This solution guarantees the security of enterprise tenants’ applications hosted on the cloud. Based on the core component Agile Controller, the solution virtualizes hardware security devices and offers a variety of services for online subscription. The automated security deployment capability also greatly improves cloud service protection efficiency.
Moreover, cloud-based service deployment eliminates network security boundaries. Virtual networks, especially the virtual machine (VM) layer, urgently need effective security protection. As common threats have evolved to advanced persistent threats (APTs) that can hide for a longer period of time and are more difficult to detect, traditional APT defense methods also need to adapt to software-defined network (SDN) environments.
Huawei’s Software-defined Security Solution improves security protection efficiency for cloud data centers in the following ways:
l The Agile Controller implements flexible orchestration and automated security service provisioning for tenants. Tenants can obtain up to 12 types of virtualized security capabilities and apply for appropriate quantities of security resources based on their needs. A software security cluster provides the industry’s highest capability of 2.5 Tbit/s for cloud data centers. The security service provisioning process requires no manual intervention and saves 90% of the manual configuration workload, enabling security services to be provisioned in a matter of minutes. This provides timely protection for resources used by tenants to keep pace with quick service development in virtualized environments.
l The Agile Controller provides the intelligent awareness function that enables security policies of tenants to migrate with services in real time. Scheduled by the Agile Controller, virtualized security resources provide L2-L7 in-depth security protection. The Agile Controller supports five virtualization platforms and two northbound APIs and can interoperate with an OpenStack cloud platform on the public cloud to implement unified visual operations and maintenance (O&M). This improves service management efficiency.
l The Agile Controller provides unified resource scheduling for tenants and filters service traffic at the network boundary, tenant, and VM levels to provide triple protection. Tenants can collect and analyze logs, files, and traffic in virtualized environments using the cybersecurity intelligence system (CIS), an intelligent Big Data analytics platform. This platform detects abnormal network behaviors with an accuracy of more than 99%, overcoming traditional threat detection tools’ problem of low efficiency against upgraded threats.
“As more services are migrating to the cloud, the boundary of security threats becomes blurred. Data center services are facing more severe security risks after SDN technology is used, as such no companies, regions, or organizations are free from such risks,” said Liu Lizhu, General Manager of Huawei Enterprise Network Product Line’s Security Gateway Domain.
“Huawei’s Software-defined Security Solution will guarantee innovative, scalable, and efficient cloud services for tenants and help enterprises accelerate business transformation and upgrade,” continued Lizhu.
