Updated on 2024-01-25 GMT+08:00

Border Protection and Response

Table 1 Specifications

Level-1 Category

Level-2 Category

Item

Description

Management

Security situation dashboard

Compromised asset situation

Includes the compromised host trend, compromised host distribution, compromise event blocking rate, latest compromise events, top compromised hosts, top compromise types, and top compromise events.

Basic security event situation

Includes the attack location, average threat detection duration, blocking rate, top attack types, latest threat events, and number of special events.

External attack source situation

Includes the external attack source trend, attack source distribution, external attack blocking rate, latest external attacks, top attack sources, attack assets, and attack types.

Periodic security report

Periodic security report

Sends security service reports to users' subscription mailboxes by week or month. Security service reports enable customers to clearly understand the following information:

  1. Overview of security service.
  2. Threat prevention times and trend.
  3. Number and details of compromised hosts.
  4. Number and trend of external attack sources.
  5. Number and trend of malicious files.

Supports statistics collection of application access based on the source IP addresses, access time, and application distribution, and provides statistical analysis reports by week or month.

  1. Allows users to view and preview historical security reports.
  2. Allows users to download reports.

Security zone management

Security zone status management

  1. Monitors the security zone status and checks whether physical connections in the security zone are reversely connected.
  2. Sets trust labels for security zones.

MSSP

MSSP-managed O&M

Creates an agency relationship for security services on the user O&M platform and creates roles (such as administrators and auditors) with different operation permissions for the delegated parties. After the agency relationship is established, the delegated party can check and handle security threat events.

MSSP security dashboard

Displays threats for tenants managed by the MSSP.

MSSP ticket transfer

Transfers tenants' tickets to the MSSP for analysis and handling.

Protection

Qiankun Shield/Firewall threat prevention

Malware protection

Supports multi-level protection technologies, detects multiple types of malicious code carriers, and updates the antivirus database in real time to cover popular high-risk malware. Note: Devices of 1 U high and desktop devices support a virus database containing 5 million viruses and 3 million viruses, respectively.

Defense against botnets, Trojan horses, and worms

Supports precise role identification based on the botnet topology analysis technology; identifies 500+ botnets as well as 1000+ worms and Trojan horses.

Service awareness

Identifies over 6000 applications and covers all mainstream application protocols.

Web category

Supports a web category database with more than 120 million websites to regulate access behaviors and prevent malicious websites from attacking enterprise networks.

Intrusion prevention

Supports attack detection technologies based on vulnerability and behavior analysis, anti-evasion technologies based on content restoration in context, a signature database containing more than 12,000 signatures, and automatic signature database update. Devices of 1 U high and desktop devices support a signature database containing 12,000 and 5000 signatures, respectively. Both of them support botnet detection and application server protection.

Response

Manual blocking

Manual blocking

Manually blocks the attack source based on the detected external attack source events.

Automatic threat blocking

Automatic blocking of external attack sources

Accurately identifies external high-risk attack sources and automatically blacklists them to prevent subsequent attacks.

Automatic blocking of malicious domain names

Automatically blocks malicious domain names based on DNS filtering to block the access of hosts on the user network to malicious domain names.

Emergency security notification

SMS notification

Supports emergency notifications via SMS to notify users of threat events and provides timely response guidance.

Email notification

Supports emergency notifications via email to notify users of threat events and provides timely response guidance.

Alarm templates

Enables operations personnel to customize alarm templates for critical alarms that need to be sent to users.

Blacklist and whitelist

Domain name blacklist

Configures a domain name blacklist to block access of hosts on the user network to malicious domain names.

Device blacklist

  1. Allows users to set blacklists to quickly block threat attack sources.
  2. Allows users to view historical device blacklists.
  3. Supports one-click clearance.

Protected network segment

Supports association with protected network segments to protect existing services from being incorrectly blocked.

Tenant global whitelist

Allows tenants to set a global whitelist to protect existing services and prevent them from being incorrectly blocked.

Device whitelist

Allows tenants to set device whitelists to protect existing services. Content security detection will not be performed on whitelisted addresses.

Analysis

Special event analysis

Compromised hosts

Performs automatic aggregation as well as quick analysis and handling based on compromised hosts.

External attack sources

  1. Supports automatic aggregation by external attack sources, and performs quick analysis and handling by external attack sources.
  2. Exports external attack sources.

Malicious files

Performs automatic aggregation as well as quick analysis and handling based on malicious files.