Border Protection and Response
Level-1 Category |
Level-2 Category |
Item |
Description |
---|---|---|---|
Management |
Security situation dashboard |
Compromised asset situation |
Includes the compromised host trend, compromised host distribution, compromise event blocking rate, latest compromise events, top compromised hosts, top compromise types, and top compromise events. |
Basic security event situation |
Includes the attack location, average threat detection duration, blocking rate, top attack types, latest threat events, and number of special events. |
||
External attack source situation |
Includes the external attack source trend, attack source distribution, external attack blocking rate, latest external attacks, top attack sources, attack assets, and attack types. |
||
Periodic security report |
Periodic security report |
Sends security service reports to users' subscription mailboxes by week or month. Security service reports enable customers to clearly understand the following information:
Supports statistics collection of application access based on the source IP addresses, access time, and application distribution, and provides statistical analysis reports by week or month.
|
|
Security zone management |
Security zone status management |
|
|
MSSP |
MSSP-managed O&M |
Creates an agency relationship for security services on the user O&M platform and creates roles (such as administrators and auditors) with different operation permissions for the delegated parties. After the agency relationship is established, the delegated party can check and handle security threat events. |
|
MSSP security dashboard |
Displays threats for tenants managed by the MSSP. |
||
MSSP ticket transfer |
Transfers tenants' tickets to the MSSP for analysis and handling. |
||
Protection |
Qiankun Shield/Firewall threat prevention |
Malware protection |
Supports multi-level protection technologies, detects multiple types of malicious code carriers, and updates the antivirus database in real time to cover popular high-risk malware. Note: Devices of 1 U high and desktop devices support a virus database containing 5 million viruses and 3 million viruses, respectively. |
Defense against botnets, Trojan horses, and worms |
Supports precise role identification based on the botnet topology analysis technology; identifies 500+ botnets as well as 1000+ worms and Trojan horses. |
||
Service awareness |
Identifies over 6000 applications and covers all mainstream application protocols. |
||
Web category |
Supports a web category database with more than 120 million websites to regulate access behaviors and prevent malicious websites from attacking enterprise networks. |
||
Intrusion prevention |
Supports attack detection technologies based on vulnerability and behavior analysis, anti-evasion technologies based on content restoration in context, a signature database containing more than 12,000 signatures, and automatic signature database update. Devices of 1 U high and desktop devices support a signature database containing 12,000 and 5000 signatures, respectively. Both of them support botnet detection and application server protection. |
||
Response |
Manual blocking |
Manual blocking |
Manually blocks the attack source based on the detected external attack source events. |
Automatic threat blocking |
Automatic blocking of external attack sources |
Accurately identifies external high-risk attack sources and automatically blacklists them to prevent subsequent attacks. |
|
Automatic blocking of malicious domain names |
Automatically blocks malicious domain names based on DNS filtering to block the access of hosts on the user network to malicious domain names. |
||
Emergency security notification |
SMS notification |
Supports emergency notifications via SMS to notify users of threat events and provides timely response guidance. |
|
Email notification |
Supports emergency notifications via email to notify users of threat events and provides timely response guidance. |
||
Alarm templates |
Enables operations personnel to customize alarm templates for critical alarms that need to be sent to users. |
||
Blacklist and whitelist |
Domain name blacklist |
Configures a domain name blacklist to block access of hosts on the user network to malicious domain names. |
|
Device blacklist |
|
||
Protected network segment |
Supports association with protected network segments to protect existing services from being incorrectly blocked. |
||
Tenant global whitelist |
Allows tenants to set a global whitelist to protect existing services and prevent them from being incorrectly blocked. |
||
Device whitelist |
Allows tenants to set device whitelists to protect existing services. Content security detection will not be performed on whitelisted addresses. |
||
Analysis |
Special event analysis |
Compromised hosts |
Performs automatic aggregation as well as quick analysis and handling based on compromised hosts. |
External attack sources |
|
||
Malicious files |
Performs automatic aggregation as well as quick analysis and handling based on malicious files. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot