Bluedon Security Audit Solution
Bluedon Security Audit Platform (SAP) is a leading-edge security management system targeted at fine-grained auditing of Internet data traffic in a wide variety of business environments. Taking full advantage of innovative deep packet inspection (DPI) technology, and leveraging the power of application protocol analysis, it can bring the customers the visibility into the network traffic coming in and out of Internet, as well as valuable insight of business data being transported on the wire in a real-time manner. As enterprise business is increasingly dependent on the reliable operation and security assurance of Internet data exchange, regulatory compliance is becoming one of the business issues which any business teams have to deal with due diligence. With the availability of a powerful security audit platform, customers can, as a part of their risk management plans, follow the best security practices and implement a security policy as dictated by business management. In addition to providing the required safe storage of security audit data to meet compliance requirements, our solution can help customers to detect and respond to anomalous network activity and closely monitor the access to sensitive data in enterprise databases and application systems.
DPI As Immune System of the Internet
The mainstream adoption of the Internet has brought along with it all the good and ills of the physical world. Any business system connected to today’s Internet is required to defend itself against worms, virus, spam, Denial of Service (DoS) attacks, SQL injection, server hijacking, and a myriad of other threats. Deep Packet Inspection (DPI) is a relatively new technology that inspects the content portion of traffic flowing through the network in real-time. DPI examines packet payloads to search for signatures of network applications, signs of intrusions, and leaks of sensitive information. It has been applied to broad applications related to content-aware policy control, as well as network security monitoring and network management of Internet traffic. As one of the leading security vendors in China market, Bluedon is committed on the development of state-of-the-art DPI technology and products by means of business partnership with Intel, Adlink and other platform technology providers.
Aimed at the deployment in telecom data centers and mission-critical business networks, Bluedon DPI solution is designed to support above 10Gbps high speeds of broadband links, with the implementation of a scalable architecture and highly-optimized traffic analysis algorithms, and by leveraging the powerful X86 multi-core hardware platforms, energy-saving Tilera many-core processors and high-performance NPU processors like those from Cavium Networks.
With a modular design and scalable architecture, Bluedon Security Audit Platform features a number of extension modules for L2-L7 flow analysis, and each of the modules can be separately configured, fully customized, and dynamically deployed in customers’ network environments.
Figure-1 Bluedon SAP platform architecture
As illustrated in Figure-1, Bluedon SAP platform consists of the following key components:
l Core DPI engine
The core engine analyze packet payloads, while preserving the privacy of customer data, and combine protocol parsing and contexts to precisely interpret the business data being transmitted on the wire.
l Network protocol plugins
Bluedon provides a broad range of network protocol plugins, as a result of many years of project involvements in the telecom and government markets.
l Application-specific security audit function (SAF) plugins
Applications and their protocols change constantly and without notice. Our people in Bluedon development teams continuously check for changes in protocols and applications, and update these plugins. As a part of our service offerings, we can help customers to create new protocol plugin for any legacy applications, in order to implement additional security controls and meet audit requirements.
l Security Policy Engine
It is a daunting task to manage a large collection of security policy settings in an efficient and consistent manager, when an increasingly number of enterprise applications are being added to the controls under Bluedon SAP platform. A smart engine is needed to convert a particular security policy into a set of actions which must be taken by a group of cluster nodes.
l Security management function (SMF) plugins
Web-based management is an indispensable part for a powerful security platform, and a modular design philosophy is widely accepted to deal with the complexity of managing a cluster of high-performance computing nodes, as well as the demand for security data analysis.
l Distributed Application Messaging Bus
As a core component of Bluedon SAP platform, a messaging bus plays a key role to facilitate the data exchange between the different components, which are, in most cases, running in different computing node. Apache Avro is being chosen as the data format for its efficiency and popularity in the big-data community.
l Object storage
A high-performance database engine is critical to the operation of Bluedon SAP platform to provide the support of persistent object storage. A hybrid design is used to combine the power of Berkeley DB and REDIS data store, and a migration to MongDB storage is being planned.
l Wide traffic analysis
In addition to the ability of identify nearly all network protocols including network tunneling like GTP and L2TP, Bluedon SAP platform is offering the support of such database as Oracle 8i/9i/10g/11g and Microsoft SQL Server.
l Integration with government E-gov systems
Among the key concerns of government customers is the risk of information disclosure by OA applications and other E-gov systems. In addition to the seamless integration with the audit data interfaces being supported by these OA systems, network traffic monitoring is being adopted as a second line of defense, and it turns out to be the most effective way to guarantee the safety of sensitive data in transit.
l Integration with medical HIS systems
Healthcare authority in China is making a great effort to attack the problem of improper practices by the doctors, e.g. medicine abuse, by means of hacking into the hospitals’ healthcare information systems (HIS) and making periodical examination of medical prescription data. Bluedon SAP platform is helping healthcare authority to monitor closely any medical transactions of HIS systems, keeping an eye on the possible occurrence of anomalous activity.
l Widest deployment by public security in China
As a part of national security policy, China government has been playing a key role and working together with all network providers to deploy a lot of DPI systems across the country. Bluedon SAP platform is among the most widely deployed solutions, especially in the South China regions.