After threat intelligence is enabled, CFW feeds network perimeter traffic to the threat intelligence detection and analysis engine to identify unknown risks beyond access control rules. Prioritized protection packages are also available to enhance risk resistance capabilities in prioritized protection scenarios.
Directions
1. Log in to the Cloud Firewall console and click Intrusion Protection System in the left navigation pane.
2. On the Intrusion protection system page, click
next to Threat intelligence to enable this feature.
Note:
Only when threat intelligence and edge firewall are both enabled for a public IP address, CFW monitors and analyzes the north-south traffic on this IP address based on the threat intelligence.
3. After threat intelligence is enabled, CFW feeds network perimeter traffic to the threat intelligence detection and analysis engine to identify unknown risks beyond access control rules:
Malicious incoming access: CFW detects malicious scanning, brute-force attacks, and remote control from malicious IP addresses to cloud assets, as well as mining Trojans, ransomware, and other threat samples.
Outgoing access: CFW detects outgoing access from cloud assets to external malicious IP addresses or domain names, and identifies potential server compromise risks through the comparative analysis of big data provided by threat intelligence.
