Abstract

Huawei Technologies commissioned Tolly to validate the Huawei Multilayer Ransomware Protection Solution for Cloud Scenario, or C-MRP. The main focus of the project was to assess how the solution prevents intrusion, limits malware spread, blocks data leakage, and protects cloud data from tampering through coordinated actions across cloud security, host protection, web and database security, and storage systems.  

The report describes C-MRP as a multilayer anti-ransomware architecture aligned with the NIST Identify, Protect, Detect, Respond, and Recover framework. In the tested cloud deployment, Huawei combined SecMaster, Cloud Firewall, Web Application Firewall, Host Security Service, Network Detection and Response, Database Protection, Data Security Center, EVS, Cloud Server Backup Service, OceanStor Dorado production storage, OceanProtect backup storage, OceanStor Pacific storage, and BCManager-managed AirGap replication in an isolation zone. According to the solution overview and topology sections, the design coordinates cloud security and storage so that ransomware indicators can trigger secure snapshots, incremental backups, WORM-style anti-tamper protection, and AirGap disconnection to isolate recovery copies.  

Tolly evaluated 20 typical scenarios across four major categories, and the report states that Huawei C-MRP passed all of them. In intrusion prevention, the solution detected and blocked 100% of simulated attacks, including vulnerability exploitation, brute-force cracking, database penetration, malware delivery, and common web attacks such as SQL injection, cross-site scripting, and command or code injection. Network Detection and Response also automatically analyzed attacker threat scores and blocked access when thresholds were exceeded, while Host Security Service identified, isolated, and killed malicious programs on cloud hosts.  

In spread prevention, the report verified east-west access policy enforcement, east-west antivirus inspection, ransomware isolation and killing, and horizontal host connection detection. Compromised processes and hosts were isolated, and malware downloads between cloud hosts were blocked, limiting lateral movement inside the cloud environment. Leakage prevention testing then verified built-in data classification templates, database watermarking for traceability, auditing of risky database operations, and sensitive information leakage protection for web applications. The report says Huawei’s tools classified and visualized data transfers effectively and accurately detected and blocked data leakage attempts.  

Tampering prevention was the most storage-centric portion of the report. Tolly validated low-, medium-, and high-risk event detection on single hosts, as well as multi-host ransomware linkage detection. Associated playbooks automatically created snapshots, launched incremental backups, applied anti-tampering controls to historical copies, and, in multi-host high-risk scenarios, fused the AirGap link and isolated backup storage. The report notes that medium-risk snapshots were protected for 7 days, while high-risk and multi-host ransomware scenarios triggered 30-day protected snapshots, with backup data placed in tamper-resistant modes and recovery point objectives measured in minutes. Overall, the report presents Huawei C-MRP as a tightly integrated cloud-and-storage ransomware defense framework with verified orchestration across prevention, containment, backup protection, and rapid recovery.