摘要
基于运营商的资源,针对运营商IDC的客户,提供具有应用层防御能力的带宽接入服务。利用软件定义安全的概念,构建可编程防御系统,采用在线模式实现引流和回注,使用负载均衡资源池和安全内核,实现全流量可视化为基础的安全增值服务。将安全功能抽象出来,实现跨产品、跨平台的重定义、封装和编排,对攻击实现更快的发现和处置。以更快的交付速度和模式,实现应用防御服务。防御系统具有识别非人类行为流量的能力,对模拟人类行为的攻击方式具有显著的拦截效果。
Based on ISP resources,the service to provide bandwidth with defensive power in Layer 4 to 7 is aiming at the customers in IDC.The concept of Software Defined Security leads to establish a programmable defense system,which draws the traffic to the system and directs it to the target servers in-line.A load balance pool and variety of security kernels make valued added security service basing on whole traffic visualization.Security policy could be operated across products and platforms and be redefined,re-encapsulated and re-coded,in order to detect and compromise threats faster.Application protection as service could be delivered more rapidly.This system is capable to identify the impersonating traffic so that it could protect against attacks effectively simulated like human behaviors.
作者
金飞
王大伟
JIN Fei;WANG Dawei(Beijing Antira Technology Co.,Ltd.,Beijing 100000,China)
出处
《信息安全与通信保密》
2020年第S01期67-73,共7页
Information Security and Communications Privacy
关键词
软件定义安全
可编程防御系统
运营商安全服务
非人类流量识别
software defined security
programmable defense system
ISP security service
simulating traffic recognition
