At HUAWEI CONNECT 2021, Huawei released HiSec 3.0, a security solution that features intelligent analysis, dynamic detection, global defense, and endogenous trustworthiness. Driven by a “construct forwards, check backwards” approach, this feature-rich solution safeguards digital transformation across various industries. Customers from the government and transportation industries were invited to share their experiences regarding security construction projects powered by HiSec 3.0, witnessing a fresh-new upgrade of HiSec 3.0.
The cloud- and network-centric ICT infrastructure underlies digital transformation. Security is key to solid ICT infrastructure and serves as the foundation to the entire intelligent cloud network. However, we are facing many challenges when constructing infrastructure for cyber security:
- Security planning and construction typically lag behind, focusing on security compliance but lacking effectiveness.
- Security and trustworthiness are still in the initial stage, and the construction behind trustworthiness is still only a concept.
- Mismatch between attack and defense is getting increasingly worse. Attacks are more rampant and security defenses more vulnerable.
Ma Ye, President of Huawei Security Product Domain, said: “To build trusted networks for the future, cyber security construction should follow the ‘construct forwards, check backwards’ approach. ‘Construct forwards’ covers trustworthiness of infrastructure, network, and identity, whereas ‘check backwards’ includes all-domain surveillance, intelligent defense, and integrated security. Huawei’s newly released security solution, HiSec 3.0, is a comprehensive implementation of this approach. It features intelligent analysis, dynamic detection, global defense, and endogenous trustworthiness, offering customers accurate, fast, and stable security defense as well as resilient, secure networks.”
Accurate Intelligent Analysis: Exclusive Cloud-Based Federated Learning and Threat Detection Model Self-Evolution, Achieving a Threat Detection Rate of over 96%
Cloud, local, and edge intelligence are combined to achieve self-production of threat samples and self-evolution of intelligent models. By leveraging billions of request events, tens of millions of attack events, and millions of malicious samples extracted from the cloud every day, the intelligent detection model is trained automatically, extracting malicious signatures for high-performance and accurate detection.
Fast Dynamic Detection: Intelligent Graph-Based Correlation Analysis and Real-Time Update of Network Security Codes, Enabling Fast Threat Detection
The cyber security situation keeps changing. However, static defense can only be a “Maginot Line”. By dynamically detecting and analyzing information about endpoints, users, traffic, and applications, Huawei evaluates the security of a network in real time based on over 100,000 device signatures, over 10 authentication methods, and over 96% threat detection rate, higher than the industry average.
Global Defense: Cloud-Network-Security Collaboration and Near-Source Threat Blocking for Threat Handling in Seconds
Only by considering cloud, network, and security together can we automate and add intelligence to the solution. Thanks to advantages in cloud, network, and security, Huawei integrates cloud, network, and security through unified orchestration and service linkage, allowing for near-source threat blocking and second-level threat handling. Ultimately, it prevents threats from expanding.
Resilient Endogenous Trustworthiness: Building a Resilient Security Architecture based on Trustworthiness of Devices, Networks, and Connections
Huawei has built a three-level endogenous trustworthiness security architecture, including device trustworthiness, network trustworthiness, and connection trustworthiness, to ensure secure, trustworthy core technologies, key components, basic protocols, and system architecture. This architecture is able to meet the end-to-end network security requirements of various industries.
- Device trustworthiness enhances the endogenous security of devices by centering on supply trustworthiness, hardware trustworthiness, software trustworthiness, and secure booting.
- Network trustworthiness builds network resilience by focusing on protocol trustworthiness, networking trustworthiness, and proactive defense.
- Connection trustworthiness guarantees secure connectivity based on device reputation, identity reputation, and application reputation.
In addition to the preceding features, HiSec 3.0 consolidates IPv6 capabilities by building a comprehensive defense system that features in-depth defense, service orchestration, and global surveillance at the network layer, management and control layer, and analysis layer. It also supports SRv6-based integrated cloud-network-security orchestration. All these guarantee future-proof network construction to support the continuous evolution of cyber security into the future.
Ms. Liu Bei, Director of the Information and Cyber Security Department of the State Information Center, shared her experience and achievements about security assurance for digital governments: “As the technical architectures, service forms, and objects that we must protect keep changing, cyber security assurance for digital governments should be transformed into dynamic, proactive, in-depth, precise, and joint defense and control. With network security surveillance as the core, we should provide 24/7 dynamic cyber security assurance for all domains and services. Currently, the State Information Center, Huawei and other leading partners, have started to deliver 24/7 all-domain security operation services for governments at all levels across China, promoting the development of security surveillance locally.”
Lin Qinkang, Deputy General Manager of Shenzhen Airport Digital Management Center, said: “Since 2020, Shenzhen Airport has worked together with Huawei to establish an overall information security plan through all-round service research and analysis of access logic. This plan focuses on ‘one platform + three systems’, in which the information security management platform is regarded as the core, and the information security management, technology, and O&M systems are auxiliary. By using Huawei’s HiSec security solution, we have developed a four-step construction approach to gradually realize intelligent, dynamic, and integrated security.”
When interpreting the concept and technical architecture innovation of HiSec 3.0, Wang Yuchen, chief architect of Huawei security solutions, said: “HiSec 3.0 has evolved from threat defense to deterministic assurance for services. By capitalizing on fundamental technologies such as endogenous trustworthiness, threat detection and analysis algorithms, automated management, and risk assessment, HiSec 3.0 helps build a resilient technical architecture from three dimensions: endogenous system security, threat defense, and operation management process, safeguarding system security bottom lines.”
Since its release, HiSec security solution has served a broad set of global customers in industries and sectors such as enterprise, government, finance, energy, transportation, education, and healthcare. In the future, Huawei will continue to increase efforts in fundamental security technologies, work with competitive ecosystem partners to provide security assurance for digitalization, and promote the development of digital and cyber security.
Huawei hosts HUAWEI CONNECT 2021 online from September 23 to October 31. The theme of this year’s event is Dive into Digital. We’re going to dive deep into the practical application of technologies like cloud, AI, and 5G in all industries, and how they can make organizations of all shapes and sizes more efficient, more versatile, and ultimately more resilient as we move towards economic recovery.