The government proposes strict self-control requirements for data use, transmission and storage.
Help the enterprise solve the problems of security and controllability of sensitive data, continuous guarantee of local business and service adaptation of value-added scenario.
Support the anti-DDoS, WAF, DNS Resolution access, Anti-DDoS Pro, cross-web CDN acceleration and distribution service for industrial users and individual users.
The users enjoying public cloud products and services of JD are allowed to use the Anti-DDoS Basic module for free. This module provides the 2Gbps protection capacity, supports the linkage with the JD Cloud Anti-DDoS Pro module and Cloud WAF, and provides the overall protection capacity to services of JD Cloud users.
100Gbps DNS protection capacity CNAME and NS access Single-point defense capacity exceeding 400Gbps Local protection + one-click cloud access Accurate identification and intercept traffic flooding, abnormal packet, request forgery, slow-speed connection, CC attack, etc. High-efficiency defense SQL injection, XSS cross-station script, malicious path cross, website malicious code, website tampering, etc.
Typical Scenario: When the CDN acceleration scenario is used by the customer, the anti-DDoS protection capacity is lacked. However, the pure serial Anti-DDoS Pro+CDN cannot play the acceleration effect.
Solution: Provide static local acceleration service and dynamic back-to-origin acceleration service to the user’s origin server contents, further promote the user’s access experience, carry out real-time linkage with Anti-DDoS node in case of large-scale DDoS attack to any CDN FastNode, realize attack traffic lead and normal back-to-origin, and keep the user’s service continuity from influence by DDoS attack. When the attack is released or stopped, the best CDN node will be dynamically scheduled to protect the user’s experience and realize no-perception experience to the user in all process.
Typical Scenario: The enterprise’s local IDC machine room lacks of security protection measures; the local service and website are prone to SQL injection attack, XSS cross-station attack and other application layer attack; and the independently-deployed protection device cannot withhold massive DDoS attacks.
Solution: Deploy security detection and protection components for local machine rooms of enterprises and provide basic security protection capacity. When the local machine rooms are subject to the large-scale traffic attack, the traffic can be migrated to the cloud by the one-click cloud access function, ensuring the DDoS attack cause no influence to local output bandwidth and other services and guaranteeing continuity and availability of attacked services.
Typical Scenario: 1. The traffic is forwarded to the cleaning cluster, processed and then forwarded to the WAF/Cache cluster. 2. The WAF/Cache cluster forwards the safe traffic to the origin server. 3. When the traffic detection cluster finds any mass-traffic attack, the cloud linkage mode will be enabled. 4. The cloud DNS scheduling center will lead the traffic to the cloud Anti-DDoS Pro center. 5. The Anti-DDoS Pro center will forward the filter pure traffic to the original network.
Solution: The traffic detection cluster adopts the bypass deployment that only the traffic image is accessed; the traffic cleaning cluster and the Waf/Cache cluster supports the bypass BGP mode, increasing fault tolerance; the lead is made as required to ensure high availability of service, effectively protect the user’s experiences; and the automatic emergency cloud access and the manual one-click cloud access are supported with flexible configuration, thus relieving the operation and maintenance personnel.
Typical Scenario: 1. When there is no attack, the traffic will be forwarded to the service station.2. When the traffic detection cluster finds any attack, an instant notification will be given to the cleaning cluster for BGP migration (a fine routing with 32-bit mask, with the clearing cluster become the next hop of the traffic to the attacked target).3. The traffic cleaning cluster supports the injection of pure traffic to the original network.4. When the traffic detection cluster finds a lot of traffic attacks, the cloud linkage mode will be enabled immediately.5. The cloud DNS scheduling center will lead the traffic to the cloud Anti-DDoS Pro center.6. The Anti-DDoS Pro center will forward the filter pure traffic to the original network.
Solution: The traffic detection cluster adopts the bypass deployment that only the traffic image is accessed; the traffic reinjection can support two methods, i.e. the policy route reinjection and the three-layer reinjection; the lead is made as required to ensure high availability of service, effectively protect the user’s experiences; and the automatic emergency cloud access and the manual one-click cloud access are supported with flexible configuration, thus relieving the operation and maintenance personnel.
Based on the deep understanding to the service scenarios of several industries, JD is able to generally adapt to and meet demands of security protection and content acceleration for several service scenarios, as the government, the finance, IDC, the game, the E-commerce, the Internet etc. It can provide diverse product statuses and APIs and meet requirements of security compliance, operation and maintenance, business development and others of different industries.
The local component provides the attack detection and protection capacity. In general, requests and response data do not pass the cloud node and will be migrated only when the attack traffic is too large. The coordinative defense mode of unusual cloud access can meet the self-controlled compliance supervision requirements for data by the government and the finance industry.
Transversely provide the maximum defense-in-depth extending from the network border to the machine layer and longitudinally connect and make linkage between the user’s local protection component and cloud resources: • On the basis of JD Cloud smart scheduling command system, the smart linkage between the Anti-DDoS node and CDN is realized and the acceleration effect is guaranteed at the maximum degree; • Integrate cloud situation awareness and threat intelligence, positively response and predict service security trend and provide data reference and support to analysis and decision; • Integrate big data of attack event/network trace and attackers’ behavior profiling, helping the user to set up a service confidence curve and reducing false positive and false negative.
Structural original protection log data can be provided to the user for reference, helping the user complete the security incident response and analysis in a more efficient way. Meanwhile, diversified APIs are provided to provide support to the value-added security service output scenario.
The functional modules of Anti-DDoS, WAF, CDN, etc. can realize seamless integration and linkage, support realization of smart dynamic scheduling depending on the user’s real service scenario, perfectly solve the problem of the global acceleration effect destruction due to traditional CDN and Anti-DDoS mode, plan the best forwarding and back-to-origin route for the user, support multiple ISP lines between operators, reduce delay, further promote the user experience, and realize no-perception scheduling and protection when user’s service is attacked.
On the basis of security research, security product development and best industrial practices for more than ten years, it is populated among JD Mall, JD Finance and JD Insurance, provide all-process guarantee for promotes as 618, 11.11 and 12.12, providing all-process protection and support to many local governments and E-government affairs cloud, assisting security and guarantee work during key protection period of the 18th/19th National Congress of the Communist Party of China, NPC and CPPCC, the Belt and Road and the meeting of BRICS. With continuous inspection and approval of the market for years, JD has many successful cases in different industries and accumulated a lot of practical experiences and has deep understanding to business scenarios and customer's troubles of different industries, thus being able to provide service scenario-level products and solutions, help the users solve the security problems in the business scenario and promoting the customer’s business competitiveness.
It can identify and protect malicious features against the website traffic, avoiding malicious web server intrusion and ensuring the core data security of the service.RMB 336.00/month
Provide value-added protection for users who are subject to high traffic DDoS attacks. The origin server is hidden by replacing the service IP with the Anti-DDoS Pro.RMB 500.00/month
Based on high-quality network infrastructure and intelligent cloud computing technology, JD provides the customers with low-cost, high-performance and scalable distribution services of Internet content.RMB 0.35/GB, if CDN traffic is within 10GB
Scan, feedback the current page