This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

HiSec: Intelligent active defense for ICT infrastructure

2018.12.28 By Denzel Song, General Manager of Huawei Network Security Domain

As the world enters the era of the smart society, ICT infrastructure will become ubiquitous and bear the key responsibility of supporting industry digital transformation. Different industries' service environments will become more open and, as this happens, their security systems needs to be more robust. 

HiSec for active defense

Operators and enterprise customers will have three major requirements: (1) safeguarding always-on key services, (2) improving security operation and maintenance (O&M) efficiency, and (3) ensuring the ICT infrastructure they build is safe and reliable. With Huawei's HiSec intelligent security solution, customers will be able to build smart ICT infrastructure security and active defense systems.

We need increased efficiency, not increased risk

Around the world, digitalization continues to grow at a rapid pace. According to Huawei's Global Connectivity Index 2018 report, every US$1 invested in ICT infrastructure construction results in a GDP growth of US$3.7. And if the annual growth rate of ICT infrastructure investment stays at 8 percent, it will drive US$2-3 trillion of economic growth between 2018 and 2025.

However, while we enjoy more efficient communication, we’re also confronted by increasing cyber security risks. Gartner predicts that by 2020 about 60 percent of enterprises will suffer major service failures due to cyber security threats as they digitally transform their services.

Examples of risks

Smart grids vastly improve the stability and efficiency of the power supply, but smart meters and unmanned substations can become targets of cyber-attacks. Smart transportation has made people's lives immensely more convenient, with innovations such as metro gates that use mobile QR codes removing the need for travel cards. However, the settlement systems metro companies use are connected to the Internet, exposing their entire networks to external network environments, which leaves them constantly at risk from security threats that could devastate entire transit systems. 

For telecom operators, ICT infrastructure cloudification enhances the efficiency of carrier-class communications and shortens service provisioning. However, the increasing complexity and openness of cloud-based services massively increases the probability of attacks on telecommunications infrastructure. 

In safe cities, deploying cameras has deterred criminals and made people's lives safer. However, in October 2016 hackers brought down networks across a wide area for hours after launching a DDoS attack on Internet DNS infrastructure by hijacking millions of networked cameras.

Intelligent cyber security

As a leading provider of ICT infrastructure, Huawei offers ICT infrastructure solutions for emerging technologies such as IoT, 5G, and cloud computing for the government, financial, transportation, energy, manufacturing, and telecommunications sectors, as well as a comprehensive range of security solutions to protect the security of key ICT infrastructure in industries.

In today's security industry, the protected object and protective measure in most security solutions, both large and small, are independent, which makes it impossible to quickly stop fast spreading cyber-attacks. Similarly, the security products for different segments perform their duties independently of each other and are uncoordinated. Even when a network is "fully" protected, as soon as it is hit by a new type of threat, the best chance to deal with the threat has been missed and irreparable damage has already been caused.

Protecting network-wide services requires deploying network probes on a large scale to perform real-time, synchronous analysis for a "smart security brain". However, the high cost of deploying a complete smart security brain to monitor network-wide traffic discourages many enterprises.

To provide a solution to these problems, Huawei launched HiSec – an intelligent security solution based on software-defined security (SDSec) that will help customers build smart ICT infrastructure security and proactive defense systems. HiSec harnesses Huawei's technological expertise and ideology in security accumulated over the past 20 years as well as its experience and own security practices in ICT infrastructure construction.

Huawei's software-defined security architecture has three layers:

The first layer is the enforcer, which is responsible for security threat handling and information collection. It includes security software and hardware products, such as firewalls, intrusion prevention systems, web application firewalls, device host security EDR, and anti-virus software; network devices like switches and routers; and IoT devices such as cameras.

The second layer is the controller, which manages how network-wide enforcers cooperate, receives instructions from the analyzer, determines how security policies are issued and optimized, and notifies the enforcer to control security threats to within certain areas or block them.

The third and final level is the analyzer, which can be understood as a smart security brain for network-wide analysis. Based on the results of its analysis, the analyzer makes decisions. Based on the information it collects, it determines the threat type, how serious it is, and how to deal with it. Local analysis capabilities at the analyzer layer are insufficient because local machine learning-based intelligence is a thing of the past. What we need is a brain that obtains from the cloud a much broader scope of already learned information. Using AI computing power, the Huawei Cloud-based brain quickly learns attacks the cloud has been subjected to and known threat samples from around the world, and rapidly transfers the learned results to the entire network.

Through close coordination between security and ICT infrastructure, the HiSec solution upgrades the network's threat response capability from an isolated island of security into a network-wide united battlefront. The spread range of threats is narrowed from the zone border to the server border, and the source of network threats can be quickly located and prevented from spreading further, thus minimizing damage. 

Through interconnection of the security analysis, brain and different vendors' device security products, the HiSec solution quickly and automatically completes a series of security response actions, such as device threat investigation and forensics, event traceability, and interconnection response, rapidly and systematically resolving advanced security risks. 

By deploying edge-based smart security gateways with advanced security analysis capabilities, HiSec brings intelligent processing power to the edge of the network. Edge intelligence drastically reduces real-time network data transmission reporting, maximizing dispersion of network strain to the network edge. More threat handling actions can be performed locally without needing to involve the security analysis brain. This cuts down the cost of network deployment and significantly boosts the efficiency of threat detection by lowering network traffic interaction.

The HiSec solution's edge intelligence is enabled by Huawei's new USG6000E series AI-based firewall. The AI-based firewall acts as an intelligent security gateway at the network edge, providing intelligent network border protection for enterprises. It has a built-in, AI-based advanced threat-detection engine that can identify threats in encrypted traffic. It works within the cloud to achieve a threat-detection rate above 99 percent. The AI-based firewall has a built-in acceleration engine for the optimization and acceleration of key firewall features such as Internet Protocol Security (IPSec), intrusion prevention, and antivirus. The threat-handling performance of the firewall is vastly improved, achieving a processing performance that’s two times the industry average. Based on virtualization architecture, the AI-based firewall flexibly integrates third-party detection capabilities, dramatically boosting overall threat detection, while achieving multi-service convergence and reducing CAPEX by over 80 percent.

Protecting digital transformation 

As we move toward a fully connected, intelligent world, Huawei wants to contribute its own strengths by building security capabilities and creating value for customers. Through the continuous service-driven evolution of Huawei security products and solutions, we will achieve full coordination with ICT infrastructure. Through open architecture, we will enable dynamic collaboration between software-defined security products. And through centralized intelligence and edge intelligence, we will support intelligent collaboration between on-cloud and off-cloud services.

Huawei's advanced security solutions are based on its huge investment and years of expertise in security R&D. Huawei has seven security R&D teams located in China, North America, and Europe. Huawei also runs two labs specializing in security research, including Shield Lab, which researches future security technology, including attack and defense penetration, vulnerability mining, and intelligence gathering. Huawei's security R&D teams and labs cover a wide range of technologies and services, from traditional security gateways such as firewalls to cloud security, IoT security, the use of AI and big data in network security, and security chips.

Harnessing security capabilities built up over many years, Huawei is committed to creating greater value for its customers and society as a whole. Huawei fully leverages its advantages in ICT infrastructure solutions to provide customers with better network security protection and help protect the continued evolution of the intelligent world.