Based on the full flow image and big data processing technology, the IDS can analyze the flow log authorized by the user, via a bypass. Also, it can identify the web application attack quickly and profoundly mines the remote command execution, webshell backdoor and sensitive file leakage attacks against Web by hackers, and make the alarm accurately. Furthermore, it saves the original Web traffic log and audit report, meeting the audit requirements for Cybersecurity Classified Protection Compliance Service.
Under the user authorization, IDS analyzes the bidirectional HTTP traffic log of user EIP in a real-time manner, and quickly identifies various common Web attacks, such as SQL injection, XSS cross-site scripting, webshell back door uploading and unauthorized access.
The IDS can intelligently determine the intrusion event based on the two-way HTTP traffic, and feed back the intrusion results. It quickly issues an alarm to users for the successful attack event, and records and stores the suspicious detection attacks, but does not trigger an alarm.
IDS can push the user's HTTP traffic log to the BUCKET of its object storage, meeting the requirements for Cybersecurity Classified Protection Compliance Service. The security analyst can also program the data analysis model based on his own business.
It entirely traces the whole process of hacker intrusion, provides the multi-dimensional associated report display based on the attack intrusion and the attacked assets, and reduces the reading cost of security operations personnel.
Based on the precise rules accumulated through Baidu’s long-term security experience, it can recover the whole process of user access entirely, and bi-directionally analyze the HTTP request and response. Thus, it can detect intrusion accurately and reach an alarm accuracy of up to 99.5%.
Users can comprehensively understand the cloud asset security, store the historical intrusion events, and avoid future attacks, ensuring the security of cloud data information.
It is explicitly specified in the regulations on information security level protection that intrusion prevention means be deployed at the network boundary to record and audit the security event information in the network.
After the user receive the alarm, the user should log in to the console to view the hacker intrusion process and the attacked assets, and locate the intrusion event, Then, the user can fix the vulnerability and quickly block the intrusion through the overall security solutions provided by Baidu AI Cloud, such as emergency response and WAF.
It cannot only identify the hacker intrusion behavior, but also trace the hacker intrusion link. Thus, it can see the whole process of hacker intrusion and achieve the automatic intrusion forensics.
Due to its SQL injection defense and the back door upload defense, it can professionally protect against various Web vulnerability attacks.
The service is paid for the attack peak on a daily basis, and used to comprehensively defend against various DDoS attacks with super heavy traffic.
It detects various common Web vulnerabilities, and improves business security and stability.