On April 11, the Palladium National Channel Partner Conference was held in Hangzhou. More than 200 channel partners and many media from all over the country participated in the conference.

 

At the conference, Chen Yun, the general manager of Palladium, emphasized that we must grasp the product with one hand while grasping the channel construction with the other. Put forward the "people-oriented" core channels and core customers "dual-core strategy". Chen Yun believes: "The core channel is Palladium's long-term sustainable development strategy. Core customers mainly help sort out benchmark customers and promote the development of the industry. Core channels and core customers complement and complement each other. The dual-core strategy will open Palladium's "two-wheel" drive. Rapid development."

 

Chen Yun, General Manager of Palladium

At the meeting, Chen Yun also emphasized: "Security issues are not just technology, but more historical reasons, human weakness, and cost. We must integrate security and management."

At this conference, Palladium released the next-generation fortress machine (PAM). It is well known that traditional fortress machines have been widely used in various industries to improve the level of internal information security management of enterprises, meet relevant regulatory requirements and provide control and audit basis, and are widely used in many industries such as government, medical care, finance, energy, and enterprises. Informatization identity management, authority management and security auditing of informatization. Now the arrival of cloud computing and the 5G era will inevitably face new challenges.

Palladium’s technical director Wang Feng said bluntly: “We need to redefine the fortress machine: the traditional fortress machine can no longer adapt to the cloud era. The security boundary is becoming more and more blurred, and the equipment in the 5G era is diversified and mobile. The next generation of fortresses. The machine will provide unified and independent account management and channel control services for the data center infrastructure. The data center infrastructure is programmable. SDN, SDS, ITSM, CMDB, automated operation and maintenance, and various network management software will be available through the next-generation bastion machine. The data center infrastructure is programmed to achieve closed-loop control and AI processing."

Palladium Technical Director Wang Feng

As the saying goes, "Knowing yourself and the enemy will never end in a hundred battles." Palladium's independent research and development in the past 14 years has a deep understanding of the fortress machine. Wang Feng said that the traditional fortress machine has the following problems:

The asset account cannot be collected automatically. When the asset account changes, the bastion host cannot know and respond in time.

Cannot be combined with the automated platform, the operation and maintenance of the automated platform can be bypassed, and there are great security hazards and risks.

Management is not convenient, and visual authorization cannot be performed.

In the era of mobile Internet of Things, it is impossible to support real-time control of operation and maintenance, management, and data center asset operation and maintenance on the mobile phone.

The bastion machine cannot support the user's needs for large concurrency, and cannot be easily and quickly expanded.

Therefore, Wang Feng proposed the three attributes that the next generation of fortresses should possess—mature and stability, security reinforcement, and advanced technology.

 

In this regard, Wang Feng said: “In addition to the complete single sign-on, multi-factor identification technology, OCR title recognition technology, data synchronization technology and the seamless application of RemoteApp, the next-generation bastion machine has the traditional bastion machine. First of all, it must be able to ensure its own security and stability and be able to be tested in the environment of a large data center. At the same time, it must be able to support clusters and distributed deployments in any environment, achieve a high degree of logic uniformity, and realize real-time synchronization of configuration and audit logs. "

"In terms of security reinforcement, it is necessary to take into account both data security control and account security management. Data assets have become the core assets of enterprises, but the flow of data is often difficult to control during the operation and maintenance process. For this reason, the next generation of bastions in RDP, SSH, FTP/SFTP and database operation and maintenance tools have strictly controlled the data upload and download channels. The channels can be opened and closed according to the actual situation to solve the problem of data leakage caused by unauthorized copying of data. In terms of account security management, first detect and eliminate the hidden dangers of weak passwords, and classify long-standing high-privileged low-frequency accounts. Administrators can understand the account status at a glance, and can perform targeted management to locate security risks to people.

The advancement of science and technology should be reflected in the convenience of customers. The next-generation bastion machine realizes automated operation and maintenance through a complete API interface. The entire process can be managed and monitored to realize a centralized account control center and control matrix; provide a unified program human-computer interaction interface; open up account permissions for operation and maintenance automation. Allocate authority levels according to needs, make machine operation and maintenance safe and controllable, and realize the perfect landing of DevSecOps and AIOps.

In response to the mobile management of 5G, a proprietary APP (Android and IOS version) is used to perform mobile management operations from managers and operation and maintenance personnel without roles, so as to achieve efficient and safe operation and maintenance. Realized the change from passive defense to active defense: actively discovering backdoor accounts, actively acquiring backdoor accounts through other services, and actively checking weak passwords.

In addition to bastion machine products, Palladium also has products such as database auditing, database firewall, next-generation web application firewall, management security IAM, and big data log analysis, forming a complete security product system to provide enterprise users with a full range of security Line of defense.

。