uCLOUD

Managed Security

ucloud biz is using Intel Cloud Technology

Security

What is Managed Security service?

Managed Security service is to provide professional and continuous security management to VPC customers through operation management experts and to offer weak point diagnosis, security incident analysis/countermeasure to server customers.
As a customized security service depending on each security level, it enables optimum security with comprehensive operating management system such as constructed consulting, constant security operation and monitoring, countermeasure for security incident, etc.

매니지드 보안서비스는 VPC 고객 대상으로 전문 운영관리 인력을 통해 전문적이고 지속적인 보안관리를 제공하는 서비스입니다. 각 보안 계층 별 맞춤 보안서비스로 구축 컨설팅에서 상시 보안 운영 및 감시, 침해대응 등 종합적인 운영 관리체계로 최적의 보안성을 유지할 수 있습니다.

Service Highlights

  • 01
    As consulting is provided from the early stage of security system construction, it can be done in a simpler and more optimum manner and service can be flexibly designed suitable for various customer needs.
  • 02
    With systematic operation management by kt’s security experts, cost can be reduced compared to direct operation and high level of security can be maintained.
  • 03
    Stable security management is provided even on weekends and holidays with 24-hour constant security management service all year round.
  • 04
    Current conditions of system operation can be checked with periodic security information.
  • 05
    You can obtain security-related information whenever you need with Help Desk operating year-round.
  • 06
    As a service for weak point analysis and security incident analysis/countermeasure, it can protect customer’s system from security threats.

Service target

  • 1 CDC(Cloud Data Center) security
    It is the most orthodox and basic method for security by preventing physical access to customer’s data processing infra from unapproved ones and monitoring/controlling in accordance with access policy.
    Unlike the concept of data processing room where a number of operational personnel frequently come in and out for maintenance, ucloud system can satisfy stronger physical security with control over physical access of operational personnel.
    Security infra of kt ucloud provides powerful physical security measure including access control over data processing resources, cage installation, arrangement of monitoring personnel, CCTV installation, etc.
  • 2 Network security
    It is a security method to defend internal data processing resources by controlling protocol, IP and port on Internet network class from external malicious intrusion/invasion including hackers, etc.
    All of data processing resources connected to Internet are fundamentally of free access from outside and to prevent such unauthorized access, access control and intrusion blocking are of absolute need.
    It is a security measure that should be first constructed in a corporate computer security while requiring a constant monitoring operation system, which consumes cost and personnel the most.
    By constructing firewall, UTM, Anti-DDoS system etc, it cuts off external threats and protects the network, monitors and analyzes through interworking with security systems such as IDS/IPS/ESM.
  • 3 Server security
    It is a security measure to enhance security on server(VM) level where customer’s data processing system operates.
    Server’s OS is with a number of security weak points on it and vulnerability on operational management may exist such as exposure of administrator’s account.
    Threats coming from outside such as malicious code, virus, backdoor, bot etc also exist.
    It resolves these threats through measures such as vaccine solution for server, solving weak points of OS through regular patch, periodic account and password management, regular vulnerability check and other actions for problem solving.
  • 4 Web/Application security
    As most of IT businesses are done through web, most hacking attacks are made through web.
    For services’ nature that should enable anyone to make access, hacking through web incurs numerous damages as existing network security equipment cannot defend such attack.
    On cloud infra where web environment plays a major role, importance of web security is growing bigger.
    Web/Application security is a security measure to solve such weak points within and to professionally defend attacks and invasion through web.
    It supplements web vulnerability through solutions such as web firewall, shell monitor etc and defends illegal invasion.
  • 5 DB/Contents security
    Database and contents are the ultimate values that a business should defend.
    It is a security measure to control access to prevent important data from unauthorized leaking, to make preparations for a case of the leakage with encryption and to make audit activities on it.
    It prevents leakage through DB encryption/access control, contents encryption, prevention of data leakage, DRM/DLP, etc.
  • 6 Operational management service on intrusion prevention system

    Firewall Managed Service

    Operation of intrusion prevention system is a fundamental for security maintenance on data processing resources and it is very sensitive enough to decide the quality of entire service.
    Service of intrusion prevention system is provided as firewall through kt’s security experts.
    It analyzes and recommends security rule depending on customer’s system and applies the rule based on customer’s request.

    • Service function
      • Operational management on firewall equipment and Health Check
      • Supporting security rule composition setting
      • Recommending and analyzing default firewall rule
      • Emergency analysis and application of rule for blocking invasion when it is is likely
      • Reflecting user-defined rule
      • Policy backup
    • Service item
      서비스 내역표
      Classification Service item Remark
      Composition management Consultation on security network composition At the beginning
      Providing composition/rule setting and backup Upon change/Every month
      Usability management Management on rate of system operation Always
      Policy management Firewall policy processing Upon request
      Firweall policy backup and provision Upon change/Every month
      Firewall system monitoring 24 hours/365 days
      Operational management Blocking intrusion attempt through remote management console 24 hours/365 days
      Up-to-date patch on system and functional upgrade After manufacturer’s announcement
      System Alert Service Upon occurrence

    IDS/IPS Managed Service

    Service for intrusion detection or intrusion prevention system, the key for network security management, is operated by professional security management team.

    • Service function
      • Operational management on IDS/IPS and Health Check
      • Applying default detection rule
      • Detection/Blocking Rule Customizing/Tuning
      • Constant monitoring for intrusion attempt and traffic analysis
      • Analyzing intrusion pattern and evidence logging
      • Policy backup
    • Service item
      서비스 내역표
      Classification Service item Remark
      Composition management Fixing monitoring range At the beginning
      Composition and setting backup Upon change/Every month
      Usability management Management on rate of system operation Always
      Policy management IDS Pattern Customizing Always
      IDS Pattern Update Upon manufacturer’s announcement
      Operational management Blocking intrusion attempt through remote management console 24 hours/365 days
      Up-to-date patch on system and functional upgrade After manufacturer’s announcement
      System Alert Service Upon occurrence
  • 7 Security control service

    Managed Security Monitoring

    Security control service is to protect customer’s information resource and system and to monitor, analyze and report intrusion/invasion through 24-hour, year-round and real-time security monitoring and reporting activities.
    It provides response/preventive activities through interworking with and analysis on ESM(Enterprise Security Management) of integrated security control room as to events of security solution such as firewall, IDS, etc.

    • Service function
      • Event monitoring on each security equipment
      • Event collecting through ESM, integrated monitoring and analysis
      • Monitoring, analyzing and responding to invasion/attack attempts in real time
      • Dealing with security incident upon occurrence
      • Reporting to customer upon occurrence of major event
      • Providing regular security control report
      • Providing reports on intrusion response/incident
      • Providing up-to-date security trend and information
      • Security help desk
    • Service item
      서비스 내역표
      Classification Service item Remark
      Firewall Monitoring Firewall event 24 hours/365 days
      IDS/IPS Monitoring IDS event 24 hours/365 days
      ESM Integrated monitoring through ESM 24 hours/365 days
      Alert reporting Upon intrusion (attack) attempt Upon generation of Alert
      When security incident occurs After detection
      When system Alert and error occurs Upon generation of Alert
      When performance of security equipment becomes an issue Upon generation of Alert
      Response to incident Providing exclusive CERT personnel upon occurrence of security incident After reporting
      Dealing with security incident upon occurrence After detection
      Damaged system analysis and emergency measure being taken After detection
      Handling of attacks After detection
      Report Control report Every month
      Intrusion response report After handling
      Intrusion incident report After handling
      Up-to-date, new security technology /Vulnerability information/Incident information/Security recommendation Upon occurrence
  • 8 Web firewall operational management service

    WAF Managed Service

    Web firewall solution is professional security management solution, requiring initial learning and continuous optimization afterward, which consumes a lot of efforts and time for its operation.
    Web firewall operational management service is procuracy for customer’s direct operation which incurs a lot of burden

    • Service function
      • Providing learning on web firewall traffic type
      • Setting detection and defense rule based on learning
      • Selecting default defense rule and applying its level
      • Blocking web attacks and intrusion such as SQL injection, XSS, etc.
      • Defending 10 weak points of OWASP
    • Service item
      서비스 내역표
      Classification Service item Remark
      Composition management Fixing monitoring range At the beginning
      Composition and setting backup Upon change/Every month
      Usability management Management on rate of system operation Always
      Policy management Providing Web traffic learning At the beginning (for 3 weeks)
      WAF Rule Customizing At the beginning / Upon change
      WAF Pattern Update Upon manufacturer’s announcement
      Operational management Monitoring intrusion attempt through remote management 24 hours/365 days
      Up-to-date patch on system and functional upgrade After manufacturer’s announcement
      System Alert Service Upon occurrence
  • 9 Shell monitor service

    Shell Monitor Service

    As web service represents an increasing share in Internet environment, cases are increasing that malicious code is inserted to customer’s system to use it as distributor of such code, separately from direct intrusion to customer’s system.
    Shell monitor service is to diagnose and monitor whether such malicious code is inserted and to remove when detected.

    • Service function
      • Monitoring insertion of malicious web shell
      • Diagnosing whether web shell is inserted on each domain
      • Removing detected web shells and restoring originals
    • Service item
      서비스 내역표
      Classification Service item Service item
      Operational management Monitoring insertion of web shell Always
      Diagnosing and deleting web shell Regularly
  • 10 Vaccine service

    Server Anti-Virus Service

    Vaccine service diagnoses infection from malicious codes such as Trojan and virus that can be incurred while using ucloud server by providing/managing Anti-Virus vaccine exclusively for server and provides a function to delete infected malicious code.

    • Service function
      • Real-time monitoring for malicious code
      • Diagnosing and removing virus within server
      • Diagnosing and removing spyware/adware
      • Grasping and controlling operation through central management
      • Selectable between automatic/manual update
    • Service item
      서비스 내역표
      Classification Service item Remark
      Operational management Version and engine update After manufacturer’s announcement
      Automatic/Manual
      Central management Always

Service type

서비스 내역표
Classification Service item Remark
ucloue server Security diagnosis service Diagnosing weak points, intrusion analysis/response service
ucloud VPC Security control basic Operational management service on intrusion prevention system
Security control premium Operational management service on intrusion prevention system
Operational management service on intrusion prevention system
24-hour, year-round security control service
Regular security reporting service
Annual vulnerability check service
Operational management on web firewall WEB F/W operational management service
Shell monitor Detecting/Blocking malicious code
Vaccine service Virus vaccine service for server

Equipment and solution supported

  • 1 Firewall

    파이어월 지원 제품표
    Domestic product Overseas product
    Secui MF2 Series(scheduled) Juniper ISG Series
    Juniper SSG Series
    Fortinet Fortigate Series
  • 2 IDS(domestic product)
    Winstechnet Sniper IDS Series
  • 3 IPS(domestic product)
    Winstechnet Sniper IPS Series
    Secui MFI Series(scheduled)
  • 4 WAF(web firewall, domestic product)
    PentaSecurity WAPLES Series
    Monitorapp WebInsight Series
    Piolink Webfront Series
TOPtop으로 이동

Service rate

  • You can use this service through requesting consulting.
    Upon request, the manager will let give you a guide in detail.