AIFW, Empowering Future

Enterprise Security with AI

Huawei HiSecEngine USG6000E Series

AI Firewall Technical Presentation

V600R007

Security Level:
Contents

1. Cyber Security Evolution Trends, Challenges to Firewalls

2. Huawei AIFW: Ever Innovating Chips

3. Security Power of Huawei AIFW

4. Success Stories in Various Industries

 Security: Objectives and Obstacles of Security Deployment
Objectives of security deployment: Obstacles to security deployment:
To protect core data, defend against advanced threats, shorten the threat Complex deployment, low cost-effectiveness, far from helping customers
processing time, and reduce O&M costs shorten the threat identification time

0% 10% 20% 30% 40% 50%

0% 10% 20% 30% 40% 50% 60% 70% 80%

To defense data theft/economic loss

防止数据被盗/经济损失 Complex security architecture
安全架构复杂 45%
75%

To protect apps and data in public clouds

保护公有云中的应用和数据 75% Products or services incapable
产品或服务不能提供完整的防…
of providing complete threat 43%
To connect the threat defense architecture
将威胁防御架构连接到威胁情报源 defense
71%
to the threat intelligence source 性能差
Poor performance 39%
To defend against advanced
防御高级威胁 threats 71%
High成本高
costs 38%
To shorten threat discovery and resolving time
减少威胁发现和解决时间 68%
Inventory products incapable of
To protect IoT network devices
保护网络中的IOT设备 66% 存量产品无法提升客户能力降… 37%
improving customer capabilities
To deploy virtual security solutions
部署虚拟化安全解决方案 66% Lacking integration with security
缺少和安全解决方案集成 37%
solutions
To reduce O&M costs
减少运维成本 66%
Poor management
贫瘠的管理平台 platform 37%
To improve security architecture
提升安全架构性能performance 65%
To integrate orchestration and 部署困难
Difficult-to-deploy 34%
将编排和自动化放到威胁防御中 63%
automation into threat defense
To enhance prediction and Security vendors lacking
增加预测和事件响应能力 62% 安全厂家缺少创新 31%
event response capabilities innovation
Driven by compliance
合规驱动 57% Lacking automation and
缺少自动化和编排工具
orchestration tools 30%
To减少安全复杂度
simplify security 54%

Source: IHS 2019

 Threats: Ever-Changing, More Difficult to Be Detected by
Traditional Firewalls
Vulnerability APT
1990 2019
Fast-changing threats

More difficult in protecting

the network Virus Worm DDoS Phishing Trojan horse Web threat Advanced Ransomware Intranet M2M attack
threat threat

Globelmposter: four variants in 2 years, ever-

Warnnacry: various variants in 2 months
changing encryption algorithms and file suffixes
Frequent threat variation
1.0 2.0 3.0 4.0 1.0 2.0 New sample

The traditional signature 2017-05 2018-02 2018-08 2019-03 2017-03 2017-05-12 2017-05-14
database is slow in detecting
and responding to threats

Multi-dimensional attacks, In 2017, internal threats accounted for

increasing encrypted In 2019, 75% of web traffic is encrypted.
services 34%, which increase year by year.
Difficult in detecting attacks
Source: Verizon Source: NSS LABS
Products: Universal and Home-Made Chips, To Be Improved
Intel chips open the "Pandora's Box" of Home-make chips are still developing
chip vulnerabilities
Market Scale and Growth Rate of Integrated
Circuits in China from 2013 to 2018
16000 16%
All data loaded to the 14000 14%
processor core is leaked 12000 12%
10000 10%
8000 8%
6000 6%
4000 4%
Attackers can obtain 2000 2%
kernel-level high 0 0%
permissions by 2013 2014 2015 2016 2017 2018
exploiting vulnerabilities.
Market scale Growth rate

High price High power

consumption
2x universal chip
price Over 2x universal
Backward chips
technology
28 nm
 What Kind of Firewall We Need?

Huawei- Intelligent defense Simplified O&M

developed chip

• Huawei-developed security chip: • Three threat defense engines: • New web UI 2.0
Built-in co-processing engine  Next-generation engine (NGE):  A new security UI supporting threat
(forwarding/encryption/pattern IPS/AV/URL NGFW detection engine visualization
matching acceleration)  Cloud deploy engine (CDE): • CloudCampus Solution
malicious file analysis engine  Fast and simple network deployment
• Huawei-developed AI chip: 8 TOPS  Artificial intelligence engine (AIE):  Security controller integrated into
16-bit floating-point computing APT threat detection engine Agile Controller-Campus as a
power, supporting advanced threat component, enhancing firewall O&M
defense pattern matching and management
acceleration
Contents

1. Cyber Security Evolution Trends, Challenges to Firewalls

2. Huawei AIFW: Ever Innovating Chips

3. Security Power of Huawei AIFW

4. Success Stories in Various Industries

 Huawei- Intelligent Simplified

Huawei-Developed: All Core Chips and Core

developed chip defense O&M

Software Are Developed by Huawei

AI system-on-a-chip (SoC) Device operating Network OS International

CPU with industry's best NPU with industry's best system (OS) standards
security defense capability forwarding capability with industry's highest edge
computing capabilities

 Chip: Use Huawei-developed key chips to build core  OS: Huawei-developed and customized OSs for
competitiveness. communication networks, providing better performance
 Capability: Construct industry-leading basic hardware and and functions.
manufacturing capabilities.  Standards: Proactively participate in and lead standards
innovation.
 Huawei- Intelligent Simplified
Huawei-Developed: Unloading Data developed chip defense O&M

Services from Huawei-Developed Chips,

Implementing Low-Latency Forwarding
As-Is To-Be
Lower latency:
High latency: Huawei firewalls unload session entries through network forwarding chips
Network chip processing latency + computing chip (low-end SOC integration), reducing the packet forwarding latency by 70%.
processing latency = Total latency of a traditional firewall Customized packet forwarding acceleration:
Huawei firewalls can customize packet forwarding acceleration based on
ACLs/interfaces, protecting key services.

Session table Session table

Session 1
30 us to 50 us Universal CPU Huawei- Session 1
Session 2 developed PCU Session 2

+ 10-18 ms Unloading a
flow table
Network Flow 1
10 us to 18 us Network
forwarding chip forwarding chip Flow 2

(SOC)
First-packet process
Subsequent packet process
 Huawei- Intelligent Simplified

Huawei-Developed: USG6000E, Meeting

developed chip defense O&M

Various Customer Requirements

High reliability

• Dual power redundancy and 3+1 fan

Intelligent frequency module redundancy
conversion, saving
power Data center-specific

• Automatic adjustment of power • Front-to-back ventilation, meeting

consumption based on the port data center requirements
status, 30%↓ power consumption • 1 U height, saving rack space
• Adaptive voltage scaling (AVS),
effectively reducing the chip power
consumption

Flexible combination
of hard disks Diversified ports

• Solid-state drive (SSD)/hard disk drive • GE/10GE/40GE ports

(HDD), stable and cost-effective • 10GE/GE auto-sensing
 Huawei- Intelligent Simplified

Huawei-Developed: Higher Performance

developed chip defense O&M

Powered by Huawei-Developed Chipsets

3-10
64-byte throughput (Gbit/s) 3-10 times SSL decryption performance times
40 (Gbit/s)
Huawei-developed chips greatly 5
30
improve product performance.
20

10

0 0
Desktop (1G) Desktop (4G) 1 U 8G 1 U 20G 1 U 40G
Desktop (1G) Desktop (4G) 1 U 8G 1 U 20G 1 U 40G
USG6XX5E USG6000 USG6XX5E USG6000

1-5
Low latency (μs) IPsec performance (Gbit/s)
1/6 times
150 15

100 10

50 5

0 0
Desktop (1G) Desktop (4G) 1 U 8G 1 U 20G 1 U 40G Desktop (1G) Desktop (4G) 1 U 8G 1 U 20G 1 U 40G
USG6XX5E USG6000 USG6XX5E USG6000
Network Expertise: Huawei's Secure and Abundant
IPv6 Capabilities

IPv6 network switching IPv6 policy management IPv6 security protection IPv6 service visibility
and control
• IPv4/IPv6 dual stack • Security policy • Intrusion detection • Device management
• DSLite tunnel • Application control • Antivirus • Traffic monitoring
• NAT64 translation • User management and • Defense against attacks • Application identification
• NAT66 translation control • IPsec6 • Logs and reports
• URL filtering

NAT66 IPsec6
User authentication Packet mirroring
Translates the public and Improves communication security between
Identifies IP addresses of network traffic as users'
private IPv6 addresses IPv6 networks.
IP addresses, provides user-based management Obtains and
to reduce the difficulty in
for network behavior control and network analyzes
advertising the IPv6
permission assignment, and implements refined session packets
IPv6 IPv6 routes of private
management. without
networks and hide the
internal IPv6 address to interrupting
prevent external attacks. services.
 Network Expertise: Dynamic/Static Intelligent Uplink
Selection Based on Multi-Egress Links
Static intelligent Dynamic intelligent IPsec/Internet/MPLS-based
uplink selection uplink selection uplink selection

ISP1 ISP2 ISP1 ISP1 ISP2

Internet DC

• Link weight • Latency

• Interface • Jitter IPsec VPN MPLS
bandwidth • Packet
• Link priority loss rate
(1 primary link + N
secondary links)

 User-defined link weight  User-defined link SLA (latency, jitter, and

 Flexible traffic scheduling packet loss rate), selecting the optimal link  IPsec-based intelligent uplink selection
for traffic forwarding
 Flexible combination of multiple static  Direct Internet access, private line
intelligent uplink selection rules  Application-based intelligent uplink uplink selection
selection
 Uplink selection by binding ISP address
sets to interfaces  Wired/wireless link switchover; wired link
recovery, automatic wireless switching,
minimum wireless link cost
 Huawei- Intelligent Simplified

Intelligent: Multi-Dimensional Awareness

developed chip defense O&M

+ Refined Control = Security Policy Control

Security  In-line traffic permit/block

policy engine  Bypass interference packet

 Quintuple traffic  Log monitoring
 Service applications  APT association detection
 Access users Input Handle
 URL information
 Geographical locations
 Threat information
 Time segment

Optimize
 Policy redundancy analysis
 Policy matching analysis
 Policy tuning
 Huawei- Intelligent Simplified

Intelligent: Continuous Cultivation in Security

developed chip defense O&M

Detection, Leading the AIFW Era

Most firewall vendors A few firewall vendors Huawei AIFW

Joint defense enforcement point Joint defense execution point + Joint defense execution point & data
data collection point collection point + local APT defense point

APT detection APT detection APT detection

Sandbox Associated product Sandbox Associated product Sandbox Associated product
detection detection detection

File Collect File File

restoration/ Mirror Probe restoration/ Collect Collect Joint
restoration/
mirroring mirroring mirroring detection

Built-in Built-in Huawei- Built-in

probe developed malicious file probe
detection engine (CDE)

Unique built-in Built-in Huawei-

trap sensor developed APT
detection engine (AIE)
 Huawei- Intelligent Simplified

Intelligent: Comprehensively Improved IPS

developed chip defense O&M
NGE CDE AIE

Inspection Capability
Intrusion Prevention System (IPS): Huawei-developed Multi-Dimension Detect Engine (MDDE), 5000+ 12000+
highlighted as follows:
• Six key technologies, ensuring inspection accuracy
• Huawei-developed chip + pattern matching detection engine, accelerating service processing
• Refined pattern string state machine management, increasing the number of rules that a signature 2x↑ defense signatures, with stable
database can accommodate
defense performance
• Compatible with the mainstream Snort syntax, customizing and configuring many more threat detection
rules in a more flexible manner

IPS signature database pattern string "Recommended" rating in NSS Labs

Huawei-developed hardware 2019 NGFW Group Test
acceleration detection

Packet Quick In-depth Result

Protocol Protocol
Reassemble filtering detection verification Processing
identification decoding

Among live network traffic:

Fast packet
Normal traffic: > 99% transmission

Suspicious attack or attack traffic: < 1%

Out-of-order Protocol Refined Protocol Protocol Quick filtering of

packet identification decoding for anti- classification unidentified
reassembly for all traffic post- evasion + patten traffic + in-depth
detection identification detection matching detection
traffic

1 2 3 4 5 6
 Huawei- Simplified
Intelligent defense
Intelligent: Continuously Optimizing the
developed chip O&M
NGE CDE AIE

OpenSSL Library, 5X Performance Huawei

500%
Continuous Transport Layer
Security (TLS) tracking
Huawei is an important player in the IETF
standard organization and can quickly
OpenSSL library optimization support the latest TLS protocol version.
Develop a dedicated OpenSSL library Industry
interface, doubling the process average
efficiency.
Chip hardware acceleration
Continuously track the application of the latest
algorithms (such as X25519). SSL detection
In the industry, only Huawei's next-generation performance
acceleration chips can implement acceleration for
this algorithm

3. SSL non-decryption
1. SSL proxy Server detection
Abundant Enterprise
Carrier
SSL
detection Server
2. SSL 4. Decryption and mirroring
capabilities uninstallation
Server
with a third-party APT product Plain text
Third-party APT
DC
product

Original encrypted Encrypted packet Decrypted packet In the latest version, TLS1.3 can perform SSL proxy
packet being proxied and SSL uninstallation over encrypted traffic.
 Huawei- Intelligent Simplified
Intelligent: Trustable, Controllable, Secure developed chip defense O&M

Terminal Access, Network-Wide Theat

NGE CDE AIE

Visualization Comprehensive asset management

Block Unauthorized Block Unauthorized Block Malicious platform (Border Eyes)
Terminals Services Traffic Asset management, attack defense, configuration
management, service statistics collection, log
management, one-screen monitoring

Hikvision security services

Dahua security services

First security line: access

authentication (easy-to-deploy) Second security line: in-depth anti-spoofing, Third security line: ever-updating
intrusion prevention security capabilities
To be applicable to other IoT devices

1 Device fingerprint-based 2 Traffic fingerprint-based 3 Protocol-based vulnerability

authentication filtering defense
• Focus on camera vulnerabilities to form a
• Dynamically collect camera fingerprints • Dynamically detect security service traffic, vulnerability signature database,
• Generate authentication factors based generate traffic fingerprints preventing attackers from breaking down
on fingerprints • Perform access control based on traffic cameras on a large scale by exploiting
• Proactive detection, dynamic evaluation fingerprints camera vulnerabilities
• Implement unique fingerprint • Update the IPS vulnerability database in
authentication real time

1110110100 1110110100
1010111101 Firewall
0011101011 0011101011
 Huawei- Intelligent Simplified

Intelligent: Huawei-Developed Malicious File

developed chip defense O&M
NGE CDE AIE
Detection Engine + IPS

 Two-year R&D  Redefine malicious file

CDE detection using AI
 PA Class 2.0 AI algorithm
Malicious file detection rate 97%
92%
91%

75%

Data type Content

Scanner
identification extraction
AVG Avira Kaspersky Huawei CDE

• PE files (exe, .dll) • Dejacketer • Multimode scanner Test time: average detection rate in 30 days, March 2019
• Script files (Javascrpit) • Script standardization • Hash scanner Test method: 500,000 VirusTotal samples per day
• Composite documents • Composite document • Heuristic scanner
• HTML files analysis (VBS/JS/sub-PE) • AI scanner
• Compressed files (.tar, • HTML extraction
.7zip, .zip) (script/IFrame)
• Depacketizer
 Huawei- Intelligent Simplified

Intelligent: Unique AIE APT Defense Engine,

developed chip defense O&M
NGE CDE AIE

Continuously Defending Against the Latest Threats

Non-supervision detection
On-premises training

Supervision detection
Cloud-based training

Customer Benefits
Encrypted
Brute-force …
cracking
C&C
traffic
forwarding
detection • Discover more threats with less costs, achieving
Infected host communication detection
detection detection "inclusive AI".
• Local APT detection, 50%+ faster threat response than
• The cloud delivers the latest threat detection models to customers. Customers are
free from version update. cloud-based detection
• Huawei continues R&D in AI APT detection to cope with more threats.
• Latest threat defense capabilities from the cloud to
customers, free customers from version update

AIE 20+ patents

• Comprehensive network risk evaluation, defense against
network threats on the attack chain

Collect Scan and Break Establish a Upgrade the Transfer data Steal data Forward data
information detect data boundaries settlement permission internally
 Huawei- Intelligent Simplified

Intelligent: AI-Powered Detection of Infected

developed chip defense O&M
NGE CDE AIE

Hosts, Detecting 99% DGA Domain Names

30% of malicious domain names are DGA domain names
Release an instruction
through the C&C server DGA domain
1 million+ black samples 50 sample families
name
generation
tool

C&C server

The DGA domain name replaces

the fixed IP address/domain name
Set up C&C communication to make infected hosts to
using the DGA domain name communicate with the remote
control server. As a result, the
infected hosts fail to be blacklisted.

DGA domain
DDoS attacks name
generation
tool
AIE
Infected host
Target server

99% DGA domain name detection rate

…
 Huawei- Intelligent Simplified

Intelligent: AI-Powered C&C Detection,

developed chip defense O&M
NGE CDE AIE

Efficiently Blocking APTs

C&C is a necessary action for hackers to deliver attack instructions.
If C&C can be identified, the attack source and zombies can be
accurately identified.

Release an instruction
90,000+ black samples 39 sample families
through the C&C server DGA domain
name
generation
tool

C&C server Total number of data packets

70+ metadata
• Encryption instruction  extort money Payload and header histograms
• Internal discovery instruction  identify Total number of bytes in data flows
key assets …
• External instruction  steal data
• Attack instruction  initiate DDoS attack

Infected
host

AIE
…
98% C&C detection rate
 Huawei- Intelligent Simplified

Intelligent: AI-based Decryption-Exempted

developed chip defense O&M
NGE CDE AIE

Traffic Detection
Admin US
2.5 million+/day White
70%+ encrypted traffic Partners
VirusTotal
samples

30% threat traffic Open samples

Huawei cloud sandbox
40,000+/day Black
samples
Partners/Colleges and
Universities

200+ detection
TCP traffic statistics characteristics
TLS handshake information characteristics
Associated DNS information
characteristics
Associated HTTP information characteristics
characteristics
…

љњѝӝӠӉӌ AIE
Source: Firefox telemetry, 14-day moving average Normal access
ӌҳɶɸɡљњ traffic

Top 254 enterprises, with an average annual

500+ encrypted communication sessions
detected on a single day at a site
loss of US$5 million each enterprise
99% detection rate
 Huawei- Intelligent Simplified

Intelligent: AI-Powered Detection Model,

developed chip defense O&M
NGE CDE AIE

Identifying Threats More Accurately

New brute-force cracking
Analyze characteristics of a single
session. Support more protocols and
… wider detection scope.

Authorized access Distributed brute-force cracking

Slow brute-
force
cracking Generate an AI detection
model based on traffic

AIFW AIE
Automatically update
detection capabilities
AI-powered
detection
(Isolation forest
algorithm)
OA system
 Huawei- Intelligent Simplified

Simplified: Unremitting Commitment to

developed chip defense O&M

Easy-of-Use, Reaping Brand-New Web UI 2.0

Redefine the UI based on threat visualization

 Huawei- Intelligent Simplified

Simplified: Multi-Branch Cloud

developed chip defense O&M

Management Oriented at Easy-of-Use

SecoManager is integrated into Agile
A device gets managed by Agile Controller-Campus in
three steps: Controller-Campus as an app.
1. Obtain an IP address.
DHCP: Insert a network cable into the WAN port.
Zero Touch Provisioning (ZTP)
PPPoE: Enter 192.168.0.1/hw on the web UI.
2. Get connected to the DNS registration center on
HUAWEI CLOUD to obtain the latest Agile Cloud Agile
Controller-Campus. management Controller- SecoManager Agile Controller-Campus
3. Get connected to Agile Controller-Campus. Agile registration Campus
Controller-Campus then automatically delivers pre-
defined configurations to the device. platform
Obtain the IP
Register with the address of Agile
Managed by Agile
Controller-
registration center Campus Controller-Campus
SecoManager and Agile Controller-Campus
2 PoE+ or 4 PoE
ports, applicable are integrated.
to small-branch
power supply

Ease-of-use hardware
Steady on The device has been connected to the
USB-based deployment is complete.
cloud management platform.
Blink four
The system is reading data times per Data is being transmitted to or received from the
from the USB flash drive. second cloud management platform.
Steady The device has been connected to the cloud
Default status
on management platform.

Configure and manage advanced security services,

such as IPS, antivirus, URL filtering, and anti-APT
Contents

1. Cyber Security Evolution Trends, Challenges to Firewalls

2. Huawei AIFW: Ever Innovating Chips

3. Security Power of Huawei AIFW

4. Success Stories in Various Industries

Huawei NGFW, Unremittingly Committing to Better Security
Defense Capabilities
Huawei was positioned as a "Challenger" in Gartner 2018
Magic Quadrant for NGFW and UTM.

2017
2018 2017 2018

ABILITY TO EXECUTE
ABILITY TO EXECUTE

2016
2016

COMPLETENESS OF VISION COMPLETENESS OF VISION

Huawei NGFW Earned a "Recommended" Rating in
NSS Labs 2019 NGFW Group Test

100%
Check Point
HUAWEI
Palo Alto Networks Forcepoint

Average SonicWall WatchGuard

Sophos Versa Fortinet
Barracuda

90% Hard core security, unique in China,

recommended again

Security Effectiveness
Vendor B Highlights of NSS Labs 2019 NGFW Group Test:
80%
• 12 NGFWs from industry-leading security vendors
Barracuda
• Only NGFWs with top technologies and competitiveness are eligible for
the "Recommended" rating.
70%
Why does Huawei NGFW earn a "Recommended" rating again?
• USG6620E earned the top "Recommended" rating for its outstanding
performance in threat blocking rate, threat anti-evasion, stability, and
Average

60%
Vendor A reliability.
• Highest cost-effectiveness of Huawei NGFW in the industry for its much
50% lower total cost of ownership (TCO) per Mbps than most of those from
$100 $80 $60 $40 $20 $0
other participating vendors
TCO per Protected Mbps
Contents

1. Cyber Security Evolution Trends, Challenges to Firewalls

2. Huawei AIFW: Ever Innovating Chips

3. Security Power of Huawei AIFW

4. Success Stories in Various Industries

Success Story (1): Jingdong

Core competitiveness: rapid logistics service

Huawei firewalls help Jingdong build an

efficient and secure logistics system.
Over 35 million Logistics information is quickly and securely
commodities per day
transmitted between Jingdong headquarters
and thousands of remote branches. The rapid
logistics service has become the core
competitiveness of Jingdong.

JD.com
 Success Story (2): ICBC

Annual online
transaction quantity:

> 380 trillion

Online transaction Huawei helps Industrial and Commercial Bank

quantity: of China (ICBC) build an all-round security
47 billion architecture through secure data center
transmission, security management, virtualized
security operation, and production/data network
Individual users:
isolation so that ICBC manages and controls
> 393 million information security risks in an efficient manner.
 For internal use only unless
otherwise authorized

Huawei Firewall Pros:

 Provides network security protection for school networks, including
intrusion prevention, antivirus, and encrypted web security check.
725 schools
 Prevents primary and secondary school students from accessing illegal
websites containing pornography, gambling, or drugs.
 Performs application control and bandwidth management based on
users, time segment, and applications.
 Performs IPsec-based interconnection with non-Huawei firewalls.

In Castilla-La Mancha of Spain, Huawei

deploys high-speed Wi-Fi networks for
primary and secondary schools, enabling
teachers and students to access the Internet
in a fast and secure manner, and securing
connection channels between data centers of
education networks. This project uses Huawei
future-proof CloudCampus solution involving
Wi-Fi, switches, and firewalls.
Thank you. 把数字世界带入每个人、每个家庭、
每个组织，构建万物互联的智能世界。
Bring digital to every person, home and
organization for a fully connected,
intelligent world.

Copyright © 2019 Huawei Technologies Co., Ltd.

All Rights Reserved.

The information in this document may contain predictive

statements including, without limitation, statements regarding
the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that
could cause actual results and developments to differ materially
from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose
only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.