Recently, the national finals of the first "IPv6 Technology Application Innovation Contest" came to a successful conclusion. After layers of selection and fierce competition, Tencent's entry project "Tencent Sky Screen Security Computing Algorithm PaaS in the IPv6+ Era" relies on bypass deployment, high blocking rate, real-time monitoring and processing of massive traffic, real-time processing and analysis of big data, linkage and opening, etc. Core advantages, stand out from more than 1,500 projects, with excellent results, won the National Excellence Award and the third prize in Beijing competition area.
IPv6 traffic continues to grow, security protection is urgent
The first "IPv6 Technology Application Innovation Competition" was guided by the Ministry of Industry and Information Technology, the Cyberspace Administration of China, and the Ministry of Education, and hosted by China Academy of Information and Communications Technology and local governments. With the theme of "Extreme Innovation, Intelligent Connection of Everything", the competition aims to promote the application innovation of IPv6, promote the cultivation of talents, and prosper the industrial ecology.
IPv6 is an important part of the construction of a network power and a digital China. At present, the endogenous driving force for the development of IPv6 in my country continues to increase, and the industrial ecology is becoming more and more perfect. But as IPv6 traffic continues to grow, new security risks follow. Traditional security analysis and security operation models are mainly based on the combination of rule-based automated processes and manual analysis and judgment. On the one hand, this method is not efficient, and on the other hand, the analysis results are severely limited by the skills and levels of analysts. The security industry generally lacks professional security analysts. This makes it difficult for enterprises to identify high-value security alarms without false alarms and high risks from a large number of security incidents of IPv6 network attacks, and it is difficult to respond and deal with security incidents in a timely manner.
Not only that, but in the IPv6 era, the pool of IP resources available to attackers expands infinitely. Attack-defense confrontation is essentially a confrontation of resources, especially a confrontation of IP resources. Traditional defense measures based on IP addresses, such as limited access frequency, black/white list, abnormal behavior identification, and threat intelligence and other simple security strategies, can no longer meet the protection needs in the IPv6 era, and the defense technology needs to be changed urgently.
Therefore, under the new situation, IPv6 network offensive and defensive confrontation needs to build a "closed-loop capability" for the IPv6 security life cycle, and improve the "response efficiency" of massive IPv6 network attacks.
Tencent Tianmu computing power algorithm PaaS platform helps build an IPv6 security protection system
To address IPv6 network security operation challenges and technological innovation needs, Tencent relies on its own security operation experience in digital services such as the Internet and cloud computing, as well as its technical advantages in big data processing and AI analysis, and has built Tencent The PaaS platform of Tianmu security computing power algorithm, Tencent Security NDR (Network Threat and Response), realizes in-depth security monitoring and continuous security analysis of IPv6 networks, equipment, and business environments, and combines security detection and perception of the open Internet world to build A continuous iterative security response mechanism that integrates threat defense, detection, response traceability, and risk prevention has been established to effectively deal with the challenges of new threats in new situations.
Tencent Tianmu Security Computing Algorithm PaaS utilizes the experience in traffic characteristic analysis and precise network threat control, based on massive traffic data analysis, abandons the traditional mode of defending against malicious traffic by limiting access frequency and adding IP blacklists, and tries to use real-time and accurate Identify IP malicious behavior, establish a defense mechanism, and successfully develop a solution that can automatically block the request initiated by the second dial service in real time.
Tencent Tianmu Security Computing Algorithm PaaS is a defense system at the network boundary (blocking IP access). Through the bypass deployment method, it can block the 4th layer of the network session in real time without change or intrusion, and the success rate of threat blocking can reach 99.99%. , and provides a blocking API, which is convenient for other security detection products to call; it has millisecond-level real-time processing and analysis capabilities for big data, and realizes real-time management and control of millisecond-level processing of network bidirectional traffic; covering a variety of security business scenarios, the network intrusion prevention system provides Security alarms, large visualized screens and other functions help customers solve issues such as security compliance, log audit, administrative supervision, and cloud platform management and control, effectively supporting cloud security.
Tencent Canopy strongly supports the border security of Tencent's full-line business, covering Tencent's multiple business lines, IDC computer room, and centrally defending Tencent's full-line business without affecting business stability; ensuring the security of the mirror cluster with the largest processing traffic in China, with every It has the computing power to process 15Tbps two-way traffic per second, 2.2 billion PPS messages per machine, and daily incremental logs of 100TB; at the same time, the visualized policy model operation and maintenance platform provides an artifact of efficient operation for security operation managers.
At present, Tencent Tianmu has successfully helped benchmark customers in industries such as finance, energy, radio and television media, aviation, government, and government affairs to realize automated security operations in scenarios such as offensive and defensive drills, edge computing, and security compliance.
With the transition of the entire Internet ecosystem to IPv6, every 10% increase in the deployment index of IPv6 will boost the GDP growth by about 0.4%. By 2030, according to the chain prediction of "output value -> budget -> total IT investment -> security investment -> network security investment", the potential security demand brought by Miaodial IP is expected to reach tens of billions. At that time, it will become more difficult to prevent second-dial-type dial-test attacks based on IPv6 addresses. Tencent Tianmu will continue to innovate and upgrade product capabilities to help build an IPv6 security protection system.