Tencent Cloud EdgeOne-Edge Security Acceleration Platform_DDoS/Bot Protection Platform

Tencent Cloud EdgeOne-Edge Security Acceleration Platform

Tencent Cloud EdgeOne - Edge Security Acceleration Platform integrates DDoS/Bot Protection Platform and Web Application Firewall capabilities. It defends against DDoS attacks, blocks malicious Bot activities, and secures web applications at the edge layer, while optimizing resource loading speed. Suitable for multi-business scenarios, it balances security and acceleration to help enterprises build a solid edge security barrier.

立即咨询

首页

数字化产品

Web 安全

Tencent Cloud EdgeOne-Edge Security Acceleration Platform

Product Overview icon

Traditional IDC Web service

High Latency Slow Start Vulnerable

EdgeOne

Optimal Fast Secure

What is Tencent Cloud EdgeOne? icon

The cloud service that Accelerate and Protect applications on the Edge of the Internet

Secure

Global Capacity: 10Tbps WAF / Anti-DDoS

Block at attackers' own local network

Piece of mind, billing based on clean traffics only

Both L4 and L7, either a single IP or /24, with full log details & reporting

Bot mitigation

Fast

Lastmile Latency < 60ms Intelligent Middle Mile

Distributed global network with 2800+ PoPs in all regions

Realtime optimizations on internal links among major Tencent regions

Latest technologies on data transmission efficiencies

Huge Cache Capacity

Simple

Fast and Easy Onboarding Template Based Configs

Simple, integrated, and intelligent configurations

Easy on-boarding, with full API supports

Managed OWASP security rules, BOT definitions, and route optimizations

Auto-adjusting rate limiting

Product Highlights icon

Static Content Acceleration
Dynamic Content Acceleration
DDoS Protection
Advanced Access Control
Monitoring Metrics & Reports

All in One

All Protect & Perform L4/7 features in one package

Quick & Easy Onboarding

Simple Professional Service process

CNAME, Anycast IP

Better Visibility

Historical attack data, including L4 attacks

Rate limit features with great visibilities

AI based automatic protection

Product Highlights icon

All in One

All Protect & Perform L4/7 features in one package.

Quick & Easy Onboarding

Simple Professional Service process

CNAME, Anycast IP.

Better Visibility

Historical attack data, including L4 attacks

Rate limit features with great visibilities

AI based automatic protection.

EdgeOne Resources - Distributed & Connected Data Centres icon

Abundant Resource Reserves

2800+ PoPs worldwide, 160T reserved bandwidth

Three-layer construct based on core, backbone and cache nodes

Dedicated lines for edge interconnection to provide ultimate performance

Resilient

Anycast network provides overallprotection up to 10Tbps, largest DDoSattack in history
Anycast nodes have multiple PNl andTransit lines to ensure high availability

Low latency

Edge based DNS service offers 30ms latency in average
worldwide
End-to-end latency <60ms, uninterrupted global gamingexperience

EdgeOne Global Resource Distribution icon

EdgeOne Product Architecture icon

EdgeOne deploy security measures at the edge closest to users and defend against malicious traffic, support L3/4/7 route optimisation, Persistent Connection and WebSocket

EdgeOne Security: Real-time Detection At The Edge icon

Attack Detection

Based on DPDK, network packets are intercepted when passing through EdgeOne network. ML model is then built on traffic behaviour + AI Intelligent engine to determine the existence of attack and deploy countermeasures within 3 seconds.

Clean Traffic

Intelligently spread attacks across PoPs distributedglobally behind Anycast lPs assigned to customersdropping suspicious requests before reaching networkregions near the origins.
Layer 3/4 attacks automatically blocked with fullvisibility and reporting.
ldentification and protection for fingerprint and UDPwatermark application.
CC Attack Mitigation & Rate Limiting, with visiblereporting.

The Best Integrated Multi-layer Protections icon

L4/7 accelerate & protect the same hostnames

CDN

Support static content caching, global PoPs coverage, QUIC compatible, WebSocket, gRPC and other access protocols.

Dynamic Acceleration

Real-time monitoring for latency and quality of route, intelligent dynamic route optimization for L4/L7 traffic forwarding request to origin

Layer 4 Proxy

CNAME proxy or static IP integration to TCP/UDP service, support load balancing and L4 dynamic acceleration.

DNS

Global domain name resolution, support intelligent DNS resolution and CNAME flattening, withstand over 1 million+ QPS and 50 billion+ daily requests at peak.

DDoS Protection

Customizable protection strategies thanks to Anycast's distributed architecture and "self-developed+AI recognition" cleansing algorithm.

灵活接口能

Effectively defend against SQLi, XSS attack and related Web attack thanks to Tencent's massive attack sample libraries, covers OWASP Top 10 scenarios and filter traffic to match characteristics.

Bot Management

Bot identification and protection - precise management of Bot access policies, one-click Captcha challenge setup, intelligent Bot behaviour analysis, and whitelisting.

EdgeOne Security: DDoS Protection icon

Advantages of solution

Anycast distribution and various protection mechanism support Tbps level traffic

Protection around origin, filter attack traffic while making sure requests are uninterrupted

Customizable protection policies to defend against various attack

Algorithm to identify and cleanse TCP related reflection attack without human intervention

Respond within seconds to ensure stable services

EdgeOne Security: DDoS Protection icon

Geo/Regional blocking
IP blocklist/allowlist
Port number filtering
L3/4 layer payload message blocking
Protocol blocking -TCP, UDP, ICMP Others
Concurrent connection/ packet limit-Global, Per lP

EdgeOne Security: OWASP’s vulnerability icon

17 Types of Policy Rules

Web attack identification, Anti-DDoS, low false positive and negative, accurate and effective mitigation against threats like SQLi, XSS and etc in OWASP Top 10.

0-Day Virtual Patch

24x7 security monitoring team publishes high severity 0-day virtual patch without user intervention to shorten response time. With infamous Log4J vulnerability as example, EO offers patch deployment within hour and production in 2 hours to achieve nearly 100% protection.

AI Semantic Analysis

Layered filtering based on AI and semantic analysis integrated rules to further improve protection for complex attacks and reduce false positives.

API Friendly

Support exception rule, flexible whitelisting configuration for various APIs while accounting for site security and API request characteristic.

EdgeOne Security: Web Protection icon

Temporarily block client

Clients are temporarily blocked when their requests match web accesscontrol rules

CC attack defense

Identify and mitigate massive HTTP/HTTPS floods triggered by highrequest frequency, request forgery and botnet-launched web applicationattacks, as well as provide managed rules created by Tencent securityexperts.

Custom rules

Customize matching hit rules and configure corresponding disposalmethods.

Managed rules

It provides managed rules to defend against OWASP top 10 and otherattacks, such as SQL injection, XSS, webshell upload, and commandinjection.

EdgeOne Security: Bot Management icon

EdgeOne Bot threat modelling and dynamic identification

Identify malicious crawler with threat intelligence and comprehensive analysis through multiple identification and verification methods

Crawler program library contains 2,300 known crawlers that combined with threat level and fingerprint rules to provide protection accurately

EdgeOne Performance: Route and Performance Optimisation icon

Transport layer optimization

Self-developed QTCP and TQuic protocols optimize congestion window, retransmission and other techniques to improve network jitter for bandwidth maximization

Long Persistent Connection, avoid establishing connection frequently Intelligent compression, improve transmission efficiency

Intelligent routing

Real-time network quality monitoring, dynamic quality map generation

Optimal routing algorithm and Port routing technology select most optimal path to avoid network congestion and failure

Private transmission protocol, dynamic FEC algorithm to improve performance

Intelligent Resolution

Support domain hosting, hand out IP directly and shorten resolution

Anycast distribution reduce corss-border latency and packet loss

Performance Web Software

Multi-threaded, reduce context switching overhead, > 10 million concurrent connection

Storage Engine, high I/O performance for direct disk read and write

Region Center

Multi-tier Cache Structure，maximize cache hit rate

Origin Dedicated Line，guarantee transmission quality between edge and origin

Multi-integration VS. All-in-one platform icon

dgeOne Features in OSI Layers icon

Best Overall CDN Leader icon

Tencent Cloud EdgeOne has the best overall performance in CDN industry

Tencent Cloud EdgeOne Qualification Certification icon

PCI DSS

PCI DSS Level 1 Service Provider Joint third-party evaluation agency ATSEC to provide security compliance services around the world

GDPR

Comply with EU GDPR user data protection rules

HIPAA

Publish the HIPAA Self-Assessment Report Passed the requirements of ePHI on protecting the security and privacy of user information

CSA STAR

International Cloud Security Alliance Gold Level Certification

MPAA

In compliance with Motion Picture Association of America

K-ISMS

Korea Information Security Management System The third company in the world after Amazon and Microsoft

ISO 27701

The world's first cloud service provider certified by ISO/IEC 27701:2019 personal privacy security protection

CISPE

The first company in China to be certified by the European Cloud Computing Service Providers Alliance Personal Data Protection Code of Conduct

MTCS

Certification to Singapore Multi-Tier Cloud Security (MTCS) T3 Level Standard

Comprehensive Protection with Quick & Easy Onboarding icon

Tip: Quick & Easy onboarding to enable basic features with fine-tuning allowed at a later stage

Proprietary Algorithms to Optimize Full Stack Performance icon

Proprietary algorithms to identify the best path to origin

Detect real-time network latency and quality, to build routing model.

Proprietary algorithm for routing optimization, effectively avoiding poor quality and congested links.

Proprietary packet loss concealment solutions

Incorporates latency and packet loss for accurate network quality detection.

Adaptive network transmission packet loss prediction method, significantly reduces packet loss rate.

Research of network optimization and application icon

Tencent Cloud published "AutoPlex: Inter-Session multiplexing Congestion Control for Large-Scale Live Video Services" in ACM SIGCOMM 2022 WORKSHOP and awarded with praises by acadamia and industry experts. This paper achieved CDN adaptive congestion control for audio and video transmission across WAN.

Beyond HTTP/2.0 icon

Transfer Protocols

TCP / UDP / HTTP / HTTPS / QUIC

Push Protocols

RTMP / RTMPS / WebRTC / SRT / QUIC

Playback Protocols

RTMP / FLV / HLS / WebRTC / Dash

Independent TQUIC-SDK

Tencent Cloud's proprietary TQUIC-SDK is a lightweight network library developed based on Google's QUIC protocol stack.

Key metrics: Latency, TTFF, and success rate

Cache optimization + scheduling precision improvement

Metric collection + correlation analysis

Congestion control optimization

TTFB optimization: First window optimization + 0 RTT ratio improvement

Edge Functions – JS on the Edge icon

JS Execution Capabilities on Edge Servers, offloadingorigin computing & unnecessary round trips

On-Demand cache prewarming

Security and Performance functions both available

Example (previous client):

Changing colour selection

Performance, Availability and Scalability icon

It’s easy to test and compare average download time, but not so easy to verify situational performance in different scenarios

Availability is much better on the Edge due to its distributed nature and redundancy levels

Scalability due to the IAAS service model

Anycast based Security Protection icon

By leveraging the strengths of Anycast architecture, EdgeOne offers a global protection capability up to 10 Tbps

Traditional scrubbing architecture

Attack protection relies on the protection capabilities of individual nodes. General nodes and large central nodes offer 10–100 and 200–800 Gbps protection respectively.

Large-scale attacks can easily damage the business. As the protection capacity of individual nodes is low, when they are attacked, there will be the risk of continuous scheduling, which will greatly increase the latency

EdgeOne architecture

EdgeOne adopts the Anycast architecture to perform near-origin scrubbing when under attack. The aggregate protection capability can reach 15 Tbps, far exceeding the largest DDoS attack ever recorded (3.45 Tbps).

EdgeOne can identify and mitigate most DDoS attacks within few seconds, with a 99.9% attack mitigation efficiency.

Rate Limiting with Better Visibility & Reporting icon

IP Level Traffic Reporting with Aggregation Analysis

Past service experience in large-scale events icon

10 Tbps

Volcano managed to provide up to 10Tbps resources to serve unexpected short burst of traffic due to game version updates and e-commerce promotions

60 seconds

With docker container - any single node can complete resource preparation, IP request, deploy container and programs in 60 seconds

5 minutes

Volcano predict available bandwidth of each node and serve 1Tbps of burst resource in 5 minutes

Plans

Support & Service icon

Standard Service

Self-service available for FAQ, Documents, Newsletter Subscription, API, and SDK

24 x 7 hotline for inquiry and ticket system

Cloud Support Specialist for handling case

Technical Service Manager

Response Time

Service outage < 15 minutes

System anomaly < 20 minutes Service anomaly < 4 hours

Inquiry < 8 hours

Add-on for Mediacorp

Preventive Maintenance

Stability Monitoring and Service Report

IM real-time response

Training and enablement

Architecture and Resource Optimization

High Availability Calibration

Professional Solution

Event Support

Managed Integration

Ad-hoc Change Request

Customization

Support & Service icon

Technical support team

24 x 7 professional support

Monthly customer-level service reports

Comprehensive and fast response

IM real-time response (QQ/Slack/WeCom)

Call support

E-Mail communication

Online consultation

Case: Game account and lobby acceleration icon

Customer Background

This customer provides a unified account platform for overseas games e.g. login and lobby features. It is deployed in Singapore to serve players from Europe, America, Middle East, and South America. Customer focus on performance on acceleration, concurrent QPS and WAF protection to provide high quality experience for their overseas players.

Solutions

Feature group: HTTPS Acceleration + WAF + DDoS Protection

EdgeOne handles millions of concurrent QPS requests through global PoPs to allow players connect via EdgeOne dedicated line for dynamic acceleration and optimize latency by 37.5%.

DDoS Protection easily defend against 10 Tbps attack, help customer reduce global security threat.

Managed WAF rules and AI WAF effectively block bad traffic while ensuring zero false positive.

Global Application Acceleration Platform (GAAP) ensure fast and stable gaming and communication for game servers and lobbies.

Case: E-Commerce icon

Customer Background

This customer is an international e-commerce platform covering Singapore, Malaysia, Philippines, Thailand, Vietnam, Brazil, Mexico, Colombia, Chile, Poland and many more. Award winner of "YouGov 2022 Top 10 Best Brand In The World". It focuses on stability and performance especially during key promotional events.

Solutions

Feature group: HTTPS Dynamic Acceleration + CC + WAF + BOT Protection

EdgeOne provides acceleration for small image, video on demand and product information to achieve request forwarding to regional origins in customer's key business area.

EdgeOne ensures stable business during customer's promotional events e.g. 5.5 and 6.6 where it is able to handle traffic volume peaked at 1.5 Tbps, requests up to 3.59 Million QPS and keep hit rate above 97% in average.

EdgeOne WAF and BOT anti-crawler features mitigated numerous malicious DDoS and CC attacks during promotional events, ensuring stable operation.