HUAWEI Secospace USG6600 series
Enterprise networks are evolving into next-generation networks that feature mobile broadband, big data, social networking, and cloud services. Yet, mobile applications, Web2.0, and social networks expose enterprise networks to the risks on the open Internet. Cybercriminals can easily penetrate a traditional firewall by spoofing or using Trojan horses, malware, or botnets.
HUAWEI Secospace USG6600 series is designed to address these challenges of Carrier, large- and medium-sized enterprises and next-generation data centers. It analyzes intranet service traffic from six dimensions, including application, content, time, user, attack, and location and then automatically generates security policies as suggestions to optimize the security management and provide high-performance application-layer protection for enterprise networks.
Granular Application Access Control
- Identifies the application-layer attacks and their application, content, time, user, and location information.
- Provides all-round visibility into service status, network environment, security postures, and user behaviors.
- Provides an analysis engine that integrates application identification and security functions, such as IPS, AV, and data leak prevention, to prevent application-based malicious code injections, network intrusions, and data interceptions.
- Provides an Intelligent Awareness Engine (IAE) capable of parallel processing with all security functions enabled after intelligent application identification.
- Improves application-layer protection efficiency and ensures the 10G+ performance with all security functions enabled.
Easy Security Management
- Classifies 6000+ applications into 5 categories and 33 subcategories and supports application access control based on the subcategories.
- Complies with the minimum permission control principle and automatically generates policy tuning suggestions based on network traffic and application risks.
- Analyzes the policy matching ratio and discovers redundant and invalid policies to remove policies and simplify policy management.
Prevention of Unknown Threats
- Provide samples of worldwide suspicious threats. The USG6600 series executes suspicious samples within the sandbox in the cloud to monitor the activities of the samples and identifies unknown threats.
- Automatically extracts threat signatures and rapidly synchronizes the signatures to the devices to defend against zero-day attacks.
- Prevent Advanced Persistent Threat (APT) attacks using a reputation system.
Source: Huawei Enterprise