Based on the full flow image and big data processing technology, the IDS can analyze the flow log authorized by the user, via a bypass. Also, it can identify the web application attack quickly and profoundly mines the remote command execution, webshell backdoor and sensitive file leakage attacks against Web by hackers, and make the alarm accurately. Furthermore, it saves the original Web traffic log and audit report, meeting the audit requirements for Cybersecurity Classified Protection Compliance Service.
Under the user authorization, IDS analyzes the bidirectional HTTP traffic log of user EIP in a real-time manner, and quickly identifies various common Web attacks, such as SQL injection, XSS cross-site scripting, webshell back door uploading and unauthorized access.
The IDS can intelligently determine the intrusion event based on the two-way HTTP traffic, and feed back the intrusion results. It quickly issues an alarm to users for the successful attack event, and records and stores the suspicious detection attacks, but does not trigger an alarm.
IDS can push the user's HTTP traffic log to the BUCKET of its object storage, meeting the requirements for Cybersecurity Classified Protection Compliance Service. The security analyst can also program the data analysis model based on his own business.
It entirely traces the whole process of hacker intrusion, provides the multi-dimensional associated report display based on the attack intrusion and the attacked assets, and reduces the reading cost of security operations personnel.
Based on the precise rules accumulated through Baidu’s long-term security experience, it can recover the whole process of user access entirely, and bi-directionally analyze the HTTP request and response. Thus, it can detect intrusion accurately and reach an alarm accuracy of up to 99.5%.
The sandbox technology is used for the identification of particular document behavior, and the PHP and JSP sandbox developed by Baidu are patented to detonate the file in the supported sandbox. The malicious attacks are identified through file behavior.
By analyzing the bidirectional data packets of all HTTP requests and responses, the IDS can learn the customer's network architecture and asset list. Furthermore, it can analyze whether there is any vulnerability information caused by improper operations configuration, such as a weak password of operations platform, and security threats caused by non-vulnerability
With the help of the context association detection engine, it can associate with the same attack behavior of same hacker and trace the whole process of hacker intrusion. Thus, it can significantly reduce the alarms and minimizes the trouble of security operations personnel.
Security Situation Awareness
Audit Requirements for Cybersecurity Classified Protection Compliance Service
It is explicitly specified in the regulations on information security level protection that intrusion prevention means be deployed at the network boundary to record and audit the security event information in the network.
Fast Block After Intrusion
After the user receive the alarm, the user should log in to the console to view the hacker intrusion process and the attacked assets, and locate the intrusion event, Then, the user can fix the vulnerability and quickly block the intrusion through the overall security solutions provided by Baidu AI Cloud, such as emergency response and WAF.
Locating Hackers and Providing Tracing Clues
Due to its SQL injection defense and the back door upload defense, it can professionally protect against various Web vulnerability attacks.
The service is paid for the attack peak on a daily basis, and used to comprehensively defend against various DDoS attacks with super heavy traffic.
It detects various common Web vulnerabilities, and improves business security and stability.