HUAWEI TECHNOLOGIES CO., LTD. Huawei FireHunter6000 series

Similar documents
Cloud Sandboxing Against Advanced Persistent Attacks

How to Identify Advanced Persistent, Targeted Malware Threats with Multidimensional Analysis

Huawei NIP2000/5000 Intrusion Prevention System

HUAWEI Tecal X8000 High-Density Rack Server

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI FusionServer X6000 High-Density Server

OceanStor 5300F&5500F& 5600F&5800F V5 All-Flash Storage Systems

NIP6000 Next-Generation Intrusion Prevention System

Best Practices of Huawei SAP HANA TDI Active-Passive DR Solution Using BCManager. Huawei Enterprise BG, IT Storage Solution Dept Version 1.

Lightning Fast Rock Solid

Cloud-Oriented Converged Storage

Copyright Huawei Technologies Co., Ltd All rights reserved. Trademark Notice General Disclaimer

Huawei IT Transformation solution

Cloud-Oriented Converged Storage

Huawei Agile Controller. Agile Controller 1

The Best Choice for SMBs

HUAWEI USG6000 Series Next-Generation Firewall Intelligent Aware Engine (IAE) Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue V1.

Protection - Before, During And After Attack

Intel Security Advanced Threat Defense Threat Detection Testing

Web Gateway Security Appliances for the Enterprise: Comparison of Malware Blocking Rates

The Fastest Scale-Out NAS

McAfee Advanced Threat Defense

Quick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.

White Paper. Huawei Campus Switches VXLAN Technology. White Paper

FIREWALL BEST PRACTICES TO BLOCK

Huawei KunLun Mission Critical Server. KunLun 9008/9016/9032 Technical Specifications

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Lastline Breach Detection Platform

Huawei KunLun Mission Critical Server. KunLun 9008/9016/9032 Technical Specifications

OceanStor 6800F V5 Mission-Critical All-Flash Storage Systems

Huawei SD-WAN Solution

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Trend Micro Deep Discovery for Education. Identify and mitigate APTs and other security issues before they corrupt databases or steal sensitive data

Agile Security Solutions

BREACH DETECTION SYSTEMS COMPARATIVE ANALYSIS

EXECUTIVE BRIEF: WHY NETWORK SANDBOXING IS REQUIRED TO STOP RANSOMWARE

Eudemon 1000E. Eudemon 1000E Series Product Quick Reference. Huawei Technologies Co., Ltd.

Quick Heal AntiVirus Pro. Tough on malware, light on your PC.

Building Resilience in a Digital Enterprise

Best Practical Response against Ransomware

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

Symantec Protection Suite Add-On for Hosted Security

Huawei Next-Generation Network Security

ID: Sample Name: faktury_pdf.rar Cookbook: default.jbs Time: 12:24:33 Date: 15/12/2017 Version:

Seqrite Endpoint Security

NetDefend Firewall UTM Services

ID: Sample Name: dronefly.apk Cookbook: default.jbs Time: 10:24:54 Date: 07/06/2018 Version:

OPSWAT Metadefender. Superior Malware Threat Prevention and Analysis

AD SSO Technical White Paper

Detect Cyber Threats with Securonix Proxy Traffic Analyzer

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

Accelerating Metro. Huawei MPLS-TP Solution HUAWEI TECHNOLOGIES CO., LTD.

:- IDBI /PCELL/ RFP/

Deep instinct For MSSPs

Huawei Agile Controller. Agile Controller

MRG Effitas Trapmine Exploit Test

Security Gap Analysis: Aggregrated Results

Vulnerability Scan Service. User Guide. Issue 20 Date HUAWEI TECHNOLOGIES CO., LTD.

Symantec Advanced Threat Protection: Endpoint

Office 365 Buyers Guide: Best Practices for Securing Office 365

BUFFERZONE Advanced Endpoint Security

haltdos - Web Application Firewall

CyberArk Privileged Threat Analytics

Seceon s Open Threat Management software

Quick Heal AntiVirus for Server. Optimized Antivirus Scanning. Low on Resources. Strong on Technology.

Venusense UTM Introduction

Seqrite Antivirus for Server

Annexure E Technical Bid Format

Invasion of Malware Evading the Behavior-based Analysis

HUAWEI UMA Full Product Datasheet

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Securing Your Amazon Web Services Virtual Networks

Analysis on computer network viruses and preventive measures

Privileged Account Security: A Balanced Approach to Securing Unix Environments

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

One Net Campus Huawei Campus Network Solution

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

exam. Number: Passing Score: 800 Time Limit: 120 min File Version: CHECKPOINT

Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

CA Host-Based Intrusion Prevention System r8

Industry 4.0 = Security 4.0?

To Catch A Thief. Sam Curry Chief Technology Officer RSA, The Security Division of EMC

All-in one security for large and medium-sized businesses.

Securing Your Microsoft Azure Virtual Networks

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

Security by Default: Enabling Transformation Through Cyber Resilience

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Trend Micro. Apex One as a Service / Apex One. Best Practice Guide for Malware Protection. 1 Best Practice Guide Apex One as a Service / Apex Central

Huawei NIP6000 Intrusion Prevention & Detection System Technical White Paper

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

ID: Sample Name: 5GeZNwROcB.bin Cookbook: default.jbs Time: 15:22:54 Date: 30/11/2017 Version:

A Comprehensive CyberSecurity Policy

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

White Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection

PineApp Mail Secure SOLUTION OVERVIEW. David Feldman, CEO

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

ADVANCED ENDPOINT PROTECTION TEST REPORT

Kaspersky Internet Security - Top 10 Internet Security Software in With Best Antivirus, Firewall,

Transcription:

HUAWEI TECHNOLOGIES CO., LTD. Huawei 6000 series

Huawei 6000 series can detect APT (Advanced Persistent Threat) attacks, which altogether exploit multiple techniques (including zero-day vulnerabilities and advanced evasion techniques), protecting the network against attacks and preventing the internal information from being stolen. In recent years, many multinational companies and government agencies have been under hacker attacks, suffering great financial loss. Worse still, hacker attacks may lead to national secret disclosure, endangering national security. Attackers exploit a number of techniques altogether, including zero-day vulnerabilities and advanced evasion techniques, to bypass the majority of existing security devices and evade multi-layer network protection and filtering, reaching such purposes as key information stolen and enterprise IT infrastructure damage. Most of such threats aim at targets of great economic or political value, and will cause great danger. They are called Advanced Persistent Threat. APT attacks are usually target-aimed, mainly attacking the national infrastructure, such as the energy, economy, and transportation. Before launching an attack, an attacker collects the IT information about the target through social engineering, and makes a specific attack plan with the collected information. For example, an attacker finds out the known or zero-day vulnerabilities of the target IT system, and exploits such vulnerabilities to penetrate into the enterprise and spreads threats, finally stealing the key information asset or damaging the IT infrastructure. 6000 Sandbox is Huawei's new high-performance APT detection system. By restoring the network traffic mirrored by switches or traditional security devices, 6000 Sandbox inspects files transmitted on the network in virtual environments to detect malicious files. Facing advanced malware, 6000 Sandbox analyzes and collects the static and dynamic software behaviors through local and cloud techniques, such as reputation scanning, real-time behavior analysis, and big data correlation. With the unique behavior pattern library, 6000 Sandbox can obtain accurate analysis results, and detect, report, and block "grey" traffic in real time to control the spreading of unknown threats and loss of core information assets of enterprises. 6000 Sandbox is particularly applicable for major customers like financial institutions, confidential government agencies, energy companies, and high-tech enterprises. Product Appearances 6000 series

Product Overview 6000 has multiple built-in sandbox systems, which can run the programs to be analyzed, collect static and dynamic program behaviors, and display the behaviors to users, showing users whether the program is malicious. The unique technology of behavior pattern library is what the 6000 uses to finish the above process. Through feature analysis of a large quantity of viruses, vulnerabilities, and threats, 6000 summarizes the malicious behavior pattern and develops a set of judgment rules, each rule defining one or more software behaviors. According to the rules matching software behaviors of the inspected programs, 6000 will display the corresponding detection results. Heuristic sandbox types that 6000 supports: PE heuristic sandbox: The PE heuristic sandbox is used to inspect Windows executable files. It can build a virtual execution environment by simulating hardware instructions, and run PE files in the virtual environment to collect file behaviors. Compared with the virtual execution environment at the operating system level, the PE heuristic sandbox is a heuristic sandbox at the process level with higher file analysis performance. PDF sandbox: The PDF sandbox is used to inspect PDF files. By simulating the PDF file reader program, the PDF sandbox can analyze the behaviors of PDF files. Compared with the virtual execution environment at the operating system level, the PDF sandbox is a heuristic sandbox at the process level with higher file analysis performance. Web sandbox: The web sandbox is used to inspect web page files. By simulating the browser program, the web sandbox can analyze the behaviors of web files. Compared with the virtual execution environment at the operating system level, the web sandbox is a heuristic sandbox at the process level with higher file analysis performance. Virtual execution environment: Virtual execution environment, compared with heuristic sandboxes, has a relatively lower detection rate while higher detection quality. Heuristic sandboxes can detect malicious files according to their malicious signatures. However, many malicious files can hide their malicious signatures, showing malicious behaviors only when run. To overcome the disadvantage of heuristic sandboxes, 6000 also provides the virtual execution environmentto detect the above threats. The virtual execution environment is a real operating system based on the virtual machine technology. When running in the virtual execution environment, files to be inspected can use any API interface of the system, just like on the real host. 6000 will monitor the running process of the files, and detect malicious files according to the behavior signatures. When suffering destructive impact from malicious files, the virtual execution environmentwill automatically restore the virtual environment to initial status, leaving no impact on the inspection performance of 6000. Highlights Multi-System Simulation and Comprehensive Inspection, Preventing Unknown Threats and Malicious Software Comprehensive traffic inspection: 6000 Sandbox can restore the traffic and identify such mainstream file transfer protocols as HTTP, SMTP, POP3, IMAP, and FTP, ensuring the detection of malicious files transmitted using these protocols. Inspection support of mainstream file types: 6000 Sandbox supports malicious code detection of mainstream application software and files, including Word, Excel, PPT, PDF, HTML, JS, EXE, JPG, GIF, PNG, SWF, and ZIP. Inspection support of web traffic: Among all the detection systems of the same type in china, 6000 Sandbox is unique in detecting web-based malicious code and zero-day vulnerabilities of web pages. Even globally, only two companies can provide such inspection, greatly improving the detection

efficiency of unknown threats of 6000. Simulation of mainstream operating systems and application software: 6000 Sandbox can simulate mainstream operating systems and software, including Windows operating systems, browsers like Internet Explorer, and office software like Microsoft Office and WPS. In addition, 6000 Sandbox can customize virtual environments based on user requirements. In-depth Inspection and Second-Level Response, Rapidly Blocking Unknown Threats and Malicious Software Layered defense system: 6000 Sandbox supports reputation matching, heuristic detection, and virtual execution, equipped with a quick response to the next-generation threats represented by APT. Industry-leading performance: 6000 Sandbox has an industry-leading analysis capability, with 70 thousand samples analyzed per day. Meanwhile, 6000 Sandbox supports horizontal capacity expansion, which can form analysis clusters to further improve analysis capability. Quasi real-time processing: 6000 Sandbox has a quasi real-time processing capability, reducing response time of next-generation threat detection from several weeks to few seconds, and interworking with the NGFW to implement online defense. 1 2 3 4 Reputation system Heuristic detection Virtual execution Threat analysis Web heuristic detection PE heuristic detection office, png, jpg... Windows xp-sp3/win 7 /Win 8/Win10/IE9 PDF heuristic detection Multi-Dimensional Analysis and Less False Positives, Accurately Detecting Unknown Threats and Malicious Software Multi-dimensional analysis: Huawei performs static analysis of code snippets, file format anomalies, and malicious script behavior to pin down suspicious traffic; performs dynamic analysis through instruction stream monitoring to identify malicious files and operations; performs correlated behavior analysis to determine whether traffic is legitimate. Deployment Mode 6000 Sandbox supports multiple deployment modes. Interworking with the NGFW, standalone deployment: The NGFW restores files and sends files to be detected to the sandbox. Interworking with the NGFW, cluster deployment: The NGFW restores files and sends files to be detected to the sandbox cluster. Four V100R001C20s or V100R001C30s can be deployed in a

cluste. In a cluster, a device serves as the management center, and other devices the detection nodes. The management center distributes files to detection nodes for load balancing and provides a unified detection result query interface. Standalone deployment: Traffic is mirrored to the sandbox, which restores the traffic to files and detects them. Traffic can be mirrored using the mirroring port or optical splitter. In this scenario, the sandbox only detects files, and other security devices block files. Standalone deployment Cluster deployment Detection node1 NGFW Cluster manager NGFW Cluster manager detection node Detection node 2 Central Detection node N management Typical Deployment 1. Internet egress: To mainly defense malicious mails and web traffic from the Internet. 2. Branch access border: To prevent malicious files and unknown threats in external access zones from spreading between branches and HQ. 3. Data center border: To mainly protect core assets of servers and discover attacks hiding on the internal network, malicious scanning, and penetration. 4. Core department border: To prevent suspicious files from spreading on the internal network and horizontally infecting core departments. Branch DC Servers Branch Branch Core office Office A Office B

Specifications Hardware configuration Model Hardware configuration 6000 x86 server in a 2-U rack Memory of no less than 128 GB Two power modules for redundancy Hard drive with a capacity of no less than 2 TB SSD drive with a capacity of no less than 128 GB 8 x GE electrical ports 2 x 10GE optical ports Main Functions PE file inspection 32-bit PE file inspection Compressed PE file inspection PDF file inspection PDF file inspection Compressed PDF file inspection Web file inspection HTML/HTM file inspection JavaScript file (contained in HTML/HTM files) inspection Flash file inspection JavaApplet file inspection Compressed web file inspection Office file inspection Word 2003 and Word 2007 inspection Excel 2003 and Excel 2007 inspection PowerPoint 2003 and PowerPoint 2007 inspection RTF file inspection Office file (attached to mails) inspection WPS file inspection Compressed Office file inspection Image inspection GIF file inspection JPG file inspection

Hardware configuration PNG file inspection TIFF file inspection Compressed image inspection Traffic restoration http, smtp, pop3, imap, ftp protocol traffic restoration Deployment mode Local deployment, interworking with the NGFW Local out-of-path deployment Cluster deployment Ordering Information Host License License License License 02311GVW 88033DNR 88033DNT 88033DNX 88033DPA Function Module, 6000, 6300-AC, 6300 AC Typical Configuration(2*750 AC PSU, Static Rail Kit) Software Charge, 6000, FH6000-LIC-1AV-1Y, One-year single-engine antivirus library update license of, Multiple Model Software Charge, 6000, FH6000-LIC-1AV-3Y, Three-year single-engine antivirus library update license of, Multiple Model Software Charge, 6000, FH6000-LIC-TML-1Y, One-year threat model library update license of, Multiple Model Software Charge, 6000, FH6000-LIC-TML-3Y, Three-year threat model library update license of, Multiple Model

Copyright Huawei Technologies Co., Ltd. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-032102-20161220-C-1.0 www.huawei.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback