Build new security Architecture Foundation and establish new network order

How to create a "clean" network environment, not only in the use of how powerful security equipment, that is only a symptom and not the root causes, the right approach should be to create a new security infrastructure to build a new network order.

Recognize the "standard" and "This" of network security

Three storage products in the media interview, the president was asked a security question: "Many manufacturers say they have built the wall from the palace to the stage, progress to the emperor with the stage of the Imperial Guards, please ask Hua three to which stage." He replied, "In fact, the wall (presumably the border protection of the FW) and the inner Guard (estimated to be the depth of IPs) belong to one level, all belong to the level of palliative care; Qin Shihuang's fierce, with tens of thousands of people to protect him, the result is still a big hammer whirl over him; now do security should consider how to cure the root causes, should think about how Like the Tang Dynasty to do Night, the people have order and satisfaction, security and natural protection. ”

To do the safety of the same as sanitation, to want to clean, must be from thousands of terminals grabbed. Ordinary, Bodhisattva fear, not that there is a DDoS attack, we will be dedicated to protect against DDoS attacks equipment, virus spread, we will be dedicated to kill virus equipment ... Because not to remove, but only to prevent the fruit, is the symptom is not the root cause.

What is this? This is the network connected to each computer terminal "Anarchy" state, this is the user of each computer to use the computer behavior without supervision of the status quo. Network, whether it is a corporate network or campus network, most of the non-real name, everyone in the inside want to do what to do! So play games, chat, download movies, fry stocks, watch the news ... Is the lack of learning and work. Excessive freedom brings about inevitable depravity, a country without order, we can imagine what it looks like, there is no order in the country, there is no order, no security.

What's The Cure? Each computer must be entered into the network is the real name, must let each computer into the network before the system patch and upgrade to the latest virus library, must make each computer after entering the network behavior is regulated. Some people say, this will not be too strict? In fact, this kind of strict is established in the enterprise, the Government, the school and so on each profession's industry order, first has the profession order, only then the industry network order. Every government official should understand: not to go to work in the stock industry, every employee should understand: Working can not play games, every student should understand: Learn not to waste time downloading pirated DVDs. Want to be full of freedom, go home to freedom.

So if someone asks me what my favorite product is, I'll tell him: EAD (Endpoint access control). This product, changed the network "dark", let the Network "real name" and "Transparent", the establishment of the network order. You want to access the network, I can force you to patch, upgrade virus library, I can force check black and white software, I can audit everyone's behavior. When users in front of each computer understand that they are responsible for their actions, everyone knows what to do without the rules of red tape, because when every Chinese goes to primary school, the teacher teaches everyone: what can be done and what cannot be done.

In the absence of regulation, the vast majority of people will: do what they want to do. Enterprises, Governments and schools all need order and discipline. Napoleon, who had thought of Britain's greatness, said: "Britain is strong not because of democracy and freedom, but because Britain is more disciplined than the French." The country's democracy and freedom derive from the prosperity resulting from order and discipline, and the strength of business stems from order and discipline becoming habits and cultures.

The benefits of building a new security architecture

1, security is no longer a performance bottleneck. When order is chaotic, we need a lot of safety machines to maintain order. But the disorderly state of violence, can only bring violent game and upgrade. A million-gigabit network is very easy to build, but for the FW, VPN, AV, IPS ... We often quickly reduce the overall performance of the network to 10M. If you want to not degrade performance, you need high-performance security devices (such as our 64-core CPU multi-threaded development of 40G FW), but high-performance equipment is too expensive to bear. If you use an endpoint control scheme like EAD, a network environment is first orderly, and the depth-protected device is more limited to the Internet outlet or DC export. Distributed security system can bring high performance network, put more than 90% of security problems on the access side to solve.

2, the network management from the resources management progress to specific people's specific business management. Network management for many years there is no essential progress (old five: failure management, configuration management, performance management, security management and billing management), the reason is that the management of the object has not progressed to the network specific people and specific business. Such tools as EAD can provide a clear correspondence between people, business and resources, thus bringing about a whole new realm of it resource rationing, adjustment, monitoring and auditing.

This is the foundation of the new security architecture, which is the foundation of the new network order. Once we have a safe and harmonious security environment, we are proud not to have the most powerful security equipment, but to have the discipline and maintenance of the order of the Internet users.