Horizon Networks SuperSG Series
Horizon Networks SuperSG products adopt advanced high-performance multi-core architecture, run an independent and controllable operating system, carry a rich interface hardware platform, combined with intelligent routing and other comprehensive network layer support as well as HA hot standby, to ensure efficient and reliable business processing and flexible and comprehensive scene support;It is equipped with WAF level intrusion prevention function and virus protection function of unique real-time virus interception technology. Through the security detection engine and application identification of single path parallel processing, it realizes in-depth analysis of users, applications and contents, and provides users with a safe and intelligent integrated protection system.
Network wide Threat Intelligence, unknown risk can be protected
Flexible, efficient and comprehensive, with richer scene support
Professional intelligent engine, three-dimensional protection and safety
Deep data recognition and more detailed behavior control
Optimized bandwidth management and faster user experience
Centralized and unified control makes network operation and maintenance more convenient
“Network wide Threat Intelligence, unknown risk can be protected”
Network wide Threat Intelligence, unknown risk can be protected
Use the independently developed Threat Intelligence Platform to eliminate this inequality by predicting the risk as much as possible, so that the security of the enterprise can be more effectively guaranteed.
Threat intelligence data includes IP reputation, domain reputation, URL reputation, file reputation (MD5 / SHA), latest attack events, attack trends and preventive measures. Implement the threat detection and intelligence processing capabilities and reduce the Mean Threat Time Detection (MTTD) and Mean Threat Time Response (MTTR).
“Flexible, efficient and comprehensive, with richer scene support”
Equipped with an independent and controllable firewall system, it integrates rich network features, has the ability to connect with third-party systems, share data, and enhance business value.
The leading multi-core architecture and distributed search and detection engine, with high-performance processors and multi-service parallel processing, have fast and efficient business processing and protection capabilities.
It integrates firewall, load balancing, intrusion prevention, virus filtering, application identification, behavior control, VPN access, business visibility, security authentication and other functions to provide a comprehensive network solution.
“Professional intelligent engine, three-dimensional protection and safety”
The WAF level intrusion prevention function with more than 4000 predefined attack features, the unique real-time virus interception technology with massive virus features and the virus protection function of the high-efficiency engine can analyze the traffic in real time, effectively block the attacks and virus behaviors in the network from the data link layer to the application layer, comprehensively and stereoscopically protect the key data of users, and avoid the leakage of confidential files and economic losses.
“Deep data recognition and more detailed behavior control”
By DPI / DFI technology, through comprehensive analysis of user traffic, it can deeply identify the built-in actions of applications, help enterprises to intercept bad comments in time, and make the network more orderly through application fine management.
“Optimized bandwidth management and faster user experience”
Thoroughly understand the current and historical utilization of bandwidth resources, and formulate bandwidth management strategies accordingly to verify the effectiveness of the strategies. Ensure the bandwidth required by core users and core services, limit the occupation of resources by unrelated services, and improve the user's experience of using the network. Traffic limit and time limit distinguish user rights, realize differential service and help marketing.
“Centralized and unified control makes network operation and maintenance more convenient”
With the integrated security strategy, the administrator can control the application, website address, intrusion prevention, virus killing and other contents through one policy, which is convenient to use and easy to maintain, which greatly reduces the difficulty of network replacement and simplifies the task of operation and maintenance.
Ensure the security of user network and business
Flexible policy and VPN one key deployment function, easy to use
Complete functions and security visualization support to improve the manageability of the network
- System Composition
- Networking deployment
- Security capability
- Intrusion Prevention
- Threat Intelligence
- Virus protection
- Web protection
- Risk scanning
System components: support the architecture of separation of centralized management center (SG manager) and equipment (SG). A management center can manage single or multiple equipment.
Transparent mode: support transparent bridge mode access to the network, mainly covering serial access network, without affecting customer network access.
Bypass mode: support bypass mode, no need to change the network configuration, realize online behavior audit, cover core exchange traffic mirror, and receive audit information.Support multi-channel monitoring.
Mixed mode: it supports transparent, mixed, multi-channel bridge function, and multiple interfaces can be supported in one-way bridge. The above three access modes can be mixed access.
Threat Intelligence: real time statistics of threat intelligence type distribution, support pie chart display, click chart switch to table display.
Attack trend: integrate the attacks in the network, support the trend chart to display IPS, threat intelligence, web application attack, DDoS, AV, etc., and automatically refresh the attack trend chart.
It also supports the integration of attack log and threat log.
It supports 4500 + predetermined intrusion attack features, including web server protection, web page anti crawler, webpage tamper prevention, HTTPS protection, DDoS attack protection, Web attack filtering, vulnerability protection, etc.
It supports user-defined intrusion attack feature classes, and can select protection level (low, medium, high), detailed intrusion attack features, processing actions (allow, reject, discard, discard session, block source address), etc.
It supports the display of intrusion attack features, and click to jump to the attack feature description page. The content of the page includes: attack name, attack harm, system involved, attack details, treatment suggestions and other information.
Support keyword based search for intrusion attack features.
Support configuration of two Threat Intelligence cloud platforms
Support to test cloud platform connectivity
Threat Intelligence base upgrade:
Support manual upgrade of Threat Intelligence feature library，support automatic upgrade of Threat Intelligence feature library，and support regular upgrade record of Threat Intelligence feature library upgrade history information
Support HTTP, FTP, POP3, SMTP, IMAP protocol virus killing.
Support scanning predefined file types, including exe, oc, wps, ppt, xl, com, bat, dll, hta, tar, scr, pif, cpl, vb, etc; Support custom add file type, can be enabled or disabled.
It supports checking and killing virus contained in email body / attachment, web page and download file.
Support ZIP / RAR and other compressed files virus killing, maximum decompression layer settings.The default value is 5; Range: 5-20.
Rule base: support: http protocol check, general attack, SQL injection attack, XSS attack, directory traversal, malicious scanning and crawling, Trojan horse attack, session hijacking, sensitive information disclosure, server protection, CMS vulnerability protection and other 11 types.
Tamper proof Web caching: supports caching and cleaning.
Weak password scanning: support new scanning task support: task name; Scan address range; Services; Scanning mode;Password type check; Scanning type; The task description supports the display of scanning results and the import of password dictionary
SSL VPN: supports the selection of two SSL VPN dial in interfaces, supports the configuration of SSL VPN port, global DNS, address pool, default routing, supports multiple login of users, and supports anti brute force cracking function