Allows tenants to set a global whitelist to protect existing services and prevent them from being incorrectly blocked.
		Device whitelist	Allows tenants to set device whitelists to protect existing services. Content security detection will not be performed on whitelisted addresses.
Analysis	Special event analysis	Compromised hosts	Performs automatic aggregation as well as quick analysis and handling based on compromised hosts.
		External attack sources	Supports automatic aggregation by external attack sources, and performs quick analysis and handling by external attack sources. Exports external attack sources.
		Malicious files	Performs automatic aggregation as well as quick analysis and handling based on malicious files.