The Overview page of Traffic Security provides insight into the network traffic attacks on your network assets, which helps you handle the attacks. The Overview page also enables you to view the protection status and attack trends of assets, evaluate the security status of assets, and view hotspot assets. In this topic, network traffic attacks are referred to as traffic attacks for short. This topic describes how to query data and details about the data on the Overview page of Traffic Security.

Query data on the Overview page of Traffic Security

  1. Log on to the Traffic Security console.
  2. In the left-side navigation pane, click Overview.
  3. On the Overview page, view the overall data of traffic security.
    Overview page of Traffic Security

    The following table describes the data that you can query on the Overview page of Traffic Security.

    Name Description Supported operation Detailed description
    Attack Status (Section 1 in the preceding figure) Provides an overview about the traffic attacks on your network assets and helps you handle attacks that interrupt your service. Traffic Security supports only public IP addresses. You can click Handle Now to view the emergency response operations and mitigation plans that are provided to specific attacked assets. Detailed description of Attack Status
    Protection Status (Section 2 in the preceding figure) Displays the security status of your network assets and provides security hardening suggestions. If your network assets have security risks, we recommend that you implement security hardening based on the suggestions to reinforce security. Detailed description of Protection Status
    Attack Analysis (Section 3 in the preceding figure) Displays the trend of traffic attacks on your network assets over the last year. This helps you evaluate potential risks to your service and what is required to protect your service. You can switch between the time ranges of data and the types of attack data that you want to query. Detailed description of Attack Analysis
    Hotspot Assets (Section 4 in the preceding figure) Ranks the most attacked assets over the last year. This helps you identify core assets. None. Detailed description of Hotspot Assets
    Industry Risk Insight (Section 5 in the preceding figure) Helps you analyze the trend in the quantity of traffic attacks in the industry of your business over the last six months. This helps you understand the industry-specific security posture. You can specify the industry of your business to focus on the security risks in the industry. Detailed description of Industry Risk Insight
    Traffic Security Documentation (Section 6 in the preceding figure) Provides the latest updates in the field of traffic security. This helps you obtain up-to-date information in this field. You can view the details of the update in which you are interested. Traffic Security Documentation

Detailed description of Attack Status

The Attack Status section displays an overview of the traffic attacks on your network assets. Traffic Security supports only public IP addresses. The overview includes the following information: Total Attacked Assets, Attacked IP Addresses, First Attacked At, Service Interruption Duration, and Attack Type. Attack threat
If this section displays an attack that has interrupted your service, you can click Handle Now to query the information, Emergency Response, and Mitigation Plan for the attack. The following list describes the details:
  • You can refer to the information in the Emergency Response section to restore your service at the earliest opportunity. However, this does not prevent potential attacks on your service. Limits are also imposed on emergency response operations. For example, both the operation quota and the protection capability are limited.
  • You can refer to the information in the Mitigation Plan section to deploy a service that helps you avoid attacks of the same type. After you deploy a security service, service interruptions caused by the attacks are reduced or no longer occur.

For example, if your service is interrupted due to a distributed denial of service (DDoS) attack, you can use two methods to handle the attack on the Handle Now page. First, in the Emergency Response section, deactivate black filtering for the IP address that is attacked. Note that the monthly quota to deactivate black filtering is five. If this quota is exhausted, you must deploy a mitigation plan. Second, in the Mitigation Plan section, deploy Anti-DDoS Pro or Anti-DDoS Origin to better protect your service against DDoS attacks. For more information about mitigation plans and how to activate the services, see the information on the Handle Now page.

Handle Now (Attack Status)

Detailed description of Protection Status

The Protection Status section displays the security status of your network assets, such as the proportion of protected assets to all assets and the security evaluation of your service. This section also displays Suggestions for security hardening. This helps you understand the network-related weaknesses in your service and offers suggestions to improve protection.

Protection Status

If the security evaluation result for your service is Risks as shown in the preceding figure, we recommend that you implement the security hardening measures in the Suggestions section. This improves protection for your service.

Detailed description of Attack Analysis

The Attack Analysis section displays the trend of traffic attacks on your network assets over the last year. This helps you evaluate potential risks to your service and what is required to protect your service.

Attack Analysis
You can query the following data:
  • Attack Trend (IP Address): the basic information about the traffic attacks on your IP addresses. The information includes Mitigation, Blackhole Filtering Event, IP Address Under Mitigation, and IP Address Under Blackhole Filtering.
  • Peak Attack Throughput (IP Address): the trend of peak attack traffic based on IP addresses.
  • Attacked Duration (IP Address): the trend of the duration of traffic attacks based on IP addresses.

You can click the buttons in the upper-right corner of the section to switch between time ranges to query. The time ranges are Last 1 Week, Last 1 Month, Last 3 Months, and Last 1 Year.

Detailed description of Hotspot Assets

The Hotspot Assets section ranks the most attacked assets over the last year. This helps you identify core assets.

Hotspot Assets

We recommend that you deploy a comprehensive security hardening solution for the most attacked assets. For more information, see Best practices for mitigating DDoS attacks.

Detailed description of Industry Risk Insight

The Industry Risk Insight section displays the trend in the quantity of traffic attacks in various industries over the last six months. This helps you understand the security posture specific to the industry of your business.

You can click All Industries or Current Industry in the upper-right corner of the section to query the related data. The following list describes the details:
  • After you click All Industries, you can select an industry in which you are interested from the Industry drop-down list. Then, you can query the quantity of traffic attacks in the industry over the last six months. For example, you can select Research Institutes, Automotive Manufacturing, or Gaming.
  • After you click Current Industry, you can specify the industry of your business and query the quantity of traffic attacks in the industry over the last six months

Traffic Security Documentation

The Traffic Security Documentation section provides links to the latest updates in the field of traffic security. This helps you understand the background of traffic security and obtain up-to-date information in this field.

You can click a link to view the details of the update in which you are interested.