立即咨询

电话咨询

微信咨询

立即试用
商务合作

Tencent Cloud EdgeOne-Edge Security Acceleration Platform

Tencent Cloud EdgeOne - Edge Security Acceleration Platform integrates DDoS/Bot Protection Platform and Web Application Firewall capabilities. It defends against DDoS attacks, blocks malicious Bot activities, and secures web applications at the edge layer, while optimizing resource loading speed. Suitable for multi-business scenarios, it balances security and acceleration to help enterprises build a solid edge security barrier.
立即咨询
数字化产品Web 安全Tencent Cloud EdgeOne-Edge Security Acceleration Platform

 

 

iconProduct Overviewicon
Traditional IDC Web service
High Latency Slow Start Vulnerable
EdgeOne 
Optimal Fast Secure

 

 

iconWhat is Tencent Cloud EdgeOne?icon

The cloud service that Accelerate and Protect applications on the Edge of the Internet

Secure
 Global Capacity: 10Tbps WAF / Anti-DDoS
Block at attackers' own local network
Piece of mind, billing based on clean traffics only 
Both L4 and L7, either a single IP or /24, with full log details & reporting
Bot mitigation 
Fast
Lastmile Latency < 60ms Intelligent Middle Mile
Distributed global network with 2800+ PoPs in all regions
Realtime optimizations on internal links among major Tencent regions
Latest technologies on data transmission efficiencies
Huge Cache Capacity
Simple
 Fast and Easy Onboarding Template Based Configs
Simple, integrated, and intelligent configurations
Easy on-boarding, with full API supports
Managed OWASP security rules, BOT definitions, and route optimizations 
Auto-adjusting rate limiting

 

 

iconProduct Highlightsicon

Static Content Acceleration
Dynamic Content Acceleration
DDoS Protection
Advanced Access Control
Monitoring Metrics & Reports

All in One
All Protect & Perform L4/7 features in one package
Quick & Easy Onboarding
Simple Professional Service process
 CNAME, Anycast IP
Better Visibility
Historical attack data, including L4 attacks
Rate limit features with great visibilities
AI based automatic protection

 

 

iconProduct Highlightsicon
 
All in One
All Protect & Perform L4/7 features in one package.
Quick & Easy Onboarding
Simple Professional Service process
CNAME, Anycast IP.
Better Visibility
Historical attack data, including L4 attacks
Rate limit features with great visibilities
AI based automatic protection.

 

 

iconEdgeOne Resources - Distributed & Connected Data Centresicon
 
Abundant Resource Reserves
2800+ PoPs worldwide, 160T reserved bandwidth
Three-layer construct based on core, backbone and cache nodes
Dedicated lines for edge interconnection to provide         ultimate performance
Resilient
Anycast network provides overallprotection up to 10Tbps, largest DDoSattack in history
Anycast nodes have multiple PNl andTransit lines to ensure high availability
Low latency
Edge based DNS service offers 30ms latency in average
worldwide
End-to-end latency <60ms, uninterrupted global gamingexperience
 
 
 
 
 

 

 

iconEdgeOne Global Resource Distributionicon

 

 

 

iconEdgeOne Product Architectureicon

EdgeOne deploy security measures at the edge closest to users and defend against malicious traffic, support L3/4/7 route optimisation, Persistent Connection and WebSocket

 

 

 

iconEdgeOne Security: Real-time Detection At The Edgeicon
 
Attack Detection
Based on DPDK, network packets are intercepted when passing through EdgeOne network. ML model is then built on traffic behaviour + AI Intelligent engine to determine the existence of attack and deploy countermeasures within 3 seconds.
Clean Traffic
Intelligently spread attacks across PoPs distributedglobally behind Anycast lPs assigned to customersdropping suspicious requests before reaching networkregions near the origins.
Layer 3/4 attacks automatically blocked with fullvisibility and reporting.
ldentification and protection for fingerprint and UDPwatermark application.
CC Attack Mitigation & Rate Limiting, with visiblereporting.
 
 
 

 

 

iconThe Best Integrated Multi-layer Protectionsicon

L4/7 accelerate & protect the same hostnames

CDN
Support static content caching, global PoPs coverage, QUIC compatible, WebSocket, gRPC and other access protocols.
Dynamic Acceleration
Real-time monitoring for latency and quality of route, intelligent dynamic route optimization for L4/L7 traffic forwarding request to origin
Layer 4 Proxy
CNAME proxy or static IP integration to TCP/UDP service, support load balancing and L4 dynamic acceleration.
DNS
Global domain name resolution, support intelligent DNS resolution and CNAME flattening, withstand over 1 million+ QPS and 50 billion+ daily requests at peak.
 
DDoS Protection
Customizable protection strategies thanks to Anycast's distributed architecture and "self-developed+AI recognition" cleansing algorithm.
灵活接口能
Effectively defend against SQLi, XSS attack and related Web attack thanks to Tencent's massive attack sample libraries, covers OWASP Top 10 scenarios and filter traffic to match characteristics.
Bot Management
Bot identification and protection - precise management of Bot access policies, one-click Captcha challenge setup, intelligent Bot behaviour analysis, and whitelisting.

 

 

iconEdgeOne Security: DDoS Protectionicon

Advantages of solution
Anycast distribution and various protection mechanism support Tbps level traffic
Protection around origin, filter attack traffic while making sure requests are uninterrupted
Customizable protection policies to defend against various attack
 Algorithm to identify and cleanse TCP related reflection attack without human intervention
Respond within seconds to ensure stable services

 

 

 

iconEdgeOne Security: DDoS Protectionicon

Geo/Regional blocking
IP blocklist/allowlist
Port number filtering
L3/4 layer payload message blocking
Protocol blocking -TCP, UDP, ICMP Others
Concurrent connection/ packet limit-Global, Per lP

 

 

iconEdgeOne Security: OWASP’s vulnerabilityicon
17 Types of Policy Rules
Web attack identification, Anti-DDoS, low false positive and negative, accurate and effective mitigation against threats like SQLi, XSS and etc in OWASP Top 10.
0-Day Virtual Patch
24x7 security monitoring team publishes high severity 0-day virtual patch without user intervention to shorten response time. With infamous Log4J vulnerability as example, EO offers patch deployment within hour and production in 2 hours to achieve nearly 100% protection.
AI Semantic Analysis
Layered filtering based on AI and semantic analysis integrated rules to further improve protection for complex attacks and reduce false positives.
API Friendly
Support exception rule, flexible whitelisting configuration for various APIs while accounting for site security and API request characteristic.

 

iconEdgeOne Security: Web Protectionicon
Temporarily block client
Clients are temporarily blocked when their requests match web accesscontrol rules
CC attack defense
Identify and mitigate massive HTTP/HTTPS floods triggered by highrequest frequency, request forgery and botnet-launched web applicationattacks, as well as provide managed rules created by Tencent securityexperts.
Custom rules
Customize matching hit rules and configure corresponding disposalmethods.
Managed rules
It provides managed rules to defend against OWASP top 10 and otherattacks, such as SQL injection, XSS, webshell upload, and commandinjection.

 

 

iconEdgeOne Security: Bot Managementicon

EdgeOne Bot threat modelling and dynamic identification

Identify malicious crawler with threat intelligence and comprehensive analysis through multiple identification and verification methods

Crawler program library contains 2,300 known crawlers that combined with threat level and fingerprint rules to provide protection accurately

 

iconEdgeOne Performance: Route and Performance Optimisationicon
Transport layer optimization
Self-developed QTCP and TQuic protocols optimize congestion window, retransmission and other techniques to improve network jitter for bandwidth maximization 
Long Persistent Connection, avoid establishing connection frequently Intelligent compression, improve transmission efficiency
Intelligent routing
Real-time network quality monitoring, dynamic quality map generation
Optimal routing algorithm and Port routing technology select most optimal path to avoid network congestion and failure
Private transmission protocol, dynamic FEC algorithm to improve performance
Intelligent Resolution
Support domain hosting, hand out IP directly and shorten resolution
Anycast distribution reduce corss-border latency and packet loss
Performance Web Software
Multi-threaded, reduce context switching overhead, > 10 million concurrent connection
Storage Engine, high I/O performance for direct disk read and write
Region Center
Multi-tier Cache Structure,maximize cache hit rate
Origin Dedicated Line,guarantee transmission quality between edge and origin 

 

 

iconMulti-integration VS. All-in-one platformicon

 

 

icondgeOne Features in OSI Layersicon

 

 

iconBest Overall CDN Leadericon

Tencent Cloud EdgeOne has the best overall performance in CDN industry

 

 

 

iconTencent Cloud EdgeOne Qualification Certificationicon
PCI DSS
PCI DSS Level 1 Service Provider Joint third-party evaluation agency ATSEC to provide security compliance services around the world
GDPR
Comply with EU GDPR user data protection rules
HIPAA
Publish the HIPAA Self-Assessment Report Passed the requirements of ePHI on protecting the security and privacy of user information
CSA STAR 
International Cloud Security Alliance Gold Level Certification
MPAA
In compliance with Motion Picture Association of America
K-ISMS
Korea Information Security Management System The third company in the world after Amazon and Microsoft
 
ISO 27701
The world's first cloud service provider certified by ISO/IEC 27701:2019 personal privacy security protection
CISPE
The first company in China to be certified by the European Cloud Computing Service Providers Alliance Personal Data Protection Code of Conduct
MTCS
Certification to Singapore Multi-Tier Cloud Security (MTCS) T3 Level Standard

 

 

iconComprehensive Protection with Quick & Easy Onboardingicon

Tip: Quick & Easy onboarding to enable basic features with fine-tuning allowed at a later stage

 

 

iconProprietary Algorithms to Optimize Full Stack Performanceicon
Proprietary algorithms to identify the best path to origin
Detect real-time network latency and quality, to build routing model.
Proprietary algorithm for routing optimization, effectively avoiding poor quality and congested links.
Proprietary packet loss concealment solutions
Incorporates latency and packet loss for accurate network quality detection.
Adaptive network transmission packet loss prediction method, significantly reduces packet loss rate.

 

 

iconResearch of network optimization and applicationicon

Tencent Cloud published "AutoPlex: Inter-Session multiplexing Congestion Control for Large-Scale Live Video Services" in ACM SIGCOMM 2022 WORKSHOP and awarded with praises by acadamia and industry experts. This paper achieved CDN adaptive congestion control for audio and video transmission across WAN.

 

 

iconBeyond HTTP/2.0icon
Transfer Protocols
TCP / UDP / HTTP / HTTPS / QUIC
Push Protocols
RTMP / RTMPS / WebRTC / SRT / QUIC
Playback Protocols
RTMP / FLV / HLS / WebRTC / Dash

Independent TQUIC-SDK
Tencent Cloud's proprietary TQUIC-SDK is a lightweight network library developed based on Google's QUIC protocol stack. 
Key metrics: Latency, TTFF, and success rate
Cache optimization + scheduling precision improvement
Metric collection + correlation analysis
Congestion control optimization
TTFB optimization: First window optimization + 0 RTT ratio improvement

 

 

iconEdge Functions – JS on the Edgeicon

JS Execution Capabilities on Edge Servers, offloadingorigin computing & unnecessary round trips

On-Demand cache prewarming

Security and Performance functions both available

Example (previous client):
Changing colour selection

 

 

iconPerformance, Availability and Scalabilityicon
 
 
It’s easy to test and compare average download time, but not so easy to verify situational performance in different scenarios
Availability is much better on the Edge due to its distributed nature and redundancy levels 
Scalability due to the IAAS service model

 

 

iconAnycast based Security Protectionicon

By leveraging the strengths of Anycast architecture, EdgeOne offers a global protection capability up to 10 Tbps

Traditional scrubbing architecture
Attack protection relies on the protection capabilities of individual nodes. General nodes and large central nodes offer 10–100 and 200–800 Gbps protection respectively.
Large-scale attacks can easily damage the business. As the protection capacity of individual nodes is low, when they are attacked, there will be the risk of continuous scheduling, which will greatly increase the latency
EdgeOne architecture
EdgeOne adopts the Anycast architecture to perform near-origin scrubbing when under attack. The aggregate protection capability can reach 15 Tbps, far exceeding the largest DDoS attack ever recorded (3.45 Tbps).
EdgeOne can identify and mitigate most DDoS attacks within few seconds, with a 99.9% attack mitigation efficiency.

 

 

iconRate Limiting with Better Visibility & Reportingicon

IP Level Traffic Reporting with Aggregation Analysis

 

 

iconPast service experience in large-scale eventsicon
10 Tbps
Volcano managed to provide up to 10Tbps resources to serve unexpected short burst of traffic due to game version updates and e-commerce promotions
60 seconds
With docker container - any single node can complete resource preparation, IP request, deploy container and programs in 60 seconds
5 minutes
Volcano predict available bandwidth of each node and serve 1Tbps of burst resource in 5 minutes

 

 

iconPlansicon

 

 

iconSupport & Serviceicon
Standard Service
Self-service available for FAQ, Documents, Newsletter Subscription, API, and SDK  
24 x 7 hotline for inquiry and ticket system  
Cloud Support Specialist for handling case  
Technical Service Manager
Response Time
Service outage < 15 minutes
System anomaly < 20 minutes Service anomaly < 4 hours  
Inquiry < 8 hours
Add-on for Mediacorp
Preventive Maintenance  
Stability Monitoring and Service Report   
IM real-time response   
Training and enablement  
Architecture and Resource Optimization  
High Availability Calibration
Professional Solution
Event Support  
Managed Integration  
Ad-hoc Change Request  
Customization

 

 

iconSupport & Serviceicon
Technical support team
24 x 7 professional support
Monthly customer-level service reports
Comprehensive and fast response
IM real-time response (QQ/Slack/WeCom)
Call support 
E-Mail communication 
Online consultation

 

 

iconCase: Game account and lobby accelerationicon
Customer Background
This customer provides a unified account platform for overseas games e.g. login and lobby features. It is deployed in Singapore to serve players from Europe, America, Middle East, and South America. Customer focus on performance on acceleration, concurrent QPS and WAF protection to provide high quality experience for their overseas players.
Solutions
Feature group: HTTPS Acceleration + WAF + DDoS Protection
EdgeOne handles millions of concurrent QPS requests through global PoPs to allow players connect via EdgeOne dedicated line for dynamic acceleration and optimize latency by 37.5%.
DDoS Protection easily defend against 10 Tbps attack, help customer reduce global security threat.
Managed WAF rules and AI WAF effectively block bad traffic while ensuring zero false positive.
Global Application Acceleration Platform (GAAP) ensure fast and stable gaming and communication for game servers and lobbies.
 
 
 

 

 

iconCase: E-Commerceicon
 
Customer Background
This customer is an international e-commerce platform covering Singapore, Malaysia, Philippines, Thailand, Vietnam, Brazil, Mexico, Colombia, Chile, Poland and many more. Award winner of "YouGov 2022 Top 10 Best Brand In The World". It focuses on stability and performance especially during key promotional events.
Solutions
Feature group: HTTPS Dynamic Acceleration + CC + WAF + BOT Protection
EdgeOne provides acceleration for small image, video on demand and product information to achieve request forwarding to regional origins in customer's key business area.
EdgeOne ensures stable business during customer's promotional events e.g. 5.5 and 6.6 where it is able to handle traffic volume peaked at 1.5 Tbps, requests up to 3.59 Million QPS and keep hit rate above 97% in average.
EdgeOne WAF and BOT anti-crawler features mitigated numerous malicious DDoS and CC attacks during promotional events, ensuring stable operation.
 
 
 
 
 

 

 

 

产品推荐

海致星图知识图谱分析平台
海致星图知识图谱分析平台,创建自己的场景图谱、接入或定制行业知识图谱应用,提供服务共享的在线协作方式。提供实时图查询、离线图查询、场景探索等分析能力,支持基于项目与组织的功能和数据权限控制。支持主流大数据平台、图数据库以及查询语言的适配。
免费试用
查看详情
极验行为验证4.0
极验行为验证4.0利用适应型第四代验证技术让验行为获得更安全的能力,7重动态屏障应对不同的攻击模式,更能单位周期内多达43 74种变化,大幅提升黑产攻击成本较上一代产品,黑产绝对攻击成本最高上升3.714倍。行为验拥有扩展性极强的界面,并兼容所有平台 除此之外,我们为其调试了顺畅自然的动画效果。
免费试用
查看详情
黑湖智能工厂建设方案
黑湖智能工厂建设方案,适配数字生产车间管理与制造企业车间生产管理核心需求。打通生产全流程数据链路,实现设备互联、工序协同、产能监控与质量追溯,赋能工厂数字化转型。助力制造企业降本增效、优化生产排程,是打造智能高效生产车间的专业解决方案。
免费试用
查看详情
LKY蓝客云国际版酒店管理系统
LKY 蓝客云国际版酒店管理系统,是多语言 PMS 酒店管理优选方案,核心搭载 Channel Manager 功能直连全球 OTA 平台。实现全渠道价格、库存、订单自动同步房态,无需人工录单,客人可自主入住,减少 60% 管理时间。适配多币种结算与海外合规要求,助力酒店民宿高效运营、拓展全球客源。
免费试用
查看详情