bluedon intrusion prevention systembluedon.com/en/files/bluedonips.pdf · 2017-12-28 · monitoring...
TRANSCRIPT
1
Bluedon Intrusion Prevention System
2
Content
Background Product Introduction
Product Value
Use Case
3
Product Portfolio Bluedon Perimeter Security Products
• Bluedon Firewall
• Bluedon Unidirectional Information Exchange System
• Bluedon Security Gateway
• Bluedon Intrusion Prevention System
• Bluedon Intrusion Detection System
• Bluedon Vulnerability Scanning System
• Bluedon VPN
• Bluedon Anti-Virus Firewall
• Bluedon Unified Threat Management
• Bluedon Flow Control System
• Bluedon IoT Application Control System
4
Background
5
01
02
03
01
02
03
The security risk is moving to application layer• In 2014, the number of websites being embedded
with backdoors reached 40186• increased by 22.7% compared to that in 2013.
The number of vulnerabilities is continuously increasing
• In 2016, the China National Vulnerability Database (CNVD) has included 10822 common hardware and software vulnerabilities, marking a rise of 34% from 2015.
Increasing security events
Hillary Clinton Email Controversy, 500 million of Yahoo's accounts were hacked, Wannacry
Background
6
Background
Basic Prevention
The traditional firewall provides protection for Layer 2 to Layer 4, but fails to prevent the attack from the application layer.
Proactive Protection
IDS can help to detect the attacks on the application layer but can not block the attack reactively. (Proactiveblocking)
Correlation Problem
TheINTERNET Firewall
IDS
There is no standard protocol for the correlation between firewall and IDS, so docking development is needed when correlating firewalls and IDS.
7
Background Bidirectional detection for contentFocus on the content security sent out by the servers
Network File DetectionStop the transmission of viruses and malware
High-performance on application-layerSecurity Problem will not become the bottleneck of network
Prevent application-layer attacksFocus on protecting application-layer
• High-performance protection from application layer• Cover the functionalities of traditional prevention• Network file detection & Anomalous Traffic Monitor
IPS Solutions• Run above the network layer• Lack protection above application layer• The IDS focuses on status monitoring but lack
reactive defense
Traditional FW/IDS
Monitoring Anomalous TrafficFocus on the risks in external links of servers
8
Product Introduction
9
Product Introduction
Bluedon Intrusion Prevention System(IPS) is for real-time intrusion, prevention, and response. It is capable of monitoring the network transmission in real-time, detecting suspicious behaviors automatically, and analyzing the intrusion from the external and internal network . Before the system is compromised, it can block the attacks in real-time and provide remedial measures in order to protect the network .
Real-time & Efficient In-depth Prevention
INTERNET
Bluedon IPS
Hackers
Office Service
Prevention above application layerBuffer
OverflowInformation
Leakage SQL injection
Trojans & Worms
System Vulnerabilities Viruses
Illegalelevated-privileges
Denial of Service Illegal URL
…………………………………
10
Product Introduction
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
The OSI Model Integrated Engine
Integrated Prevention Platform
... ...
Sending& ReceivingMessage
Routing Exchange
Access Control
HistoricalSnapshot
IntrusionDetection
VirusPrevention
SandboxAnalysis
NetworkTraffic
File Detection
Pro
toco
lD
etectionState
Detectio
n
Integrated Engine
Traffic Mo
nito
r
• Reorganization of Application-layer Files
• The application-layer attack detection
(built-in signatures library)
• Virus Detection & Sandbox Analysis
• Traffic Monitoring on the transport layer.
Historical snapshot
• Access control of network layer and
transport layer
• Anti-Copy
• Integrated Engine
• Multi-core processing and memory sharingIn
-dep
th Filter
11
Basic Features
01
02
03
04
05
NetworkBridging & AggregationRouting ServiceDNS Service SNMP Service
Intrusion Prevention
Build-in Signature Customized Signature Network Scanning Flood Attacks
File DetectionFile ReorganizationAnti-VirusSandbox AnalyzeFile Maintenance
Access PolicyPort MappingAccess ControlCustomized BlockCustomized Response
Policy
Real-time monitorReal-time Information DisplayHistorical Snapshot
06
Url FilteringThe URL blacklist URL WHITELIST URL Category Library
12
Basic Features
System Vulnerabilities Prevention 1
• Available for preventing the vulnerbilities of the operating system like Windows, UNIX, Linux, which contain stack and heap buffer overflow, format string error, memory access error, memory corruption, etc.
Trojan Prevention 2
• To detect the vulnerabilities based on the ActiveX, XML, VML, and prevent the Trojan to be embedded in the website when users are browsing;
• To detect the Microsoft Office Files which are embedded in Trojan hidden by Dropper, and prevent users to download and start these documents;
WormsPrevention 3
• The IPS can detect the invasion of worm's, and discard the packets which try to intrude into system to prevent the spreading of worms, such as the Zotobworm, MS SQL Slammer worm.
DDOS/DOS Prevention 4
• Flood attacks: SYN flood, UDP flood, ICMP flood, etc.
• Protocol exception classes: smurf, ping of death, tear drop,Land, etc.
13
Key Features
Event A
Event B
Event C
Event D
Correlated Analysis
Advanced Threat Event
Dig out the signal for the intrusion from the disorder and lower-level port scanning, as well as the intrusion attempts and then inform the network administrator to be in response.
Correlated Analysis
14
Key Features
Tracking the IP address to conduct statistical analysis of the number, type, level of events in the set time range, to block or generate alerts.
Customized Blocking
INTERNET
Smartphone, PAD
Bluedon IPS
Mobile Users
Hacker
3:10 network scan3:12 try to login via default account 3:20 access the user privilege……………………………………
3:10 network scan3:12 try to login via default account 3:20 access the user privilege……………………………………
IP1.1.1.1,generate#ofeventsin60Minutes
IPblockingfor24Hours
Office Service
15
Key Features
Highly customized updates for the signature library, which means to adjust the signature library embedded in the system to avoid false negative and positive rate in a particular scenario. Thus, a closed-loop for attack detection, analysis and response can be established.
Signature Updates
Protection Engine
Signature Library
Application serviceAttack Package Maintenance /AnalysisParticualr access traffic
16
Key Features
Detailed records of traffic monitoring that contain the connection, port, traffic
historical snapshot. Administrator can set up a connection, port, traffic alerts, to
provide evidence for identifying unknown threats.
Monitoring anomalous traffic
17
Deployment
Dedicated Lineof WAN
Security Area of WAN perimeter
Bluedon IPS
INTERNET
ChinaMobile
ChinaUnicom
China Telecom
Bluedon Intrusion Prevention System
Official Area
Boundary Area of Internet
Security Area of Data Center
Bluedon IPSOA system
① Support Gateway deployment, transparent bridging deployment, mixed deployment, etc.
② The IPS can be deployed at the perimeter of WAN, Internet perimeter, and data center perimeter, etc.
18
Product Series
BD-M Series BD-G Series BD-T Series
Throughput: 500M-1000M
l 240G SSD Hard Drivel Creat New Connection around 15,000 ~200,000, with concurrent connections around 800,000 to 5 million
Throughput : 1G-8G Throughput : 8G-20G
19
Product Value
20
Product Value
Compliance 1
• The compliance regulation of Information Security Classified Protection requires the application-layer protection of the network to defend attacks.
Protect Business System 2
• In-Depth Intrusion Prevention from layer 2 to layer 7;
• Blocking the attacks like scan, SQL injection, XSS that target servers.
Protect Clients 3
• FTP detection based on the HTTP, FTP, POP3 and SMTP
• Block the attacks that target internet clients, such as Trojan embedded in website
Multi Functions 4
• Mixed-mode deployment of IPS and IDS
• Realizing the multi functions of devices to maximize the value, which is a high return of investment
21
Use Case
22
Government Info CenterNetwork viruses spread and internet speed is slow.The website can not prevent attacks such as SQL injection and XSS, etc.
Successful Result• Block attacks like SQL injection and
XSS attacks
• A successful denial of network viruses, worms, viruses
• The Dos/DDos Attack Prevention
Government Info Center
SolutionsTo deploy a Bluedon Intrusion Prevention System, double IPS can work in parallel.
INTERNET
Protect clients
The FTP server
Protect clients
Protect Business System
Compliance
Protect Business System
Integrated Engine
Bluedon Intrusion Prevention System
Use Case. Deployment
23
Use Case. DeploymentFinancial InstituteIt provide external e-banking business, so the system is vulnerable to attack from the Internet. It needs related security products and technology to effectively prevent network intrusion, Trojan horses, viruses, flood attack,etc.
SolutionsTo deploy two Bluedon IPS by the mode of dual hot-standby, to improve the prevention ability of the E-bank system.
Financial Institute
INTERNET
Bluedon Intrusion Prevention System
InternetPerimeter
Mobile users
Mobile users(Phone, iPad)
………
E-bank servers web portal
Successful Result
• The Bluedon IPS can detect various viruses;
• The Bluedon IPS successfully defend the SYN flood, UDP flood, ICMP flood attack.
• Detect the anomalous access via traffic monitoring
24
Thank you