The rise of Internet services brings about new models and opportunities, and makes operation convenient and real-time. The Internet brings opportunities to users in the financial sector, but also related security risks. For example, DDoS attacks, advanced sustainability threats, cyber espionage, Web attacks, targeted attacks and enterprise network downtime events emerge one after another. Therefore, it has become one of key tasks for information security departments to ensure secure, reliable and efficient operation of network and application systems.
The key for information security of Internet business is to prevent all kinds of security threats and malicious attacks from the Internet. Hardware firewalls must be deployed between zones to implement access control and isolation protection for Internet business and intranet. Based on in-depth analysis of security threats faced by the Internet business, the final solution provides front-end Anti-DDoS defense, in-depth security protection for the application layer as well as security and fire control between Internet business areas, thus building a dedicated security protection framework for customers.
Architecture conforming to security specifications: The Internet is divided into boundary, DMZ and inside zone, to set different levels of security for different zones.
Flexible deployment of devices: device interconnection, configuration and operation workload simplified in the network zone.
Optimal defense: all-round DiD system, to guarantee the continuity of online banking business, and various "telecom-level" reliability technologies to ensure stable operation of devices.
APT threatens the data security of an enterprise. Compared with other attacks, APT is more advanced. For example, it is required to accurately collect the business process and target systems of the object to be attacked before launching an APT. In this collection process, the attack actively explores the vulnerabilities of the attacked object's trusted systems and applications, use these vulnerabilities to build a network needed by the attacker, and launch attack by use of 0day vulnerabilities.
A considerable number of applications, Web sites and services hosted on the Web may be damaged by hackers who intend to launch certain attacks. To put it simply, although "attack reasons are not obvious", people always try to destroy, attack, utilize, modify, steal or otherwise interfere with enterprises, sites and applications.
When enterprise network traffic is encrypted, it is profitable to encrypt their criminal activities from the perspective of criminals - IT administrators are more difficult to distinguish between good and bad traffic if it is so encrypted. Malware families are also increasingly using SSL to encrypt communications between victim terminals and C2 systems, to hide instructions, loads and other information to be sent. Compared with the same period of last year, attack loads sent through encrypted links doubled in the first half of 2020.
Flexible and scalable deployment: Flexible deployment of Internet outlet DDoS protection devices. They can be deployed in the form of transparent bridge. NGFW is used to replace the original traditional Sitron firewall, and WAF is deployed in the form of transparent bridge. All devices can be deployed without having to change existing network architecture
Full-fledged network and application security protection mechanism: Compared with traditional Layer 2 to 4 security protection, it is a complement to Layer 4 to 7 security protection. It can identify malicious codes or attack behaviors even in encrypted traffic.
Protect the sustainability of online business: ECCOM's solutions enable flexible, scalable application delivery.