SHAPE Integrated Security in The Cloud CNBG/SP Bobby Zhou
1.0 2.0 Born in Cloud Cloud Grow from Cloud Rise of vertical industry clouds Internet Applications Agility, Innovation, Experience Embrace the cloud,into the Cloud Mind Shift,Innovative business and Operation Model To 2020, vertical cloud market growth compound rate 12.3% 2
Rich & Competitive service Simplicity & Efficiency Optimal user experience B2B Cloud IT Cloud Unified Cloud Management Platform (CMP) Edge DCs Regional DCs Telco Cloud 3rd party Public Cloud Core DCs Telco Tiered Data Centers Huawei DC Integration Solutions Remodeling S.H.A.P.E. Cloud Business Service-driven Planning 3 Hybrid Cloud Infra. Integration (Secure & Reliable) Agile PaaS Integration Proven Business Migration Efficient Facility Integration
Threats Everywhere Attacks Complicating Security top concern for cloud adoption Apps VM Virtualization System Infra Network 0-day Phishing Trojan Virus DDoS 253% Attack Growth Rate SmartPhone, 2004 Cloud, 2010 IoT, 2016 2016,APT attack multi banks, loss > $100M Forgery Phishing Botnet Fileless Ransom APT 50% APT target at ISP, Gov, FSI 87.5% 41% 28% Top Challenge Top priority for Telcos Major security incident over last 2 years TOP2 Focus by CIO in consecutive 5 years 4 APT : Advanced Persistent Threat (2006, Colonel Greg Rattray, USAF) Source: IDC, KPMG 2016
From Static, standalone, known threats defense to dynamic, collaborative, unknown threat defense Traditional Defense On premise/static NG Cloud Security Defense: Service-lized Intelligent Collaborative Distributed & Dynamic SDSec, Orchestration Boundary in depth Cloudification Orchestra tion Speedy Release Vuln. Worm Known Threats Spyware Spam Web Threats Malwar Piphing e APT Unknown Threats Mobile/IOT and Cloud Oriented Intelligent situation awareness Detection Prevention Response Point Solution Collaborative Collaborative, intelligent defense Security HW/SW End Point Network and Cloud 5
Regulatory Compliance Data Security Sec. Mgmt IAM Hypervisor security Infra security App Security Intelligent Security Management Detection Prevent Response Predict Security Infra. VM Security Platform Security Intel-Analytics International/Domes tic law Industry Regulation FW DLP WAF HiCloud CMP MV Security Prd. Integration Tenant Security Security Consultancy & Design Professional and Ease of use Secaas Security Mgmt Platform Integration APT Auto-collaboration <60sec response Secaas Integration 26 Secaas Deploy in a minute Security Integration Capability C-SMART Test Platform 12+ attack modeling test cases script library 6 Huawei IT security KB 10+ security control models Multi-dimension analysis model Huawei HiCloud CMP Integrate devices from 20+Security vendors
① Awareness Big data analytic situation awareness 防火墙 VPN WAF IPS 12 Secaas, self-service AntiDDoS Security market space 100+ on-demand security service Log, Report Analysis Awareness ② In-depth 100+ DDoS attack types Full-stack multi-layer, multi-dimension security architecture ③ Certifications 10+ security certifications for industry compliance 7
Huawei Global Threat Intelligent Center CyberSecurity Intelligent System (CIS) Big Data Analytics Behavioral Analysis Defense device Collaboration Machine Learning 99% accuracy, intuitive and configurable rule builder Automated security device collaboration,<60s response Intelligent Optimized detection models and protection policies Security Infrastructure Real-time Situation awareness and predication 8
26 Secaas,Self-service portal Service Catalogue Firewall DLP WAF Vuln. ScanAwareness EPP Partners Service Orchestrati on HiCloud Cloud Mgmt Platform (CMP) Cloud Resources Security Resources Security Infrastructu re WAN Cloud DC 9
Known Vulnerability Unknown Vulnerability C-SMART Platform Scanner:Vulnerability Scanning Master:Source Code Security analyzer Risker:Fuzz Testing Compass:Security Testing Framework Automata: automated security testing Troublemaker: Penetration Test Customer Value Build trusted cloud platform at software component level and solution level Complete security management lifecycle Enable efficient cloud application security testing with fully automated testing procedure Key Capabilities 12+ Security KB,including Test cases, attack PoC scripts library 40+ security testing tools,including Redline scan source code analyzer Fuzz tool CLOUD OPEN LAB,integrated 57+ mainstream security products 10
10,000+ Product vendors 11 1,000,000+ Certified Business Use Cases 500+ Vendor Certifications 350+ Huawei Products
Open Telekom Cloud with Deutsche Telekom 828 Security and Privacy Protection Enhancement s To compliant EU data and privacy protection laws/regulations 12
13 Thanks!