Hillstone Security Audit Platform

(HSA) Introduction

Intersecting Human and Artificial Security Intelligence

as a Force Multiplier in Enterprise Defense
1 Challenges in Security Auditing

2 Hillstone HSA Value Proposition

3 Hillstone HSA Portfolio

4 Deployment Scenarios & Winning Cases

2
 Challenges in
Security Auditing

3
 Security Incidents Require Better Forensics

Today’s networks are constantly evolving due to:

o Threats
o Organizational changes
o New regulatory or business requirements

Enterprise and datacenter networks require high-performance, high

capacity log storage and near instantaneous query results to analyze the
explosive data generated by firewalls.

Are you prepared to answer the what, how, when, who of each security
incident in your network?

4 4
 Log Management Requires Modernization

• Massive amount and diverse types of logs require specialized log management services.

Multiple log sources Wide variety of log types

• The number of user assets is increasing. Large
number of network security devices and application
systems are deployed in various locations.
• The logs generated are stored separately in each
device and system. The query and management of
logs are extremely inconvenient.
• There are different kinds of devices and systems in
the network, that the types of logs generated get more
Wide variety
and more complicated. of logs
• Users cannot analyze and manage logs manually,
therefore cannot identify intrusion attacks and internal
violations in time.

5
Hillstone Security Audit Platform (HSA)
Value Proposition

6
 Security Audit Expert – HSA

• Hillstone security audit solution, HSA, provides online access behavior monitoring and
security auditing functions to meet log management and regulatory compliance needs.

High
Powerful and
Multi-type performance Massive log Visualized
convenient
log support log storage log report
processing log query

7
 Complete Audit Solution

• Hillstone HSA provides a complete security audit solution with full support for Hillstone security
products, and integration with third-party standard log equipment.
X Series E Series T Series
Data Center Firewall NGFW Intelligent NGFW

sBDS IPS
Breach Prevention HSA Intrusion Prevention
Security Management Platform

Third-party syslog

Third-party Windows log

CloudHive CloudEdge

8
 Support Multiple Log Types

Session Log
• HSA supports NAT, Session, URL, email, IM, and
threat protection logs. It also supports IPv4 and
Government Carrier
IPv6 logs. HSA meets the log auditing requirements
for different application scenarios of carriers,
NAT Log
universities, governments and enterprises.
Threat
Log URL Log
• HSA supports the standard syslog log format for Education
receiving and storing logs from third-party devices.
IM Log

9
 High Performance and Capacity

• Hillstone HSA provides high-performance log processing capability. The log storing speed of a single
device ranges from 3,000 to 100,000 EPS.
• The performance and capacity can easily scale by adding more devices. For each additional HSA
device, the log processing performance can be increased by up to 100,000 EPS. At the same time,
the storage space is improved.

Online Logs Dumped Logs Backup Logs

q Rich log types q Automatic log q Log backup to ftp server

q Rapid query guarantee
q URL field full-text search
q Log protection
compression and protection q Release dump space
q Log storage duration q Massive log storage for
extension longer retention time
q Secure log storage q Rapid recovery from
system failures

10
 Convenient Log Query

• Support multi-condition query for massive log information. Provide real-time query and display by
adopting a unique massive data query technology.
• Support custom queries, query condition saving, query task notifications, distributed queries, etc..
• Support real-name audit. HSA can be linked with the billing system, which synchronizes the user name
and IP correspondence to the HSA. In this way, the logs received by HSA is directly associated with
the user name that enables real-name audit.

APPs

TIME

LEVEL Protocol

S/D IP Content

11
 Comprehensive Monitoring of Device Status

• Real-time monitoring of key information of the device itself and the docking devices.

HSA status monitoring

Docking equipment key

information monitoring

Customized monitoring

12
 Visualized Log Monitoring and Reporting

• Monitor the status of the device itself and the resource usage in real-time.
• Present the log storage status and log collection trend graph that allows the admin to see the log
record at a glance.
• Provide multiple report templates, support multiple report format and custom statistics.

13
 Real-time Alarm

• Generate alarms with predefined conditions, such as hardware status, statistics of logs, etc.
• Support alarms with customized conditions

14
 Flexible Deployment Scenarios

• Support centralized and distributed deployment.

• Support seamless upgrade from a centralized deployment to a distributed deployment without effecting
the existing network topology (the master can query all logs in a centralized manner).

Centralized Deployment Distributed Deployment

HSA（master） HSA（master）

Logs Logs
HSA （ slave ）
HSA （ slave ）
Logs

15
Hillstone Security
Audit Platform
(HSA) Portfolio

16
 HSA Specifications

Specification HSA-30D HSA-10D HSA-4D

Log Processing · Binary NAT Log: 270,000EPS · Binary NAT Log: 100,000EPS · Binary NAT Log: 50,000EPS
Performance · SYSLOG Log: 60,000EPS · SYSLOG Log: 15,000EPS · SYSLOG Log: 7,000EPS

Storage 180 days NAT Log for 40G Link 180 days NAT Log for 8G Link 180 days NAT Log for 2G Link

HDD 128 TB 16 TB 4 TB

RAID RAID 50 RAID 5 RAID 0

Fixed I/O Port 4 x GE 4 x GE 2 x GE

Power Supply Single/Dual Power Supply 750W Single/Dual Power Supply 495W Single Power Supply 450W

Product Form 2U 2U 1U

17
vHSA: Virtual Hillstone Security Audit Platform

Specification vHSA-2

vCPU Minimum 4 Core, 64-bit processor

Memory Minimum 4G

Disk 2TB

Log Storage NAT log: 180 Days for 1G link

NAT: 30,000 EPS

Performance
Syslog: 4,000 EPS

Hypervisor Support VMware EXSi 5.1 / 5.5 / 6.0, VMware Workstation 12 or later version, KVM

18
Deployment Scenarios
& Winning Cases

19
 Security Audit: Carriers and Telco

The Hillstone Next-Generation Firewall is deployed at the Carrier A Carrier B

Internet perimeter as a NAT appliance; with HSA deployed in
tapping mode to record user logs.

Solution Benefits
• Meet regulatory compliance requirements

• Provide a cost-effective total solution with high performance

Key Features

• High-performance log processing and high-capacity storage

• Logs: NAT logs (NAT444 logs); URL; IM login/logout

• Log dumping
• Real-name log auditing
• Simple and instantaneous log queries

• Distributed deployment, with support for distributed queries

Business Users Residential Users

20
 Security Audit: Education Services

Internet
The Hillstone Next-Generation Firewall is deployed at the
campus network perimeter; with firewall and NAT features
enabled. HSA is deployed in tapping mode to record staff
and student internet usage logs.

Solution Benefits
• Meet regulatory compliance requirements
• Address requirements for real-name access Authentication and
Billing System
• Improves efficiency and reduces administrative
overhead

Features
• Logs: NAT, URL, IM on/offline logs
• Real-name log auditing
• Simple and instantaneous log queries
Students Teachers Campus DC

21
 Security Audit: Government/Enterprises

Hillstone Next-Generation Fireawall is deployed at the Internet

government/enterprise network perimeter, with all
NGFW features enabled. HSA/vHSA is deployed in
tapping mode to record employee Internet access logs.

Solution Benefits
• Meet regulatory compliance requirements

• Improves network management efficiency and reduces

administration overhead Authentication and
Billing System
Features
• Logs: NAT, URL, IM on/offline logs
• Real-name log auditing
• IPS and AV security logs
• Statistics reporting features
• Session logs
Intranet External Network Intranet Servers

22
 Security Audit: Virtualized Data Center
Hillstone CloudHive and CloudEdge are deployed on a
virtualized datacenter, providing protection between
VMs and North-South traffic. vHSA is deployed in
different areas of the Cloud Datacenter for audit.
Internet
Branch Office
Datacenter firewall is deployed at the datacenter perimeter. HSA
HSA is deployed in tapping mode to record internet
access logs and threat protection logs.
N
Solution Benefits
vHSA vHSA
• Meets regulatory compliance requirements Security Security
Zone A Zone B
S Level 2
• Provides centralized audit for both Cloud service Level 3

provider and tenant, improves network management N N N N

efficiency and reduces administration overhead
S S S S

Features
• Logs: NAT, URL, IM on/offline logs
VPC VPC VPC VPC
• IPS and AV security logs
• Statistics reporting
• Session logs Virtualized Data Center

23
 Configuration Recommendation

Recommended Products
Recommended Products
Customer Link (180-day NAT log processing
(180-day NAT, URL, IM log processing)
capability)

<1G Link E3662 and below, 1 HSA-4D/vHSA-2

Education 1G~3G Link E3662~E5568, 1 HSA-4D E3662~E5568, 1 HSA-4D

Government
Enterprise 3G~5G Link E5568~E5760, 1 HSA-4D E5568~E5760, 1 HSA-4D

5G～10G Link E5960 and above, 1 HSA-10D

<1G Link E3662 and below, 1 HSA-4D E3662 and below, 1 HSA-4D

1~4G Link E5568-E5960, 1 HSA-10D E5568-E5960, 1 HSA-10D

Carrier
5~10G Link 1 E6160/X7180 (basic config), 1 HSA-10D 1 E6160/X7180 (basic system), 2 HSA-10D

>10G Link 1 E6360/X7180 (medium/high config), multiple HSA-10/HSA-10D/vHSA-2, distributed deployment

24
 Winning Cases: HSA

Al Majamma University Guangdong University of People's Public Security Aipu Networks China Unicom
Education Foreign Studies University of China ISP ISP
UAE, HSA3D, T5860 Education Education China, HSA10, E5260 China, HSA10, X7180
China, HSA10, E6160 China, HSA10,E2800

Government Pharmaceutical Ministry of Agriculture of Industrial Bank China National Aviation KingMed Diagnostics
Organization Peru Finance Fuel Healthcare
Government Government China, HSA10, E2300 Energy China, HSA3, E2300
Thailand, HSA3D, E3960 Peru, vHSA, T1860 China, HSA3, E5760

25
 +1 408 508 6750
inquiry@hillstonenet.com
5201 Great America Pkwy, #420
Santa Clara, CA 95054
www.hillstonenet.com
26