Next Generation Firewall
Next Generation Firewall is an innovative product that can comprehensively respond to both traditional and advanced cyber threats. With high capabilities of control and threat protection, it can identify over 3,000 types of network applications and information and against over 5 million popular viruses, 5,000 exploit attacks and 1,000 spyware behaviours which can be widely applied for achieving network security domain isolation, refined access control, efficient threat protection and sophisticated threat detection within enterprises and organizations. With the integration of innovative security technologies such as threat intelligence, big data analysis and security visualization as well as intelligent collaboration between the Network Threat Perception Center (NTPC), Security Management Analysis Center (SMAC) and the endpoint security management system, it helps users configure a new generation of data-driven threat defense platform.
1. Data-driven security innovation
2. Efficient and reliable system architecture
3. Panoramic platform management
1. Sophisticated application control
2. High-performance threat protection
3. Intelligent collaborative defense
4. Invasion detection and settlement
5. Visual correlation analysis
Next Generation Firewall can be applied in different scenarios including internet gate security protection, private boundary protection, data center network boundary protection and intranet invaded host detection.
1. Internet gate security protection
Through sophisticated internet control, access to risky and illegal internet resources will be blocked. Also, it can conduct in-depth inspections on internet traffic to stop the implanation of viruses, bot and Trojan horses, and issue real-time warning for local suspicious invaded hosts based on the threat intelligence of Tianyu Cloud, an exclusive cloud security subscription platform for intelligent firewalls.
2. Private network boundary protection
On the basis of integrated threat protection, it provides real-time blocking of network attacks initiated by sites to achieve private network security isolation. The appropriate use of private network link resources and the quality of service delivery can be ensured via application control and bandwidth management. The SMAC system can also be applied to construct a unified management, monitoring and threat warning platform across the entire network.
3. Private network boundary protection
It deeply integrates IPS functions and blocks attacks targeted on loopholes of business systems and applications in network boundaries. Having a two-way detection on spyware implantation and signal channels, it can timely stop malicious behaviours. Base on the virtual system (VSYS) division, needs of multi-tenancy and multi-business isolation of data center can be met. Also, it involves in intelligent collaboration with external security facilities, detecting and early-warning advanced threat activities that have bypassed protections.
4. Intranet invaded host detection
When “Bypass mode” is deployed, it can quickly respond in terms of detecting invaded device with threat intelligence, then centralize data display and correlation analysis, and log aggregation for efficient analysis and review of threat activities.