Help Center/ Huawei Qiankun CloudService/ Security Cloud Services/ Border Protection and Response/ Service Overview/ Functions
Updated on 2023-05-12 GMT+08:00
View PDF
Share

Functions

Local Network Border Protection

Qiankun Shield devices are deployed at the tenant network border to ensure local security with technologies such as intrusion prevention, antivirus, and DNS filtering. After tenants subscribe to the Border Protection and Response Service, Qiankun Shield devices can:

  • Perform intrusion prevention detection on traffic to comprehensively defend against various intrusion behaviors.
  • Perform antivirus on traffic to effectively prevent data damage, permission change, and system breakdown caused by virus files.
  • Perform DNS filtering on traffic to comprehensively control domain name access.

Tenant Data Security Processing

  • Data authorization: After being authorized by users, local Qiankun Shield devices send data only within the authorization scope.
  • Encrypted transmission: Local Qiankun Shield devices transmit logs to the cloud service platform through Hypertext Transfer Protocol Secure (HTTPS) or Transport Layer Security (TLS).
  • Encrypted storage: Data is encrypted using the encryption component of the Huawei key management center (KMC), and then stored on Huawei Qiankun.
  • Handling principle: Data is used only for threat analysis and tracing by operation experts of the cloud service platform.
  • Information isolation: Each user receives analysis reports and SMS messages through their own service account. Information is only sent to relevant users.

Automatic Analysis

Huawei Qiankun can analyze and determine threat events based on analysis models and handle the events based on the determination results. Drawing on the strengths of automatic analysis capabilities and security experts of Huawei Qiankun, tenants can benefit from simplified local O&M and enhanced protection efficiency.

After automatic analysis, the following handling methods are available:

  • If an event matches the false positive model, the event status changes to false positive.
  • If an event matches an alarm-based automatic confirmation model or a threat analysis model, automatic analysis will request the security response to perform the corresponding processing.
  • Security experts can refer to the automatic analysis results to further analyze and handle the events.

Security Response

Security response is a closed-loop response to security events. It includes two security response actions: delivering blacklists and sending alarms. Tenants can leverage the security response capabilities of Huawei Qiankun to significantly improve the efficiency of closed-loop responses to security events.

Security response provides the two security response actions in the following scenarios:

  • For events that can be automatically handled after automatic analysis, the automatic analysis requests security response to deliver a blacklist or send an alarm.
  • For events that need to be handled by security experts after automatic analysis, security experts can manually deliver a blacklist or send an alarm through the event management menu on the portal.
  • A tenant delivers a blacklist on the tenant portal.

Precise Analysis by Security Experts

Security experts of Huawei Qiankun integrate security capabilities to quickly and accurately identify sophisticated threats.

  • Security capabilities of Huawei Qiankun are continuously enhanced by consolidating live-network confrontation experience into Huawei Qiankun.
  • Latest vulnerability analysis and intelligent signature production of Huawei Qiankun help quickly cope with new threats.
  • Security experts analyze each discovered security alarm in a unified manner and use various security capabilities of Huawei Qiankun to resolve the latest threats.
Parent topic: Service Overview