百度智能云

百度智能云百度智能云

Intrusion Detection System

It is used to perform bypass intrusion detection in the cloud, quickly sense the security threat events, meet the audit requirements for Cybersecurity Classified Protection Compliance Service, and comprehensively monitor the security of cloud assets.
Intrusion Detection System

Overview

Based on the full flow image and big data processing technology, the IDS can analyze the flow log authorized by the user, via a bypass. Also, it can identify the web application attack quickly and profoundly mines the remote command execution, webshell backdoor and sensitive file leakage attacks against Web by hackers, and make the alarm accurately. Furthermore, it saves the original Web traffic log and audit report, meeting the audit requirements for Cybersecurity Classified Protection Compliance Service.

Features

Security Threat Detection
Security Threat Detection
Under the user authorization, IDS analyzes the bidirectional HTTP traffic log of user EIP in a real-time manner, and quickly identifies various common Web attacks, such as SQL injection, XSS cross-site scripting, webshell back door uploading and unauthorized access.
Successful Intrusion Alarm
Successful Intrusion Alarm
The IDS can intelligently determine the intrusion event based on the two-way HTTP traffic, and feed back the intrusion results. It quickly issues an alarm to users for the successful attack event, and records and stores the suspicious detection attacks, but does not trigger an alarm.
Original Log Storage
Original Log Storage
IDS can push the user's HTTP traffic log to the BUCKET of its object storage, meeting the requirements for Cybersecurity Classified Protection Compliance Service. The security analyst can also program the data analysis model based on his own business.
Hacker Intrusion Tracing
Hacker Intrusion Tracing
It entirely traces the whole process of hacker intrusion, provides the multi-dimensional associated report display based on the attack intrusion and the attacked assets, and reduces the reading cost of security operations personnel.

Advantages

Bidirectional Traffic, Precise Rules
Bidirectional Traffic, Precise Rules
Bidirectional Traffic, Precise Rules
Based on the precise rules accumulated through Baidu’s long-term security experience, it can recover the whole process of user access entirely, and bi-directionally analyze the HTTP request and response. Thus, it can detect intrusion accurately and reach an alarm accuracy of up to 99.5%.
Sandbox Technology
Sandbox Technology
Sandbox Technology
The sandbox technology is used for the identification of particular document behavior, and the PHP and JSP sandbox developed by Baidu are patented to detonate the file in the supported sandbox. The malicious attacks are identified through file behavior.
Self-identification of Network Assets
Self-identification of Network Assets
Self-identification of Network Assets
By analyzing the bidirectional data packets of all HTTP requests and responses, the IDS can learn the customer's network architecture and asset list. Furthermore, it can analyze whether there is any vulnerability information caused by improper operations configuration, such as a weak password of operations platform, and security threats caused by non-vulnerability
Analysis on Association of Intrusion Events
Analysis on Association of Intrusion Events
Analysis on Association of Intrusion Events
With the help of the context association detection engine, it can associate with the same attack behavior of same hacker and trace the whole process of hacker intrusion. Thus, it can significantly reduce the alarms and minimizes the trouble of security operations personnel.

Features

  • Security Situation Awareness

    Security Situation Awareness

    Users can comprehensively understand the cloud asset security, store the historical intrusion events, and avoid future attacks, ensuring the security of cloud data information.

  • Audit Requirements for Cybersecurity Classified Protection Compliance Service

    Audit Requirements for Cybersecurity Classified Protection Compliance Service

    It is explicitly specified in the regulations on information security level protection that intrusion prevention means be deployed at the network boundary to record and audit the security event information in the network.

  • Fast Block After Intrusion

    Fast Block After Intrusion

    After the user receive the alarm, the user should log in to the console to view the hacker intrusion process and the attacked assets, and locate the intrusion event, Then, the user can fix the vulnerability and quickly block the intrusion through the overall security solutions provided by Baidu AI Cloud, such as emergency response and WAF.

  • Locating Hackers and Providing Tracing Clues

    Locating Hackers and Providing Tracing Clues

    It cannot only identify the hacker intrusion behavior, but also trace the hacker intrusion link. Thus, it can see the whole process of hacker intrusion and achieve the automatic intrusion forensics.

Related Products

Web Application Firewall
Web Application Firewall

Due to its SQL injection defense and the back door upload defense, it can professionally protect against various Web vulnerability attacks.

Anti-DDoS Service
Anti-DDoS Service

The service is paid for the attack peak on a daily basis, and used to comprehensively defend against various DDoS attacks with super heavy traffic.

Security Risk Detection
Security Risk Detection

It detects various common Web vulnerabilities, and improves business security and stability.

未登录
需要实名认证
去实名认证