Contact
us
EN |
EN |

Contact Us

Position: Solution Center

Solution Center

Industry Challenges

Data is viewed as the core asset of an enterprise. Preventing data leakage through traditional TDE and DLP methods is not only less efficient, putting bad effects on terminal and network performance, but also fail to offer fundamental guarantee for enterprise data and important information.

Difficulty in data grading
Data on the terminal both from a company or an individual is identified and processed. It is a huge workload to make a clear classification for terminal data.
It's hard to strike a balance between compatibility, efficiency and security
TDE、DLP technologies use endpoint resources in security management at the expense of high resource overhead, which is low accuracy and doesn’t support all data formats and complex scenarios (code protection).
Lack of flexible security implementation
Terminal availability is sacrificed as terminal security fails to self-adapt to varied requirements from different businesses.
High cost and complicated process of operation and maintenance
It is complicated work to ensure data security in the last transmission mile for it requires cooperation between multiple terminals and network security products.

Self-adaptive Secure Computing Platform Based on Zero Trust

With a combination of identity management, AI security decision centers, lightweight trusted computing technologies, micro-segmentation and software-defined perimeters, AerospaceX’s self-adaptive secure zero-trust computing platform not only realize controllable access, stealth business and reduced exposure surface to keep away from cyber attacks, but also achieve environmental trust and data security in terminal devices and cloud computing nodes. By doing so, we enable security systems to meet the need of the digital business in a self-adaptive, automatic, clouding and mandatory way and comprehensively prevent internal and external security risks including data leakage, blackmail, network invasion, carrier theft, illegal operations, and software and hardware loophole.

Clearer data boundaries
The entire life cycle of data is ensured by separating public and private data, enabling a one-way flow of data and operating in accordance with the principle of least privilege.
The perfect balance between safety and efficiency
Expense is enormously reduced by conducting security control on business and data level instead of on IT infrastructure.
Lower security construction costs
Reinvestment is avoided by constructing terminal security infrastructure in accordance with business security requirements.
More efficient implementation, operation and maintenance
O&M cost is reduced to a low level by taking advantage of decision center AI-driven and visualized operation.

Industry challenges

VPN for a company is limited to access to certain applications and businesses are confronted with huge terminal security risks after it operates owing to concerns about data leakage and network intrusion. AerospaceX assists businesses to fully embrace zero-trust network access, realizing consistent security control domestically and overseas to enhance productivity.

VPN causes intranet exposure and fails to limit authority precisely
Censorship risks of outbound and cross-border data
Fails to build dynamic terminal security that prevents intrusion and penetration
Risk of data leakage due to carrier loss
It is difficult to effectively control the data and secondary distribution after the launch of a business.

Solutions

AerospaceX self-adaptive security computing platform realizes borderless access and operation protection of business globally: The risk of remote invasion is prevented from moving laterally in the intranet by conducting micro-segment on remote cloud service via micro-segment containers of AerospaceX; Remote business is stealthily and flexibly connected in the network by zero-trust security gateway; the terminal self-adaptive security computing environment makes it possible to build a controllable digital space on a remote device, where there is a direct connection with enterprise internal servers and are business that is "accessible, not invadable" and data that is "computable, not accessible".

Program advantages

Agile deployment with more flexible architecture and available cross-site collaboration
Data leakage and remote intrusion are prevented with more secure terminal control
Trusted network boundaries created by VPN is no longer needed with more secure network
Office habits changes are no longer needed with more stable experience and low-performance impact

Industry challenges

VDI leads to problems such as lagging experience, high construction cost and lack of security capability. The next-generation desktop security control solution provided by AerospaceX creates an elastic and secure computing desktop with upgraded performance and experience, significantly reducing customer costs while improving user experience.

VDI
Resource occupation
Network and storage overload during startup and peak times
Peripheral compatibility
Poor peripheral compatibility which causes local debugging difficulties
Graphical calculations
Poor graphics computing (3D rendering and HD video)
Network resources
Heavy reliance on network resources and easy to lag
Work offline
Working offline is impossible
Native OS
Combinations with multiple security software are needed in securing desktop
Operation and
maintenance costs
High operation and construction costs with the need application redeployment
AerospaceX
Local lightweight trusted computing consumes low CPU and resource storage
Effective control over inputs and outputs with compatibility for all peripherals
Access to 3D and HD video with local resources
Smooth operation with no dependence on network resources
Effective security policies that enable work offline
Resilient control over all resources with native security capabilities
Purely software-defined, cost-effective and easy to operate and maintain

Program Advantages

Lightweight Trusted computing
High performance, high compatibility and smooth experience with local application micro-segmentation control
Unified secure digital space
Instead of application migration, elastic security control over resources access is conducted in a secure space
More economical and flexible
Significant cost reduction and more efficient operation and maintenance compared to traditional hardware solutions

Industry Challenges

The wrong assumption about threats for information security in China currently remains the biggest problem as people invariably associate risks with external attacks while 80% of information leakage is actually the result of internal or the combination of internal and external attacks. From the perspective of a business, information including core technologies and data of main customers, market, and financial reports is where its competitiveness comes from. As Cybersecurity Insiders: Insider Threats puts, today's most damaging security threats are not originating from malicious outsiders or malware but from trusted insiders—both malicious insiders and negligent insiders; According to The Ministry of Public Security of the People's Republic of China,70% of information leakage is caused by a business' insiders.

It has been a key concern for a business to find ways to standardize the operation procedures, take precautionary measures, monitor and give alarms when an emergency arises, and audit and trace back network vulnerabilities.

Hence, management on mandating users' operation in line with industry standards by virtue of effective technologies and professional tools is essential. Therefore, operations of insiders have rules to follow, which means the realization of behavior audibility and traceability, contributing to the visualization of internal threats management.

Fails to detect abnormal behaviors and potential risks on business systems due to lack of management control over key operation procedures;
Unable to trace back the process of data loss and mishandling of systems in time, due to lack of visualization management of employees’ operations;
Lack prompt forewarning measures in security management with no high-risk operation standards for the business’ insiders.

Solutions

AuditSys features functions of behavior classification display, behavior traceability, and fine-grained behavioral retrieval by taking access to all operational data of terminal users and saving them with words and screen recordings. As such, it’s able to identify risks emerging at a specific time and to provide valid evidence for performing accountability if there are any violations of corporate interests.

The platform has nearly 100 behavioral rules to prevent risks, which customers can mandate or customize according to their own needs. Therefore, irregular operations with high risks including user's overstepping and data breaches, and potential risk behaviors in a business system can be effectively targeted. Subsequently, terminal users will be informed and educated to raise their security awareness and be instructed to standardize operations.

Meanwhile, centralized architecture and distributed architecture are both available in AuditSys. As these architectures are easy to lay out and can be flexibly applied to different scenarios in a business without reshaping the existing IT architecture, they help the digital transformation of corporations, realizing the visualization of behaviors and risks.

Competitive Edges of Solutions

Behavioral audit traceability
Meeting the requirements of detailed audit traceability by monitoring all information leakages and quickly tracing back where the risks come from with complete audit information.
Risk monitoring of business operations
Discovering internal business risks by realizing risk monitoring of business operations—there are always mandates to operations with high risks, including data export, data permanent deletion, fund transfer, recharge, etc.
Regulated user operations
Violations of regulations, laws, and business interests can be identified.
Improved business security
Helping corporations safeguard securities of business, data, and personal sensitive information by detecting potential risks in a prompt manner with analysis of operations on business systems by authorized personnel.

Industry Challenges

The social economy is embracing the era of big data with the rapid development of information technology. Yet, as a great deal of sensitive data and personal information collected on the business system is vulnerable to external and internal attacks, information abuse, leakage or malicious tampering have been emerging, exerting negative impacts at different levels on users, society even the whole country. In this context, it is an emerging challenge to provide a sound environment and refined data security control strategy for users based on connectivity, interoperability, and date opening and sharing.

Huge challenges to meet the standard
There are a series of compliance policies with refined regulatory requirements for data security.
Unclear user data classification and grading
Potential risks are ignored in the first place as a large amount of user data makes it difficult to identify and supervise the whole data in the business system.
High-cost supervision of a large amount of flowing data
There's a hugely high cost on data supervision with a great number of user information and sensitive data flowing within the intricate business system.
Unauthorized access made by internal personnel and stealth of data committed by external hackers
With internal and external threats, a business system is easily susceptible to system attacks and risks such as misuse and leakage of important data and sensitive information.
Difficulty to redevelop applications for increasing security
It is highly-cost, long-period and of great difficulty to redevelop and upgrade information systems to increase security environment owing to the poor security capabilities and complicated application development framework with a wide range of database brands and versions.

Solutions

CASB business data encryption platform deals with application system protection and agilely implemented data encryption. It's capable of encrypting the database at any specified field (to prevent IT insiders and external hackers) by using aspect-oriented encryption plugins with only configuration-level deployment rather than any source code modification. Meanwhile, it has realized dynamic masking and audit of data covering user's information (to prevent business insiders from overstepping their authorities), and realized supervision, identification and grading with the assistance of a data identification engine during the process of data flow. This platform is adaptive to typical protection scenarios at individual, business and national levels such as personal information, business commercial secrets and confidential instructions made by the central government including rectifying government, state-owned business, and finance industry.

Competitive Edges of Solutions

Fine-grained data encryption and masking
Realizing the principle of least privilege by providing security protection that is at subject-to-user and object-to-field levels with the combination of users with field-level and document-level data.
Control and trial integration, which would not ignore any potential risks
Combining data anchor decryption with access control and auditing technologies, we have realized a data security protection system that would not miss any potential risks. It supports traceable and tamper-proof data operation audits from the third party, and each log can be traced back to the exact person. Therefore, accountability can be pursued afterward.
Comprehensive data identification and grading
Data supervision, identification, and grading have been realized during the process of data flows.
Meeting compliance requirements
Supporting national secret algorithms including SM1, SM2, SM3, and SM4 with commercial certificates of cryptography product, and supporting foreign algorithms including AES, RSA and SHA256 as well.