Design and Implementation of the “Magic Butler” Zero‑Trust Security Management System

Introduction

Magic Butler is a zero‑trust security management system independently designed and developed by the TEG Technology Assurance Department of 58 Group, marking the company’s first practical implementation of zero‑trust network security. The solution consists of three core components—Magic Butler client, zero‑trust gateway, and a unified control center—to securely control access to internal resources and data.

Business Background and Design Philosophy

Post‑pandemic remote collaboration has become the new norm, bringing challenges such as large‑scale heterogeneous devices, diverse business types, distributed workplaces, multiple vendors, advanced threats, and high employee experience expectations. To address these, the team adopted the zero‑trust principle of “continuous verification, never trust” and designed a desktop endpoint management system that enables trusted access regardless of device, location, or network.

System Architecture and Implementation

The solution follows a traffic‑proxy gateway model. A zero‑trust agent installed on the endpoint hooks into network traffic and forwards it to the zero‑trust gateway, which performs interception, authentication, and forwarding.

User registers and logs in via the endpoint agent.

Agent hardens the security baseline and uploads device status.

Agent uses hook, virtual NIC, and network‑filter drivers to capture traffic and forward it to the proxy gateway.

Gateway authenticates and authorizes the request through the security control center.

Authorized traffic is forwarded to the internal application system.

Gateway returns the resource to the endpoint.

3.1 Magic Butler Client

The client includes a desktop app (built with Electron) and the 58Proxy module. The desktop app provides login, borderless office, virus scanning, IT services, and utilities. 58Proxy implements local traffic interception for both Windows and macOS, using kernel‑level drivers on Windows and the PF tool on macOS, then encrypts and forwards traffic to the gateway.

3.2 Zero‑Trust Gateway

The gateway (58Gateway) decrypts incoming private‑protocol packets, extracts request metadata, performs authentication and authorization, and either forwards the request to the target service or blocks it.

3.3 Unified Control Center

The web‑based control center offers centralized security control and management, including asset management, authentication, policy configuration, system admission, audit logging, and visual reporting.

Main Technical Features

User Identity Trust

Multi‑factor authentication integrates with the group’s unified identity system, supporting password login and quick QR‑code login via the 58 Shield.

Application Process Trust

Only processes passing security checks are allowed to access internal resources, reducing malicious code risk.

Device Security Trust

Integration with leading antivirus vendors provides virus scanning, vulnerability remediation, hardening, and data protection, with customizable security policies per subsidiary.

Link Protection Optimization

The solution replaces traditional VPN tunnels with on‑demand, zero‑trust connections, encrypting traffic and performing identity‑based access control to improve stability and user experience.

Continuous Access Control

Access policies combine user roles, application whitelists, and target systems to enforce fine‑grained control.

Main Application Scenarios

Borderless Office

Supports remote work, remote operations, remote audits, and off‑site server access without VPN, enhancing speed and experience.

Quick Login

Provides multi‑factor login and QR‑code scanning for seamless, password‑less access to internal systems.

Deep Security Protection

Delivers comprehensive endpoint protection, including antivirus, patching, hardening, and data protection, with differentiated policies for different business units.

Deployment Scale

Since July 2020, Magic Butler has been deployed in nearly 20 offices, installed on about 30,000 terminals, serving roughly 18,000 employees.

Conclusion and Outlook

The case study demonstrates a practical zero‑trust implementation that ensures device, user, and application trust, and secure link protection. Looking forward, zero‑trust will become a core direction for network security worldwide, driven by 5G, big‑data centers, and industrial IoT, with continuous optimization and broader adoption planned for Magic Butler.