Xiangya Hospital of Central South University

Pain points and needs

A firewall was deployed at the exit of the user's original special line, and there were three lines at the Internet exit. One anti-virus wall, one firewall and one WAF were deployed in series. No protective equipment was deployed in the access area of the bank and the third party access exit floor. This situation neither meets compliance requirements nor effectively provides security protection.

Protective layer：A series of safety protection equipment is deployed at the Internet outlet in a "string of Tomatoes on sticks" manner, which is complex in operation and maintenance and has a single point of failure risk; The dedicated line exit only has three layers of access control strategy, lacking application layer protection, and there is a vacuum of bank and third-party access protection, which poses significant security risks.

Audit level：User online behavior cannot be audited, and if information leakage occurs, it cannot be traced.

Detection level：Lack of ability to continuously detect unknown and latent threats.

The solution

With the help of the DeepTrust Level Protection 2.0 solution, users not only passed the compliance assessment with high scores, but also achieved continuous security protection.

·Firstly, the network architecture is sorted out, and all three exits adopt a dual machine redundant architecture to avoid single point of failure, ensure business access continuity, and improve network reliability;

·Replace IPS, WAF, and FW with the next-generation firewall from Shenxin, achieving integrated and coordinated defense of various functions, and integrating security is simple and effective;

·Deploy DeepTrust Internet behavior management in bridge mode at the export to meet audit compliance requirements;

·By deploying link load balancing devices, achieve fault switching and intelligent routing;

·By deploying latent threat probes and security awareness platforms in the core switch bypass, unknown and latent threats are continuously detected to assist users in grasping the overall network security situation.

Program value

Integrated security, simple and effective

With the help of Shenxin's next-generation firewall, a single device can easily meet the compliance needs that originally required multiple devices such as IPS and WAF. In addition, the internal functions of the devices can be effectively linked, building an integrated linkage defense system for users and bringing comprehensive security protection from L2-L7 layers. By providing visual risk analysis reports, the burden of user operations has been significantly reduced.

Full protection, intelligent visibility

By leveraging the next-generation firewall of DeepTrust and matching security policies with business situations, we provide comprehensive protection before, during, and after the event, achieving the effect of "two wings of business and security, two wheels of driving", and providing users with an efficient, stable, and secure operating environment for their business. With the help of visual comprehensive risk reports, users can intuitively and clearly see the problems existing in the network, and easily complete strategy configuration through "one click" and "guided" operation steps.

Reliable service, audit compliance

The dual machine redundant deployment mode reduces single point of failure, ensures business access continuity, and improves network reliability; The deployment of internet behavior management devices meets the logging requirements of the Network Security Law, preventing internal network users from actively leaking information and facilitating responsibility tracing.

Continuous detection, rapid response

By deploying a security awareness platform and latent threat probes, the platform continuously monitors the security status of the entire network, especially for latent and unknown threats that traditional devices cannot locate and discover. The platform can rely on artificial intelligence mechanisms to detect them in a timely manner and quickly issue disposal suggestions to next-generation firewalls and other protective devices, thereby achieving rapid reinforcement of the defense system.