Big Data for Big Security

Transcription

1 Big Data for Big Security HUAWEI NEXT GENERATION ANTI-DDOS SOLUTION Index DDOS ATTACK AND DEFENSE INFOGRAPHIC HUAWEI 2013 SECURITY RESEARCH REPORT DDOS PREVENTION BASED ON BIG DATA HUAWEI NEXT GENERATION ANTI-DDOS SOLUTION GUARD OF $5.8 BILLION HUAWEI S ANTI-DDOS SOLUTION ASSISTS TENCENT TO ACHIEVE SECURE AND AVAILABLE INTERNET SERVICES ALLOWING ALL THE CLICKS, NONE OF THE ATTACKS.

2 Analysts 1

3 2

4 Trends Huawei 2013 Security Research Report 29.81% more DDoS attacks occurred than last year. Http application protocols Attacked up to 87.74% More than 72.91% attacks larger than 1Gbps Longest DDoS attacks last 349 hours 36 minutes 42 seconds 3 Read the full report

5 Technology DDoS Prevention Based On Big Data By Winston Zuo General Manager, Huawei Security Products As the Internet continues to grow and prosper, hacker attacks continue to increase in severity and frequency. Since the year 2000, when Web 2.0 Internet applications first came onto the scene, the motivation behind Distributed Denial of Service (DDoS) attacks has shifted from exhibitionism to vicious attacks on industry. As Internet bandwidth has expanded, so too has the scale and frequency of DDoS attacks. For example, in March 2013, European anti-spam company Spamhaus experienced multiple 300 Gbit/s DDoS attacks, the largest such attacks in history. Huawei is the first anti- DDoS solutions provider to apply Big Data technology to DDoS detection and prevention. Huawei leads the industry in eliminating covert DDoS attacks disguised as normal access requests. DDoS Trends Challenging Attack Defense Technologies, DDoS attacks originate from mock sources, such as Typically Synchronize (SYN) flood, User Datagram Protocol (UDP) flood, and Domain Name Service (DNS) flood, and are carried out by zombie hosts. The more bandwidth the attack consumes, the bigger the threat to network infrastructure When DNS servers are paralyzed a wide range of network services will be blocked or broken. Source attacks that target specific applications, such as HTTP Flood attacks against e-commerce websites and web games, require a TCP connection between the zombie host and servers targeted for attack. To avoid detection, hackers reduce the attack traffic rate so that the attack footprint resembles a legitimate request. 4

6 In Q2 2013, the largest anti-ddos Service Provider (SP), Prolexic released the Prolexic Quarterly Global DDoS Attack Report, stating that 17% of DDoS attacks produce over 60 Gbit/s traffic. These heavy-traffic DDoS attacks are the easiest to detect, but require the highest processing performance to affect the necessary rapid response; otherwise, the network links will become jammed, completely flooded, while security devices deployed on the access side are failing. Blocking such attacks requires the deployment of super-large capacity prevention systems on the upstream side of the network. Until the recent arrival of cost-effective flow analysis technology, these super-large-bandwidth DDoS attacks were best handled by commercial anti-ddos SPs. We have now entered the era where these high performance tools are now available for enterprises. Effective enterprise anti-ddos systems must be based on high-performance hardware platforms with a minimum 100-Gbit/s defense capacity, or the defense device itself will likely become the network bottleneck. Application-layer DDoS attacks are more difficult to detect and counter because they emulate the syntax and traffic characteristics of legitimate clients and access requests. DDoS attacks against the application layer involve carefully selected targets that threaten service availability through the use of slow, prolonged attacks, and dispersed attack sources. Although server addresses may remain reachable, ultimately these services will become unavailable. Because DDoS attack detection systems rely on traffic models for attack detection, the better the traffic model the higher the probability of detecting attacks. The difficulty in detecting light-traffic attacks is that the small numbers of attack packets are concealed in massive volume of legitimate network access packets. An example challenge to traffic model accuracy is a scenario with an average of 10 Gbit/s of access traffic, and a DDoS attack against a mobile web application that generates 250 Kbit/s of peak traffic (50 Queries per Second (QPS) with a 600-byte average packet length). The vulnerability exists when a selected target continues to request access to resources that that are tied up by time consuming database searches. The first order result is that the attacked Uniform Resource Identifiers (URIs) may fail to respond to requests of other users. In traditional flow-detection technology, the traffic-sampling ratio will typically be set to 10,000:1 to reduce the impact of flow logs on route-forwarding performance. A 250 Kbit/s attack on a 10 Gbit/s access circuit, accounts for a mere 1/300,000th of the incoming traffic, which in a 10,000:1 sampling regime makes it very unlikely that attack packets can be extracted, ergo, the lighter the attack traffic, the more difficult for a flow analysis device to detect changes in baseline traffic. A further challenge to detecting low volume DDoS attacks is that application layer attacks strongly resemble legitimate access requests, and that even with increased sampling rates, flow analysis is unsuitable for detecting application layer attacks because QPS analytics are not included in the access traffic model. Mitigating this type of attack using traditional prevention systems can only limit the connections of legitimate access sources. DDoS Defense Technology Based on Big Data Analytics As an industry-leading anti-ddos solutions provider, Huawei is the first vendor to apply Big Data technology to the detection and prevention of covert DDoS attacks disguised as normal access requests. Why Big Data? At the 2013 RSA Conference, Art Coviello, RSA Executive Chairman explained, Intelligence driven security is being increasingly adopted by the industry, and promises a radically different, much more effective model of security using Big Data thinking and technologies. When we comprehensively understand the context of normal behavior of people and the flow of data over networks, we are able to transcend the reactive models of the past to more clearly and quickly spot even the faint signal of any impending attack or intrusion in the midst of an increasingly noisy environment. Making this view a reality requires a prevention system able to completely and accurately describe the various traffic models of a protected network. Only in this way can attacks be found and handled quickly. Specifically, the prevention system needs to copy all traffic of the protected network and implement a comparative, packet-specific, statistical analysis using Big Data. Detection and response to application layer attacks requires precise, multi-dimensional traffic models. Service access traffic models describe the status of a network when it is not being attacked, and attack traffic models are generated in response to 5

7 perceived abnormalities. To avoid misjudging legitimate traffic such as QPS surges during China s November 11, 2013 Cyber Monday a URI traffic model, including the HTTP GET packet rate of the target IP address, can be used to analyze the incoming queries. Covert and effective, slow attacks exploit session and application defects such as TCP retransmission timeouts, TCP sockstress vulnerability, encrypted SSL-DoS/DDoS, slow HTTP header vulnerability, and HTTP POST requests. Detection of these attacks is dependent on traffic model descriptions in the source and session dimensions. Huawei possesses an expert attack prevention team of over 300 engineers. With the ability to monitor and analyze security incidents from around the world in real-time, the team constructs a data model and related analysis algorithms for each new type of DDoS attack to ensure a high detection rate. Capture and Analysis Complete traffic capture: A core precept of Big Data is accurate analysis based on comprehensive data sets. Using a bypass model, Huawei s Anti-DDoS Solution analysis all traffic entering a protected network to ensure the generation of a complete network traffic baseline for attack detection analysis. Data center peripheral protection mechanisms only capture traffic entering the data center. After copying the traffic from the protected network on Day One, Huawei s anti-ddos solution generates traffic models at Layers 3, 4, and 7 in over 60 dimensions then conducts a dynamic service access correlation analysis. Next, an attack defense policy is automatically generated, typically in one week. The system continues the learning cycles on an ongoing basis and updates the attack detection thresholds for traffic model and application service changes. Protecting a 10-Gbit/s access channel requires an anti-ddos platform able to process up to 756TB of data for every DDoS threshold. Correlation analysis: Huawei s Big Data anti-ddos Solution uses high-performance multi-core CPUs in parallel. For each learning cycle, inbound traffic is divided into multiple streams at each interface board, and each stream is directed to a microprocessor core. Using MapReduce, the Big Data system models more than 50 traffic dimensions as layered data structures. After analyzing the traffic models by packet type, the system records the analysis results in corresponding data structures. With the first correlation analysis completed, the now continuous attack detection process begins. The incoming packets of Layers 3, 4, and 7 are parsed in one-second intervals. Fine-grained statistics are collected about the packets in over 60 dimensions and compared to the preset detection thresholds. When the indication thresholds are exceeded, network traffic is considered abnormal and the prevention process responds within seconds of detection. Once an attack has continued for five minutes, the upper limit for inbound traffic is immediately increased to 20 Gbit/s as a second-level response to mitigate latency. The Huawei anti-ddos system relies on a high-performance hardware platform to capture all traffic, and a multi-dimensional statistical analysis to quickly respond to network-layer, application-layer, and session-layer attacks, as well as various slow attacks. If these requirements are met, the incidence of misjudged DDoS attacks is significantly reduced. Precise and responsive The precision of the attack detection is determined entirely by the granularity of the learning model, for which Huawei s anti-ddos system prioritizes three aspects: protected network segments, protected target IP addresses, and source IP addresses. Statistics collected about the network, session, and application layers are further broken down into PPS, BPS, QPS, and access ratio metrics. Detection accuracy and misjudgment rates are further improved by analyzing the top N access source IP addresses plus the resources accessed within the network, session, and application layers. Top N traffic models addresses and resources are established to quickly detect attacks and test prevention results. Huawei s unique technology combines session-based, multi-dimensional statistics with behavioral analysis technology to implement correlation analysis and prevent slow attacks. The anti-ddos system also establishes a service access IP reputation mechanism in the session dimension. When attacks are detected, the IP reputation mechanism is used as a whitelist to quickly forward service access traffic to up to 40 million IP addresses, enough to sustain traffic during DDoS attacks. To resist DDoS attacks that look like legitimate user access requests, DDoS attack detection based on Big Data must provide high precision in detection and prevention along with rapid response capabilities to protect the user experience. Proven Performance November 11, 2013 was Cyber Monday in China, the largest online shopping day in human history. Website traffic at Alibaba.com peaked at several Tbps. During this peak period, the Alibaba business system was targeted with multiple rounds of DDoS attacks ranging from 500 Mbit/s to 20 Gbit/s. Each round of attack was blocked by Huawei's anti-ddos traffic cleaning solution within two seconds, with zero misjudgments. By ensuring uninterrupted business operations for Alibaba on this critical sales day, the competitive advantages of the Huawei anti-ddos solution were clearly shown. Huawei s Big Data Anti-DDoS Solution continues to be deployed in data centers the world over, preventing tens of thousands of attacks every day and earning high praise for its security capabilities and protection against business interruptions and lost customer revenue. 6

8 Products AntiDDoS8000 Next Generation Anti-DDoS System AntiDDoS8000 series is Huawei Next Generation (NG) Anti-DDoS Solution products, it performs abstract modeling and reputation system construction on network traffic from over 60 dimensions by leveraging Big Data analytics technologies. Compared to traditional anti-ddos mechanisms in the industry, the Huawei NG Anti-DDoS Solution provides more precise and comprehensive DDoS attack defense. AntiDDoS8000 Series Functionalities Highlights Anti-Large-DDoS: Heavy traffic DDoS attack defense to protects link availability. Anti-App-DDoS: Application DDoS Attack Defense to protect service availability Anti-Moblie-DDoS: Mobile DDoS Attack Defense to protect mobile service availability Anti-Outbound-DDoS: Prevents DDoS attacks at the source. Managed-Anti-DDoS: Increases VIP service stickiness by providing Portal-based self-service functions for VIP. T-bit defense performance and response within seconds Multiple fingerprint technologies, which defend against mobile DDoS attacks Defense against 100+ DDoS attacks, which secures service availability Customized, value-added operation management AntiDDoS8030 (4 U Height) Supports 3 extended slots. Supports a maximum of 160 Gbit/s defense performance. AntiDDoS8080 (14 U Height) Supports 8 extended slots. Supports a maximum of 480 Gbit/s defense performance. AntiDDoS8160 (32 U Height) Supports 16 extended slots. Supports a maximum of 960 Gbit/s defense performance. Interface Card Type LPUF-21 interface card LPUF-40 interface card LPUF-101 interface card 12 x 1GE (RJ45)/12 x 1GE (SFP)/1 x 10GE (XFP)/4 x 10GE (XFP)/1 x 10GE POS (XFP) 20 x 1GE (SFP)/2 x 10GE (XFP)/4 x 10GE (XFP) 24 x GE (SPF)/4 x 10GE (SPF+)/5 x 10GE (SPF+)/1 x 40GE (CPF)/1 x 100GE (CPF) Reliability Supports dual MPUs and achieves a five-nine carrier-grade reliability (99.999%). Power Supply Type Supports both DC and AC power supply. Learn more at 7

9 Success Stories Guard of $5.8Billion Huawei's Anti-DDoS Solution Guard of Alibaba Shopping Day Abstract Customer: Alibaba Group Customer type: E-commerce company Company size: 20,000 employees Customer challenges: Mass transactions were happening while under a large number of attacks. Service continuity was threatened. Solution: Huawei provided its Anti-DDoS solution and helped Alibaba establish a secure service platform. Customer evaluation: Alibaba suffered from hundreds of DDoS attacks of different scales every day. Huawei's Anti- DDoS solution reliably and accurately protected Alibaba's services. Transactions Involving $5.8Billion On November 11, 2013 (China's Singles' Day), the value of Alibaba's transactions exceeded$5.8billion. The number of transactions exceeded 188 million, peaking at 790,000 transactions per minute. A quarter of the transactions were completed on mobile terminals. The value of Alibaba's transactions on November 11 was more than four times that of the whole of the USA on black Friday, creating a new record for Alibaba. According to statistics provided by Alibaba, in 2012, Alibaba's e-commerce and payment platform handled an average of 24 million transactions every day. The annual value of the transactions exceeded $166Billion, which is the sum of the annual value of transactions on ebay and Amazon combined. Besides the traditional online transaction systems, such as Taobao, Tmall, and Alipay, Alibaba also provides cloud services for small- and medium-sized enterprises and developers. By November, 2013, Alibaba's cloud platform provided services for more than 100,000 service systems, which covered almost all service types on the Internet. The cloud platform needed to be highly stable and secure to deal with the large volume of traffic. Heavy Responsibility on the Security System Alibaba suffers from hundreds of millions of malicious intrusions and network attacks every day. DDoS attacks are particularly harmful because they can cause network interruptions and server crashes, which damages Alibaba's profits and brand influence. To counter this threat, Alibaba intends to build a hierarchical multi-dimensional security protection system that can protect against DDoS attacks efficiently. 8

10 "We need to build a multidimensional security protection system that provides high anti- DDoS performance and flexible expansion and operation capabilities to meet the flexibility and management requirements of Alibaba cloud computing centers. Few vendors can meet these requirements." Senior security expert from Alibaba In most cases, well-planned hacker attacks begin with DDoS attacks and are followed by intrusions, Trojan horses, and data theft. Some hackers use largevolume DDoS attacks to cause network and resource congestion. Alibaba must select a suitable DDoS protection solution that meets the following requirements: First, the protection system must identify DDoS attacks and adopt defense measures rapidly. The main customers of Alibaba are small and medium-sized enterprises, e-commerce companies, and game operators and developers. All of Alibaba's services are online, which requires high service continuity. Therefore, the protection system must rapidly identify DDoS attacks among a large volume of traffic and take the appropriate defense measures. The DDoS protection system must respond quickly and provide differentiated protection policies based on service types. The system should provide a secure environment for customers and win more customer resources for Alibaba. Second, the protection system must provide high performance and a flexible expansion capability. During DDoS attacks, Alibaba's cloud platform receives a large number of malicious requests from botnets. Servers are overwhelmed by these requests and cannot provide services to users. Even worse, customer services may be interrupted and the cloud platform may break down. Therefore, the protection system must prevent malicious requests from entering servers and provide high performance to avoid becoming a bottleneck that causes large access delay. In addition, the protection system must meet on-demand scalability requirements to meet service development requirements in the next three to five years. Third, the protection system must be able to be deployed quickly and operated easily. There are already over 100,000 customer services on Alibaba's cloud platform, and that number is continuing to rise. Major customer services include community websites, official websites of enterprises, e-commerce websites, and online computer game servers. The traffic scales and operation modes of these services differ greatly. Therefore, flexible self-service modes and easy operation and maintenance are key features of DDoS security services. In addition, DDoS security services must be seamlessly adapted to the cloud platform and open to customers. Alibaba attempted to develop an anti-ddos solution by itself and tested protection solutions of suppliers in and outside China. Few solutions can meet Alibaba's requirements on the defense performance (100 Gbps), accuracy (serviceand tenant-based protection), and scalability (flexible performance expansion). Huawei's Security Solution While Alibaba was searching for a suitable DDoS protection solution, a company encountered a large-scale DDoS attack. However, the company successfully defended this attack, which caught the attention of Alibaba. After asking the attacked company, Alibaba learned that the company had adopted Huawei's Anti-DDoS solution. Alibaba approached Huawei and expressed a strong interest in the Anti-DDoS solution. Alibaba then started POC tests. Dozens of DDoS protection experts from Alibaba tested the Anti-DDoS solution 9

11 "We tested Huawei's Anti- DDoS solution against every DDoS attack that we have ever encountered. Its performance was excellent; therefore, we selected Huawei." Senior security expert from Alibaba against all the attacks that they had collected on the live network. Huawei's Anti-DDoS solution successfully defended against each of the attacks, which impressed the experts. The tenant-based protection policy, learning of traffic models, and detailed report function are all easy to apply. Alibaba engineers could complete the tests without assistance from Huawei. During the tests, Alibaba engineers simulated common service traffic models on the live network based on the service features of Alibaba. While the traffic volume was normal, Huawei's Anti-DDoS systemidentified 50 Mbps low-traffic attacks in 2s. For low-rate and slow-link DDoS attacks on specific HTTP services, the Anti-DDoS system learned attack features automatically and rapidly adopted corresponding defense measures. In tests conducted by other companies, protection systems often affect the common services of mobile terminal users. Therefore, Alibaba engineers specifically tested the effect of the Anti-DDoS system on mobile terminal services. The test results showed that the Anti-DDoS system handled attacks successfully without affecting mobile terminal services. After completing function tests, Alibaba conducted performance and pressure tests. Test personnel sent attack traffic to two service boards that were configured with the Anti-DDoS system. The system successfully defended 20 Gbps 64-byte SYN flood attacks and the defense performance at the application layer reached as high as 40 Gbps, which was twice the industry standard. After more service boards were added, the performance was improved to 200 Gbps. Huawei's Anti-DDoS solution also passed the tests on the live network. At the end of 2011, Alibaba's cloud platform encountered a series of DDoS attacks. In response, Alibaba deployed the Anti-DDoS solution on the live network to protect the attacked servers. The Anti-DDoS solution cleared all attack traffic in only 2s without affecting customer services. The excellent performance of the Anti-DDoS solution on the live network persuaded Alibaba experts of its power, and the Anti- DDoS solution has been protecting Alibaba's cloud platform ever since. High Stability and Reliability "Huawei's Anti-DDoS solution protects Alibaba from more than 40,000 DDoS attacks every year and more than 100 DDoS attacks per day. The largest attack traffic volume was 100 Gbps, which the solution handled without any issues. The solution is stable, accurate, and user-friendly." Senior security expert from Alibaba Multiple data center egresses on Alibaba's live network are configured with Huawei's Anti-DDoS solution. The total defense performance reaches hundreds of Gbps. The system protects Alibaba from more than 100 DDoS attacks per day and more than 40,000 DDoS attacks every year. The largest attack traffic volume was over 100 Gbps. At present, DDoS attacks on Alibaba's cloud platform are automatically cleared by the Anti-DDoS system. Alibaba's engineers only need to view related reports. On November 11, 2013, Alibaba encountered multiple DDoS attacks. The highest attack traffic was 19 Gbps and the lowest attack traffic was 500 Mbps. The report showed that Huawei's Anti-DDoS solution protected Alibaba from multiple DDoS attacks and ensured network security and availability all day. About Alibaba Alibaba is a leading global e-commerce company that owns 25 business groups and 9 subsidiaries. Its business covers third-party payment, network transactions, and cloud computing services. Alibaba is focused on fostering the development of an open, collaborative, and prosperous e-commerce ecosystem that benefits consumers, merchants and the economy as a whole. 10

12 Success Stories Huawei's Anti-DDoS Solution Assists Tencent to Achieve Secure and Available Internet Services Customer Information Founded in November 1998, Tencent, Inc. has grown into China's largest and most used Internet service portal. Tencent has been providing value-added Internet, mobile and telecom services, and online advertising under the strategic goal of providing users with "one-stop online lifestyle services". Tencent's leading Internet platforms in China, including social networks, web portals, e-commerce, and multiplayer online games, have profoundly influenced the ways hundreds of millions of Internet users communicate with one another as well as their lifestyles. Tencent's service system covers ten Internet Data Centers (IDCs) in China, with hundreds of millions of users and over 100 million online users. Tencent not only has China's largest Internet community to meet Internet users various needs, including communication, information, entertainment, e-commerce, and others, but also maintains rapid and steady growth in various services. Challenges Security and performance, neither is dispensable. Tencent takes a global lead in terms of the scale, scope, and number of online-service users, so any network system interruption may cause huge losses to Tencent's online services. Tencent, therefore, has extremely high requirements for service network security and application availability. In recent years, Tencent's online services have been challenged by widespread and uncurbed Distributed Denial of Service (DDoS) attacks that feature simple attack behaviors but bring serious damage and changeable application-layer protocol (including HTTP, HTTPS, SIP, and DNS) attacks. Traditional security solutions (such as the firewall and IPS) underperformed in protecting Tencent's enormous online services. Online equipment not only failed to support Tencent's system throughput, but also became the bottleneck of system performance, not to mention defending against increasingly serious DDoS attacks. In addition, the equipment could not precisely identify attacks, so enabling the attack defense always caused network performance degradation and adversely affected online services. Therefore, Tencent selected equipment to defend against DDoS attacks with extreme prudence. Based on the features of online services, Tencent was in urgent need of a security solution that achieves high security, performance, scalability, and availability. In addition, the solution must offer low O&M cost, the ability 11

13 "Huawei's anti-ddos solution performed well in Tencent's IDC attack defense. During the defense process, the solution kept normal technical specifications, continuously defended against DDoS attacks of different scales and types for a whole week, and successfully helped Tencent's Internet online services run smoothly, laying a solid foundation for providing optimal service experience to customers without receiving complaints" Tencent DDoS Defense Team to filter out DDoS attacks of various scales and types to fully protect the largescale online services, and ensure high-quality network delivery as well as providing better user experience. High security: The security solution must be able to defend against DDoS attacks of various types, regardless of the traffic attacks or application-layer attacks, to protect all online services from attacks. High performance: To avoid being the bottleneck of the whole system, the security solution must feature high-performance defense capabilities so that it can deal with the traffic flooding attacks on Tencent's large-scale services. This solution must have defense capabilities to provide at least 10G for small package protection, in order to handle with the small-package traffic challenges brought from emerging services such as network gaming and online multimedia services. High scalability: The security solution must support flexible performance expansion to vary with service requirement changes, catch up with service mode innovation, and form an architecture required for long-term service development, in order to protect previous investment and reduce total investment cost. In addition, this solution must be able to quickly respond to emergencies, be applicable to complex and changeable network security environments, and cope with unexpected security threats. High availability: The security solution must ensure reliable service connections, precisely differentiate attack traffic from normal traffic, and accurately identify attacks. In this manner, the DDoS defense does not affect Tencent's service running and both system security and user experience can be ensured. Low O&M cost: Considering that O&M cost significantly affects Tencent, the security solution must be small-sized, consume low power, minimize occupied equipment room space and consumption with improved performance, and greatly reduce the TCO for deploying multiple nodes in batches. To further reduce O&M cost, products need to be maintained and managed in a centralized manner to meet the centralized management requirement in distributed crossregional deployment. Huawei Solution Huawei's security technology helps Tencent achieve carefree online services. Strict tests in labs and online operation appraisal have demonstrated that Huawei's anti-ddos solution is one of the best optimal solutions. It achieves the balance between high performance and high security and meets the requirements of high availability and low cost. Huawei's anti-ddos solution is a professional DDoS defense system, which aims to protect various and key online service systems regardless of how the network security environment changes. It can effectively cope with traditional traffic attacks and application-layer attacks, as well as attacks in the IPv6 and IPv4 hybrid network, providing support for building future-proof, secure, and high-availability online services. Based on accumulative experience in the security field and understanding in customer's requirements, Huawei provides the anti-ddos solution with the lead in the security protection capability, performance, scalability, and reliability. In addition, Huawei's professional anti-ddos research and maintenance team continuously traces and studies the DDoS technology to ensure that Huawei's anti-ddos solution is advanced enough to cope with changeable security threats. 12

14 "Huawei's anti-ddos solution provides high security and ensures service continuity and effectiveness, allowing us to concentrate on service operation and innovation. This solution has received high recognition from our security platform department and service department by virtue of its brilliant performance." The leader of Tencent's DDoS defense team said Tencent has deployed Huawei's anti-ddos solution in its multiple IDCs to protect the online service system. During application, Huawei's anti-ddos solution has assisted Tencent to defend against hundreds of attacks and ensure stable and smooth running of the online service system, enhancing the security of the online services. Multiple benefits of Huawei's anti-ddos solution support service development. By deploying Huawei's anti-ddos solution, Tencent not only had the strong ability to protect the online service system and ensure service continuity with economical investment and O&M costs, but also ensured high-quality network application and service delivery, provided optimal user experience, and thereby obtained powerful support for service development. Enhanced security: Huawei's anti-ddos solution provides the leading security protection capability, so Tencent achieved enhanced security for its online service system using the solution. Based on the precise and comprehensive sevenlayer detection concept that is generated from the analysis of global 26000G traffic samples, Huawei provides the anti-ddos solution that can defend against hundreds of various attacks, support accurate attack identification, and provide brilliant IPv6 attack defense capability. The intelligent defense engine, developed by Huawei for DDoS defense, can filter out attack traffic by layer using the integrated 7-layer defense algorithm in order to precisely and comprehensively defend against traffic attacks and application-layer attacks. In this manner, Tencent's online services are protected regardless of the DDoS attack severity. Improved availability: Tencent achieved high stability and reliability for its online service system by deploying Huawei's anti-ddos solution, so the availability of the online service system was greatly improved. By using the advanced multi-core distributed hardware architecture, Huawei's anti-ddos solution is able to support the protection of a maximum of 200 Gbit/s per device and respond to attacks within two seconds, so the solution can easily deal with DDoS attacks of various scales and help Tencent quickly recover services when unexpected faults occur. In addition, the solution provides at least 10G for small package protection, so the development of Tencent's emerging services such as network gaming and multimedia services can be protected. Besides, the key components of devices in this solution are backed up and the carrier-class reliability is %, which bring a solid stability to Tencent's online service system. Optimized scalability: Tencent achieved on-demand scalability for its online service system with the help of Huawei's anti-ddos solution, which efficiently assisted Tencent's long-term service system architecture construction and service mode innovation. Huawei's anti-ddos solution supports expansion up to 10 times that of the current capability, so it can flexibly expand the capacity from 2G to 200G. Reduced O&M cost: Huawei's anti-ddos solution is small-sized and consumes low power, so Tencent effectively reduced occupied equipment room space and energy cost using the solution. Especially in large-scale application deployment, more operation costs are reduced. Tencent also implemented centralized management in distributed cross-regional deployment, further reducing O&M cost. The leader of Tencent's DDoS defense team said, "Huawei's anti-ddos solution provides high security and ensures service continuity and effectiveness, allowing us to concentrate on service operation and innovation. This solution has received high recognition from our security platform department and service department by virtue of its brilliant performance." 13

15 ALL THE CLICKS, NONE OF THE ATTACKS. Huawei s Anti-DDoS solution successfully defended Alibaba s network from massive DDoS attacks on its record-setting day of RMB 35 Billion (US $5.8 Billion) in sales. November 11 is the busiest online shopping day in China, and also one of the busiest for hackers intent on disrupting popular networks and services. At Alibaba, the Huawei Anti-DDoS Solution successfully defended their network from massive DDoS attacks, avoiding an expensive crisis. As a result, Alibaba was able to set two new records: 188 million transactions exceeding RMB 35 billion (US $5.8 Billion) in value in one day by avoiding costly service interruptions. Huawei s Anti-DDoS solution utilizes big data analysis techniques to detect potential attacks, and can identify and block over 100 types of attacks within 2 seconds. It is the only solution in the world that provides one Tbit/s defensive performance. It also guards Alibaba s networks against over 40,000 DDoS attacks every year, thus setting new standards for network safety in e-commerce. Find out more at Scan for product details.

16 Copyright Huawei Technologies Co., Ltd All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademark Notice, HUAWEI, and are trademarks or registered trademarks of Huawei Technologies Co., Ltd. Other trademarks, product, service and company names mentioned are the property of their respective owners. General Disclaimer The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice. HUAWEI TECHNOLOGIES CO., LTD. Huawei Industrial Base Bantian Longgang Shenzhen , P.R. China Tel: Version No.: M C-1.0