/ Asahi/Guangzhou, January 16, 2022 -- On January 12, at the online release conference of StoneOS 5.5R9, the security prevention and control system of the digital world, StoneOS released the firewall software version 5.5R9, comprehensive upgrade with nearly 300 functions and features, enabling sustainable and safe operation of enterprises.
Network virus spreads fast, latent deep, great harm. Guard network security, like fighting virus biology, its idea and means are similar, also want to "outside to prevent input, inside to prevent rebound".
Mountain stone network division to protect the security of the digital world as its own duty, in-depth analysis of today's world network security situation, relying on StoneOS 5.5R9 "both internal and external repair, smart and agile" characteristics, put forward the concept of digital world security prevention and control system:
• Adhere to the external boundary, protect the first line of defense of enterprise network through IP portrait, boundary traffic filtering, and fine intelligent strategy control;
• Internal fine-farming authorization, improve terminal state detection ability, launch millions of precise edge strategies, supplemented by strategy lifecycle management, and continue to carry out lean authorization;
• Optimize cloud operation capabilities, coordinate security atomic capabilities, and further protect enterprise network security with normalized protection systems.
There are many challenges in the digital world
The constant threat of cyber viruses to the digital world is challenging the prevention and control of cyber security. Jiang Dongyi, Senior Vice President and Chief Strategy Officer (CSO), concluded at the press conference that the digital world is facing multiple challenges:
• The boundary of the connection matrix tends to be fuzzy and changeable, which challenges the effectiveness of the traditional security prevention and control framework;
• The advent of the era of fast, wide and ruthless universal attack is challenging the traditional detection techniques based on feature matching;
• The current situation of diverse, massive, complex and long retention period of organizational data is challenging the past fragmented and simple data security protection;
• The reachable nature of the speed of light in cyberspace exacerbates the dilemma of resource equivalence between the two sides.
In this regard, the new methodology to cope with the new challenges in the digital world proposed by Shanshi Network Department is based on the global threat intelligence ecology, enabling the organization to build three "security", and practicing sustainable security operation:
• First, establish a zero-trust security prevention and control framework based on dynamic minimum authorization strategy with identity as the core;
• Second, multi-dimensional detection, precise analysis, joint response and intelligence empowerment to build an intelligent threat governance framework under the new situation;
• Third, from one dimension to multiple dimensions, build an elastic, scalable, business-adaptive data lifecycle security governance framework;
Similarly, in order to deal with the dilemma of unequal resources on both sides of the attack and defense, Shanshi Network Department proposed to build a global threat intelligence ecology, make threat intelligence timely accessible, and enable sustainable security operation system. Global threat intelligence ecology + government and enterprise organizations triple "security", which is also a further extension of last year's "sustainable security operation technology concept" connotation
Step on the trend,StoneOS 5.5R9 official release
Let the digital world security to achieve joint prevention and control, the implementation of the organization of the triple framework construction and timely access to threat intelligence,StoneOS 5.5R9 accumulated strength, step on the trend.
This upgrade is StoneOS 5.5R9, from the four perspectives of prediction and discovery, defense and control, detection and analysis, response and management, through the intelligence enabling and overall operation and maintenance of the cloud operation center, access link discovery of policy assistant, rapid IP classification and blocking of border traffic filtering, precise edge policy control of users and applications, and terminal detection for multiple authentication of identity and terminal status , policy configuration audit for policy life cycle management, intelligent DGA accurate identification of Intranet zombie hosts, and intelligent source situational awareness cloud-end joint prevention and control, really implement the external network boundary, internal access authorization. Building a digital world security prevention and control system with the concept of both internal and external maintenance.
In the interview "protect security, after three moves" link, Huang Mingxiang, director of security services division of Mountain stone network Division, said to StoneOS 5.5R9 version "We met very late", and mentioned in the normal attack and defense drills, reassurance events, customers faced with IP address blocking, differentiated domain management, firewall replacement and other scenarios, to which Zhang Jianwei, senior product manager of the border security business group of Shanshi Network Science, gave the answer:
The firewall supports boundary traffic filtering to map IP addresses. Before implementing the policy matching function, the firewall quickly locates risky IP addresses and blocks malicious traffic or records the day of malicious traffic, effectively reducing the processing pressure on the device. At the same time, the IP list of border traffic filtering supports batch import, standard interface call, IP reputation database synchronization from Shishiyun, third-party FTP/TFTP server synchronization and other ways to achieve real-time online update, reduce operation and maintenance pressure, rapid response boundary protection;
At the same time,StoneOS includes the Policy assistant function, which can assist users to dynamically discover internal and external access links in the network, and quickly generate matching policies based on the discovered links. For example, when a new firewall is added to the Intranet or an old firewall is replaced, you can enable the Policy Assistant function to view the quintuple of all traffic matching a policy on the wall, helping users accurately identify the traffic to be authorized by the policy.
In addition, the firewall supports redundancy detection of policy rules, which can flexibly aggregate and delete unnecessary policies. It also supports mainstream policy hit analysis. StoneOS 5.5R9 also supports the policy configuration audit function, which can realize lean configuration based on policy life management. When policy rules are configured and modified, the change time and content are recorded, and any two versions in the policy lifecycle can be selected for configuration comparison. Combined with strategy hit analysis, it is easy to identify the necessity of historical strategy.
StoneOS 5.5R9, which incorporates nearly 300 features. For example, it supports VPN configuration wizard, threat detection content filtering supports encryption protocol, module decoupling such as Logd and webauth, software architecture micro-service, provides version online hot upgrade function, and supports local import and export of NAT rules. It aims to create a secure operating system that is easier to use, more efficient, and less worried.
Both inside and outside repair, the ultimate guardian. As the leading manufacturer of technology innovation in China's network security industry, Shanshi network technology in-depth development, constantly improve the firewall product performance, reliability, scalability at the same time, constantly enhance the security protection ability, expand the firewall security protection boundary, for your "sustainable security operation" constantly enabling, Shanshi network for your security to do our best!
