As enterprises are transitioning to the cloud, traditional security products have gradually become outdated. New security models that can handle security threats during cloud migrations are replacing passive protection products that have fixed boundaries. Based on the SDP (software-defined perimeter) and zero-trust security concepts, BaishanCloud builds an edge-cloud security acceleration product — Security Acceleration SDK — to tackle security issues in the client, mobile, and IoT scenarios.
1. Zero Trust & Incognito Security
Most of the traditional cloud security products are based on DNS (domain name resolution) to help the origin infrastructure defend when there’s an attack, and it also controls all Internet traffic. This is, in essence, a passive defense model that tests the defender’s resource capabilities. It may likely cause a long resolution time, vulnerability to hijacking, and secure PoPs exposure.
Unlike the traditional concept, the core idea of the Security AccelerationSDK is that it does not trust anyone or anything by default. It only opens a private 1:1“access tunnel” between authenticated users and origin— making the protected target invisible. By integrating cloud elastic protection resources with network and terminal equipment, Security Acceleration SDK effectively protects, manages, and controls the entire network.
- Terminal trusted detection
After embedding the Security Acceleration SDK in the terminals, operators can accurately assess each terminal’s operating environment, such as virtual machine, emulator, etc. On top of that, it can also comprehensively evaluate each terminal’s reputation level through application risk monitoring to avoid dynamic injection, debugging, tempering, and so forth. It provides multi-dimensional reference data for intelligent routing and credibility identification.
- Cloud Security Control
On the cloud security control module, users are able to customize access control rules and send them to the elastic proxy PoPs in real-time. The module provides multi-factor identity authentication for enterprise applications and optimizes authority management and control for terminals. It effectively solves the problems in traditional security products such as low effectiveness, lack of control, and shared firewall policies between cloud tenants.
- Cloud AI
The AI divides terminals into different security reputation levels using secure proxy logs and terminal risk monitoring data. To separate illegal access from regular traffic, it then isolates and schedules terminals into independent networks based on varying reputation level. AI also uses other factors to quickly locate risky devices, significantly improving attack source tracing rate.
The Security Acceleration SDK creates a secure environment by intelligently assigning different secure PoPs to each credible device and isolating resources based on their risk levels. Each terminal and the cloud security agent exchange data through a private and secure tunnel. With innovative TCP Message Authentication and Verification technology, different terminals use different private keys, protecting network security from cracking. All external attack threats are blocked, and a zero-trust network is formed through the cooperation between the terminal and the cloud.
2. Application Scenarios
With the zero-trust concept, BaishanCloud builds an active, intelligent, and multi-tier security defense system to solve various security problems in online businesses. The system breaks the traditional passive defense concept by integrating an innovative edge-cloud architecture, years of research on attack techniques, and practical experience.
- DDoS Confrontation
The 3-tiered DDoS confrontation model transfers the traditional defense model to multi-dimensional software with the elastic resource pool. The first tier of the model — local resource hiding — prevents local cracking and packet capture, protecting target IP/domain. The second tier — intelligent risk control — isolates high-risk resources; dynamically redirects and identifies attackers. The third tier — the high-defense resource pool — directs confrontation with abundant resources reserve at the edge.
- Bot automated defense
Automatically eliminates all unauthenticated traffic by implementing risk identification. Cloud Shield-Bot Management can tackle security issues such as malicious registration, credential stuffing, CC attacks, and so forth.
- Intrusion prevention
Hides the real host IP to further protect the origin from collapsing so that hackers cannot initiate scanning and targeted intrusion on the Internet.
- Link security
Assigns unique authentication to each device and network connection to ensure data transmission is secure. Hackers cannot obtain business data by capturing packets or make any tempering.
- App anti-tampering:
Assigns a unique identified fingerprint to each file on the application and replaces any file that will cause operation failure to prevent malicious cracking such as advertising virus implantation, APK tampering, and phishing.
It can dynamically resist plug-ins like debugging, injection or device tampering through the device risk identification function.
- Alternative DNS
SDK intelligent risk control scheduling replaces DNS so that it can avoid DNS attacks and hijacking.
- Security compliance
It meets the China Cybersecurity Law requirement — Multi-level Protection of Information Security Scheme (MLPS) 2.0 communication transmission to help prevent intrusion.
With the incoming 5G era, innovative security products based on SDP and zero-trust security concepts are more likely to become the cornerstone of global network security solutions. The Security Acceleration SDK focuses heavily on private connections, intelligent network routing, and cloud security control. Unlike the traditional passive defense model, it actively deploys and distributes protection resources. It has now been widely used in various industries like gaming, e-commerce, medical, education, etc., providing secure connections to customers and end-users.
BaishanCloud is the world’s leading edge-cloud platform service provider offering neutral infrastructure, cloud-native security, developer services, and other products and services. Serving 1,000+ customers globally, Baishan is committed to providing comprehensive solutions for global Internet, government, enterprise, and corporate customers. Baishan’s network covers 6 continents with 600+ PoPs worldwide.