Security defense method and system for cloud environment and computer readable storage medium

Abstract

The invention discloses a security defense method and system for a cloud environment and a computer readable storage medium. The system comprises a first virtual security network element module, a first virtual interactive network element module and a first detection module; the first virtual security network element module comprises one or more virtual security network element groups, and each virtual security network element group comprises a main virtual security network element and a standby virtual security network element; the first virtual interactive network element module carries outflow forwarding between the cloud platform and a first defense service chain, and the first defense service chain is a security defense loop which is connected with each virtual security network element group according to a specified sequence; the first detection module detects whether each main and standby virtual security network element is available or not through a first detection service chain, and the first detection service chain is an available test loop for connecting the first detection module and each virtual security network element. According to the application, the main virtual security network element and the standby virtual security network element are arranged, and the node fault is detected by detecting the service chain, so that the high-availability serial defense capability and the automatic and low-delay fault identification and recovery capability are realized.

Description

technical field [0001] The present invention relates to the technical field of computer security, in particular to a security defense method and system for a cloud environment, and a computer-readable storage medium. Background technique [0002] With the continuous development of the network information age, cloud computing has gradually become the mainstream deployment method for various industries and businesses. However, after services are migrated to the cloud, traditional security problems will not only be magnified, but also new security risks will be brought. The current practice of mainstream manufacturers is to deploy virtual security network elements in an external security resource pool in a side-mounted manner, and divert traffic to the external resource pool in the cloud to realize the virtualization function. When traffic is introduced into the security resource pool, serial defense products are arranged in a certain order by building a software service chain ...

AI Technical Summary

Problems solved by technology

[0003] However, for serial defense products, in addition to security defense capabilities, the most important thing is high availability. Once a serial defense product without high availability capabilities is damaged, all traffic to the protected node may be blocked. Blocking, resulting in network paralysis, the consequences are very serious

[0004] The solutions of some mainstream manufacturers set up the active and standby nodes, and manually switch when the user detects a network anomaly. This method judges the anomaly based on the subjective behavior of the user, and through manual recovery, the network recovery speed is very slow and the effect is not good.

Some manufacturers judge by judging the power-on and power-off status of the security node. This method cannot judge the state of suspended animation (that is, the security node is powered on, but the traffic is not processed and forwarded internally, thereby blocking the traffic), and the monitoring effect is poor. Once the node appears The state of suspended animation may still lead to network paralysis

Images