还有一件事(零信任):Cloudflare Intrusion Detection System
2020-10-17
今天,我们非常高兴地公布我们的Cloudflare Intrusion Detection System 计划,这款新产品将能够监控您的网络,并在怀疑遇到攻击时发出警报。通过与 Cloudflare One 深度集成,...
继续阅读 »
\n \n
今天,我们非常高兴地公布我们的Cloudflare Intrusion Detection System 计划,这款新产品将能够监控您的网络,并在怀疑遇到攻击时发出警报。通过与 Cloudflare One 深度集成,Cloudflare Intrusion Detection System 可帮助您鸟瞰整个全局网络,并检查所有流量的不良行为,无论它们源自网络外部还是内部。
\n企业通过制定防火墙规则来确保其网络不受外部和内部威胁的影响。当不良行为者企图攻击网络时,这些防火墙会检查攻击是否与规则模式匹配。如果匹配,防火墙就会介入并阻止攻击。
企业团队过去常常在物理防火墙设备上配置这些规则,这些设备通常部署在物理位置,并且具有不同的品牌和型号。昨天,我们发布了 Magic Firewall,这是 Cloudflare 通过遍布全球的数据中心交付的网络级防火墙。您的团队只需编写一次防火墙规则,再部署到 Cloudflare,我们的全球网络就可以保护您的办公室和数据中心,无需在内部部署硬件。
如果您知道攻击源于何处,这效果极好。如果不具备这种确定性,那么寻找这些类型的攻击将成为代价昂贵的猜测。老练的攻击者可以突破网络防御措施来确定存在或不存在哪些规则。他们可以利用这些信息发起更隐蔽的攻击。甚至更糟:突破您的员工的防线,并从内部发动攻击。
在零信任周结束之前,我们再宣布一件事:Cloudflare Intrusion Detection System (IDS),这一解决方案能够同时分析整个网络并提醒您可能未被规则捕获到的事件。
Cloudflare IDS 代表了 Cloudflare One 的一个关键部分。WARP 用来连接您的设备,Magic Transit 将办公室和数据中心连接到 Cloudflare,Cloudflare IDS 则立于这两者之上,让您能够同时检查和评估所有流量。您可以通过单一视图,了解网络内部发生的情况以及可能出现违规的地方。Cloudflare IDS 也在识别威胁和攻击方面不断进步。您可以选择接收警报,而且只需单击一下,就能快速、轻松地阻止蒙过静态规则的入侵行为。最重要的是,您的团队将受益于 Cloudflare 从其他地区或行业的攻击收集的情报,标记出影响到您的事件。
\n运作方式?
\n传统安全模型隐式信任网络内部的所有连接。这使网络容易受到内部不良行为者的破坏和攻击。零信任概念通过假设每个连接都是危险的来翻转模型。不等待表明已经发生确定违规行为的证据,而是假设违规已经发生。
若要有效实施零信任模型,您需要两个核心组件:
整个网络的综合视图,不断对其进行分析以捕捉静态规则可能遗漏的问题;
一个入侵检测系统(购买或自备),以执行上述分析。
与 Cloudflare One 的深度集成在一定程度上促成了 Cloudflare IDS 的有效性。WARP 和 Magic Transit 提供第一个组件,让您可以将整个网络和所有设备连接到 Cloudflare,从而能俯瞰每一个数据包和连接。
然后,Cloudflare IDS 通过主动检查流量和流量内容来帮助检测从网络内部各处发动的攻击。Cloudflare IDS 将以两种方式运行:流量塑形和流量检查。通过查看网络上流量的行为,我们可以了解正常行为是什么样的:用户每天仅登录一个系统,他们仅访问某些应用程序,诸如此类。应该不会有人试图一次性登录多个系统,或对网络进行端口扫描,这显然是恶意意图的迹象。
我们采用的另一种入侵检测形式是流量检查:检查网络中流动的流量的内部,以查看是否有人在开展有针对性的攻击。这些类型的攻击无法通过传统方法检测,因为它们其实形似正常流量:只有检查其内部,才能发现行为者正在尝试恶意行为。
\n攻击者一般会遵循某种模式。不良行为者首先尝试攻击一个企业,然后在别处重复相同的攻击。遗憾的是,我们发现这种模式在最近有所抬头。例如,Fancy Bear 的 DDoS 攻击活动从一个组织转到另一个组织并重复相同的剧本。
我们认为众人之力可以加强安全性。Cloudflare IDS 可以从针对我们网络和所有客户网络的攻击中汲取经验,不断识别出正在发起的新型攻击。然后,我们将从确保 Cloudflare 和其他客户安全过程中吸取的经验教训交给您的团队。平台还融合了外部威胁摘要;而且,您也可提供自己的经验教训。
\n运行自己的 IDS 解决方案(无论是内部开发还是购买而得)的客户经常会抱怨 IDS 解决方案对 CPU 的消耗极大。它们需要在内存中保留很多状态,并且需要大量计算才能有效且准确地工作。
借助 Cloudflare IDS,您可以将负担卸给我们的网络。Cloudflare 从头开始构建,可以无限扩展。每个边缘数据中心都运行完全相同的软件,从而使我们能够高效地大规模部署工作负载。使用 Cloudflare 运行 IDS,您可以消除传统解决方案的计算资源负担,而且无需为容量担忧。
\n团队部署 Cloudflare IDS 时,只需点击一个按钮便可。我们会开始分析您的 Magic Transit 流量和 Magic Firewall 事件中的模式,比照我们的威胁摘要进行检查。
如果我们确定发生了可疑事件,我们会发送警报来通知您的团队。然后,您的安全团队就能开始审查相关行为并深入研究数据,以判断具体的情况。您可以从仪表板中获得有关攻击类型及其发生位置的更多见解。补救只需点击一下:只要设置一条规则并将其发布到全球 Cloudflare 网络便可:我们会将攻击的所有踪迹都消灭掉。
\nCloudflare IDS 的发布将遵循我们的 Magic Firewall 公告的 GA。如果您想成为率先采用 IDS 的人,请与客户团队联系以了解更多信息。
"],"published_at":[0,"2020-10-17T14:00:00.000+01:00"],"updated_at":[0,"2024-10-09T21:23:36.697Z"],"feature_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/1aY2We3PTSail72xBJ3rCE/b25f3547d5e7078e7668e6c0695a2d88/one-more-zero-trust-thing-cloudflare-intrusion-detection.png"],"tags":[1,[[0,{"id":[0,"J61Eszqn98amrYHq4IhTx"],"name":[0,"Zero Trust"],"slug":[0,"zero-trust"]}],[0,{"id":[0,"25A8I9ldOaZmvZRWTucDz8"],"name":[0,"Zero Trust Week"],"slug":[0,"zero-trust-week"]}],[0,{"id":[0,"6Mp7ouACN2rT3YjL1xaXJx"],"name":[0,"安全"],"slug":[0,"security"]}]]],"relatedTags":[0],"authors":[1,[[0,{"name":[0,"Sam Rhea"],"slug":[0,"sam"],"bio":[0," "],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/2U8kgggIwXALYQIRjBDjyp/f71c76bd477134eab95f46d29136f902/sam.png"],"location":[0,null],"website":[0,null],"twitter":[0,"@LakeAustinBlvd"],"facebook":[0,null]}],[0,{"name":[0,"Achiel van der Mandele"],"slug":[0,"achiel"],"bio":[0,null],"profile_image":[0,"https://cf-assets.www.cloudflare.com/zkvhlag99gkb/4PBX0l9SGxPiGW7UUCNph8/ef71a605cc41fd89c9ddf37e6a68a413/achiel.png"],"location":[0,null],"website":[0,null],"twitter":[0,null],"facebook":[0,null]}]]],"meta_description":[0,"We’re very excited to announce our plans for Cloudflare Intrusion Detection System, a new product that monitors your network and alerts when an attack is suspected. "],"primary_author":[0,{}],"localeList":[0,{"name":[0,"One more (Zero Trust) thing: Cloudflare Intrusion Detection System Config"],"enUS":[0,"English for Locale"],"zhCN":[0,"Translated for Locale"],"zhHansCN":[0,"No Page for Locale"],"zhTW":[0,"No Page for Locale"],"frFR":[0,"Translated for Locale"],"deDE":[0,"Translated for Locale"],"itIT":[0,"No Page for Locale"],"jaJP":[0,"Translated for Locale"],"koKR":[0,"No Page for Locale"],"ptBR":[0,"No Page for Locale"],"esLA":[0,"No Page for Locale"],"esES":[0,"No Page for Locale"],"enAU":[0,"No Page for Locale"],"enCA":[0,"No Page for Locale"],"enIN":[0,"No Page for Locale"],"enGB":[0,"No Page for Locale"],"idID":[0,"No Page for Locale"],"ruRU":[0,"No Page for Locale"],"svSE":[0,"No Page for Locale"],"viVN":[0,"No Page for Locale"],"plPL":[0,"No Page for Locale"],"arAR":[0,"No Page for Locale"],"nlNL":[0,"No Page for Locale"],"thTH":[0,"No Page for Locale"],"trTR":[0,"No Page for Locale"],"heIL":[0,"No Page for Locale"],"lvLV":[0,"No Page for Locale"],"etEE":[0,"No Page for Locale"],"ltLT":[0,"No Page for Locale"]}],"url":[0,"https://blog.cloudflare.com/one-more-zero-trust-thing-cloudflare-intrusion-detection"],"metadata":[0,{"title":[0],"description":[0],"imgPreview":[0,""]}]}],"locale":[0,"zh-cn"],"translations":[0,{"posts.by":[0,"作者"],"footer.gdpr":[0,"GDPR"],"lang_blurb1":[0,"这篇博文也有 {lang1} 版本。"],"lang_blurb2":[0,"这篇博文也有 {lang1} 和{lang2}版本。"],"lang_blurb3":[0,"这篇博文也有 {lang1}、{lang2} 和{lang3}版本。"],"footer.press":[0,"新闻"],"header.title":[0,"Cloudflare 博客"],"search.clear":[0,"清除"],"search.filter":[0,"过滤"],"search.source":[0,"来源"],"footer.careers":[0,"招聘"],"footer.company":[0,"公司"],"footer.support":[0,"支持"],"footer.the_net":[0,"theNet"],"search.filters":[0,"过滤器"],"footer.our_team":[0,"我们的团队"],"footer.webinars":[0,"网络研讨会"],"page.more_posts":[0,"更多帖子"],"posts.time_read":[0,"{time} 分钟阅读时间"],"search.language":[0,"语言"],"footer.community":[0,"社区"],"footer.resources":[0,"资源"],"footer.solutions":[0,"解决方案"],"footer.trademark":[0,"商标"],"header.subscribe":[0,"订阅"],"footer.compliance":[0,"合规性"],"footer.free_plans":[0,"Free 计划"],"footer.impact_ESG":[0,"影响/ESG"],"posts.follow_on_X":[0,"在 X 上关注"],"footer.help_center":[0,"帮助中心"],"footer.network_map":[0,"网络地图"],"header.please_wait":[0,"请稍候"],"page.related_posts":[0,"相关帖子"],"search.result_stat":[0,"针对 {search_keyword} 的第 {search_range} 个搜索结果(共 {search_total} 个结果)"],"footer.case_studies":[0,"案例研究"],"footer.connect_2024":[0,"Connect 2024"],"footer.terms_of_use":[0,"服务条款"],"footer.white_papers":[0,"白皮书"],"footer.cloudflare_tv":[0,"Cloudflare TV"],"footer.community_hub":[0,"社区中心"],"footer.compare_plans":[0,"比较各项计划"],"footer.contact_sales":[0,"联系销售"],"header.contact_sales":[0,"联系销售团队"],"header.email_address":[0,"电子邮件地址"],"page.error.not_found":[0,"未找到页面"],"footer.developer_docs":[0,"开发人员文档"],"footer.privacy_policy":[0,"隐私政策"],"footer.request_a_demo":[0,"请求演示"],"page.continue_reading":[0,"继续阅读"],"footer.analysts_report":[0,"分析报告"],"footer.for_enterprises":[0,"企业级服务"],"footer.getting_started":[0,"开始使用"],"footer.learning_center":[0,"学习中心"],"footer.project_galileo":[0,"Project Galileo"],"pagination.newer_posts":[0,"较新的帖子"],"pagination.older_posts":[0,"较旧的帖子"],"posts.social_buttons.x":[0,"在 X 上讨论"],"search.icon_aria_label":[0,"搜索"],"search.source_location":[0,"来源/位置"],"footer.about_cloudflare":[0,"关于 Cloudflare"],"footer.athenian_project":[0,"Athenian Project"],"footer.become_a_partner":[0,"成为合作伙伴"],"footer.cloudflare_radar":[0,"Cloudflare Radar"],"footer.network_services":[0,"网络服务"],"footer.trust_and_safety":[0,"信任与安全"],"header.get_started_free":[0,"免费开始使用"],"page.search.placeholder":[0,"搜索 Cloudflare"],"footer.cloudflare_status":[0,"Cloudflare 状态"],"footer.cookie_preference":[0,"Cookie 首选项"],"header.valid_email_error":[0,"必须是有效的电子邮件地址。"],"search.result_stat_empty":[0,"显示第 {search_range} 个结果(共 {search_total} 个结果)"],"footer.connectivity_cloud":[0,"全球连通云"],"footer.developer_services":[0,"开发人员服务"],"footer.investor_relations":[0,"投资者关系"],"page.not_found.error_code":[0,"错误代码:404"],"search.autocomplete_title":[0,"请输入查询内容。按回车键发送"],"footer.logos_and_press_kit":[0,"标识与媒体资料包"],"footer.application_services":[0,"应用程序服务"],"footer.get_a_recommendation":[0,"获得推荐"],"posts.social_buttons.reddit":[0,"在 Reddit 上讨论"],"footer.sse_and_sase_services":[0,"SSE 和 SASE 服务"],"page.not_found.outdated_link":[0,"您可能使用了过期的链接,或者输入了错误的地址。"],"footer.report_security_issues":[0,"报告安全问题"],"page.error.error_message_page":[0,"抱歉,我们找不到您要打开的页面。"],"header.subscribe_notifications":[0,"订阅以接收新文章的通知:"],"footer.cloudflare_for_campaigns":[0,"Cloudflare for Campaigns"],"header.subscription_confimation":[0,"订阅已确认。感谢订阅!"],"posts.social_buttons.hackernews":[0,"在 Hacker News 上讨论"],"footer.diversity_equity_inclusion":[0,"多元、公平与包容"],"footer.critical_infrastructure_defense_project":[0,"关键基础设施防护项目"]}]}" ssr="" client="load" opts="{"name":"PostCard","value":true}" await-children="">2020-10-17
今天,我们非常高兴地公布我们的Cloudflare Intrusion Detection System 计划,这款新产品将能够监控您的网络,并在怀疑遇到攻击时发出警报。通过与 Cloudflare One 深度集成,...
继续阅读 »2020-10-16
今天,我们很高兴地发布 Magic Firewall™,这款通过 Cloudflare 提供的网络级防火墙能够保护您的企业安全。Magic Firewall 为您的远程用户、分支机构、数据中心和云基础结构提供安全保障。...
2020-10-14
Cloudflare 于十年前诞生,以确保 Web 资产免受攻击并加快访问者的体验为己任。Cloudflare 客户将他们拥有的互联网资产放到我们的网络上。访问者访问这些站点和应用程序能享受到更畅快的体验,但若访问 Cloudflare 网络外的互联网资产,速度并不是同样迅捷的。...
2020年10月14日 15:00
2020 年 1 月,我们发布了 Cloudflare for Teams,这是一种在不牺牲性能的前提下保护组织及其遍布全球的员工的新方式。Cloudflare for Teams 内含 Cloudflare Access 和 Cloudflare Gateway 这两大和核心产品。...
2020年10月13日 15:00
我们推出了Cloudflare for Teams,使所有组织(无论规模,规模或资源如何)均可访问零信任安全性。从今天开始,我们很高兴地宣布我们新的Teams计划,更具体地说,我们的Cloudflare for Teams免费计划,该计划可以免费保护50个用户。立即注册,开始使用。...
2020年10月13日 13:00
我们将Cloudflare Access™构建为解决Cloudflare内部问题的工具。我们依靠一组应用程序来管理和监视我们的网络。其中一些是我们自己托管的受欢迎产品,例如Atlassian套件,...
2020年10月12日 13:01
今天我们发布了Cloudflare One™。在与成千上万的客户就企业网络的未来进行对话的指导下,这是工程技术开发的顶峰。它提供安全、快速、可靠、具有成本效益的网络服务,与领先的身份管理和终端安全提供商集成。...
2020年10月12日 13:00
运行安全的企业网络是非常困难的。世界各地的员工都在家里工作。应用程序在数据中心内运行,托管在公共云中,并作为服务交付。执着而有动机的攻击者会利用任何漏洞。...