Help Center/ Cloud Adoption Framework / Cloud Adoption Framework and Practices/ O&M Governance/ Secure Operations/ Cloud Native Security Service
Updated on 2025-05-07 GMT+08:00
View PDF
Share

Cloud Native Security Service

Huawei Cloud offers a comprehensive suite of cloud native security services. These services are deeply integrated with Huawei's cloud platform, providing superior performance, elasticity, and ease of use. Additionally, Huawei's experience in security operations as a cloud service provider continually enhances the capabilities of these services. Enterprises are recommended to prioritize cloud native security services.

  • Data Encryption Workshop (DEW)

    DEW is a cloud data encryption service. It provides Dedicated Hardware Security Module (Dedicated HSM), Key Management Service (KMS), Cloud Secret Management Service (CSMS), and Key Pair Service (KPS). DEW uses HSMs to protect your keys, and can be integrated with other Huawei Cloud services. Additionally, DEW enables customers to develop customized encryption applications.

    For details about DEW, see the DEW Documentation.

  • Host Security Service (HSS)

    Host Security Service (HSS) is designed to protect server workloads. It protects your system integrity, enhances application security, monitors user operations, and detects intrusions. HSS can provide unified visualization and control capabilities for hosts and containers, no matter where they are located.

    For details about HSS, see the HSS Documentation.

  • Web Application Firewall (WAF)

    WAF keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF). You can start to use it by adding a website on the WAF console. If WAF is enabled, all public traffic to the website will first go through WAF. Malicious traffic will be detected and filtered by the WAF, while normal traffic will be returned to the source IP, ensuring the safety, stability, and availability of the source IP.

    For details about WAF, see the WAF Documentation.

  • Database Security Service (DBSS)

    DBSS is an intelligent database security service. Based on the machine learning mechanism and big data analytics technologies, it can audit your databases, detect SQL injection attacks, and identify high-risk operations. It provides functions such as user behavior detection and audit, multi-dimensional analysis, real-time alarms, refined reports, sensitive data protection, and audit log backup. Database audit provides you with the database audit function in out-of-path pattern, enabling the system to audit risky behaviors in real time and generate alarms. In addition, database audit generates compliance reports that meet data security standards. These measures help you find the person accountable for internal violations and improper operations.

    For details about DBSS, see the DBSS Documentation.

  • Cloud Firewall (CFW)

    CFW is a next-generation cloud native firewall that provides protection for Internet and VPC borders on the cloud. It supports on-demand elastic capacity expansion and provides basic network security protection for services migrated to the cloud. It provides border protection between VPCs, access control policies, intrusion prevention policies, antivirus, traffic analysis, and system management.

    For details about CFW, see the CFW Documentation.

  • Data Security Center (DSC)

    DSC is a next-gen cloud-based data security platform that offers basic data security capabilities such as data classification, risk identification, watermark tracing, and static data desensitization. It integrates the various stages of the data security lifecycle and presents an overall view of the cloud-based data security situation.

    For details about DSC, see the DSC Documentation.

  • SecMaster

    SecMaster is a next-generation cloud native platform that enables integrated and automatic security operations. You can manage cloud assets, security posture, security information, and incidents in one place and enjoy intelligent threat detection, easy security orchestration, and automatic response.

    For details about SecMaster, see the SecMaster Documentation.

  • Anti-DDoS Service (AAD)

    AAD provides powerful protection for the continuity of important enterprise services. It can protect your servers against large volumetric DDoS attacks so your services can be reliable and stable. AAD protects your mission-critical workloads from DDoS attacks by routing all traffic destined for origin servers to AAD IP addresses and scrubbing malicious attacks. This service can be deployed on hosts used on Huawei Cloud, other clouds, and on-premises data centers.

    For details about AAD, see the AAD Documentation.

  • Cloud Certificate Manager (CCM)

    CCM is a cloud service that provides one-stop lifecycle management of digital certificates. It includes the SSL Certificate Manager (SCM) and Private Certificate Authority (PCA) services.

    For details about CCM, see the CCM Documentation.

  • CodeArts Inspector

    CodeArts Inspector scans vulnerabilities on your websites, hosts, mobile applications, software packages, and firmware. It provides vulnerability assessments, customized scanning, and vulnerability lifecycle management. After a scan is complete, a scan report is generated for you to check vulnerability details and solutions.

  • Cloud Bastion Host (CBH)

    CBH is a unified security management and control platform. It provides account, authorization, authentication, and audit management services that enable you to centrally manage cloud computing resources. CBH provides various functional modules, such as department, user, resource, policy, operation, and audit modules. It integrates functions such as single sign-on (SSO), unified asset management, multi-terminal access protocols, file transfer, and session collaboration. With the unified O&M login portal, protocol-based forward proxy, and remote access isolation technologies, PBH enables centralized, simplified, secure management and maintenance auditing for cloud resources such as servers, cloud hosts, databases, and application systems.

    For details about CBH, see the CBH Documentation.

Parent topic: Secure Operations