Next Generation Network Security Focus

Network attacks are becoming diversified and diversified. End-point security and network security of enterprises are facing new threats. The need for enterprises to secure next-generation networks also needs to be met.

If the endpoint and the network communicate effectively at the information security level, can a better network security defense system be formed? If all the security products on the terminal can allow users to centralize management in the cloud, will it make delivery easier and faster? Internet security company Sophos and China Computer News shared their latest product and technology development ideas - the Galileo plan. We may be able to find some answers.

1. Cloud delivery SMBs are the biggest beneficiaries of the cloud deployment approach as it matures, compared to large enterprises that spend more time on IT infrastructure migration to the cloud. For large enterprises that have hundreds of branches at a time, those time costs are spent on how to select the IT staff under the original structure, how to perform IT management in a new cloud environment, how to simply deploy new services, and how Allocating just-acquired cloud resources, etc., while the globalization of large companies, the situation is more complicated.

However, this does not mean that large enterprises will take longer to deploy technologies from the traditional deployment strategy to the cloud deployment, and more often because of the paralysis of the decision-making efficiency of large enterprises.

For the deployment of network security products, both small and medium-sized enterprises (SMEs) and large enterprises have started to use the cloud delivery method. This will not only relieve the burden of self-built platforms, but also provide the same scale, redundancy and reliability as traditional delivery methods. Sex, professional management, basic maintenance and other services.

"Small and medium-sized enterprises will have very large demand for cloud delivery. Because it is simple and convenient, it is very easy to manage and form reports. So we now have to implement all product lines that enable users to conduct centralized management in the cloud, regardless of network security products, Mobile phone control and UTM can all be managed through the cloud."

In the past, customers had to install anti-virus products or UTM products at an endpoint, as well as a management platform on the server side. Now, Sophos can relocate the management platform to the cloud, and then define and manage it according to the customer's needs. And regardless of whether the terminal used by the customer is a PC, a mobile phone or a tablet computer, centralized push of security products can be performed. “Even if it is a newly opened company, if it needs to open the day to install security products, we don’t need to do any deployment and we can push security products to their company’s equipment.”

For customers, the security products should not be differentiated according to the terminal products, but only need to implement the corresponding definition of different terminals in the same security product, and ensure that all security policies are consistent on different terminals. of.

2. Product integration Endpoint and network "community defense" is very effective in dealing with APT threats. In the traditional network security defense system, suppose a device in an enterprise endpoint is attacked by APT. It will not be detected for several months or even a year. Because the attack is not detected, the device still passes the network. Contact the outside world. In the new security system built by Sophos, because the endpoint and the network are interconnected, there is always data transmission, and the process of data coming and going is like the heartbeat of people.

When the APT probe tool on the network finds a suspicious device in the endpoint, it will report to the Sophos cloud platform first, and then turn to the “heartbeat” part to check the communication information between the endpoint and the network, so that it can find out which device is having problems. .

After locating the attacked device, the system automatically checks whether there are other devices that have been attacked. After the attacked device is located, it will be subject to system control and the data on the device will be automatically encrypted. The entire process will include endpoint protection, mobile terminal control, data encryption, network bundling, etc. All links are automatically run, and any problems can be automatically handled.