The Traffic Security Monitoring module is an Apsara Stack Security service that can detect attacks within milliseconds. By performing in-depth analysis on the traffic packets mirrored by the Apsara Stack network ingress, this module can detect various attacks and unusual activities in real time and coordinate with other protection modules to implement defenses. The Traffic Security Monitoring module provides a wealth of information and basic data support for the entire Apsara Stack Security defense system. Flou BSS/CMP will provide this 'traffic security monitoring' as a product in Flou.

• Flow statistical analysis:

Through the way of flow mirroring, the bypass makes statistics on the flow in and out of the interconnection switch (ISW) and generates a flow graph.

• Malicious host identification:

Detect the attacks launched by malicious hosts inside the VPC, and find the internal cloud servers that have been controlled.

• Abnormal flow detection:

Through the flow mirroring mode, the bypass detects the abnormal flow that exceeds the threshold.

• Web application attack protection:

According to the default web application attack detection rules, bypass blocking technology is used to intercept common web application attacks at the network layer.

• Complete output of security capabilities of top Internet enterprises

Group has accumulated a lot of intelligence capabilities in the process of fighting against hacker attacks, timely discovering popular Internet attacks and 0-day attack means, and providing users with complete security capabilities.

• Study and judge in advance and predict the risk outbreak:

Be able to analyze major vulnerabilities and major security incidents and respond in time to avoid the outbreak of security problems.

• Security big data modeling and analysis:

Through big data modeling and analysis, the security threats of the whole network are found and the security situation is fully displayed. The model contains more than 30 algorithm models, combining historical data, network data and host data to achieve real situational awareness.

• Elastic expansion, decoupling with hardware:

Hardware decoupling: it adopts cloud architecture design, and all functional modules are based on the general x86 hardware platform, which is independent of hardware.

• Elastic capacity expansion:

When the performance is insufficient, there is no need to transform the network structure, and the number of hardware can be directly and smoothly expanded.

• Systematic construction and joint detection response:

It provides complete network, host, application, data and identity protection capabilities, and all protection components realize linkage response and intelligence sharing through automated operation.

• Compatible with all IDC environments and decoupled from cloud platforms:

Adopt the architecture of "network exit detection + server operating system linkage"; Use data analysis to find security threats. Through this architecture and method, it avoids the complex network structure inside IDC and is fully compatible with all IDC environments.