Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account


Tencent Security Su Jiandong: using Cloud Security attack and Defense Matrix to enhance Digital Security immunity

2024-04-13 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >


Shulou( Report--

On December 1, the 202.3 Billion State Industrial Internet Annual Conference ended successfully in Shanghai, where discussions centered on how digital technology shapes and reconstructs traditional industrial chains to improve efficiency and create commercial value. Su Jiandong, general manager of Tencent Security Services, said in his keynote speech that without network security, there would be no success in industrial digital transformation; without network security, data could not exert its due wealth value. The "development-driven" digital security immunity model can explore greater security construction value for enterprises, guarantee digital transformation and protect data wealth. Enterprises can verify two strategies through intelligence-driven threat exposure management and attack-defense-driven full-link, and construct digital security immunity center.

Su Jiandong introduced that the global network security situation is not optimistic, frequent network attacks often cause data leakage, operation suspension, production interruption and other consequences, to enterprises, the government has brought great losses. "Boeing's 43GB data was leaked by ransomware organizations, the world's largest maritime organization was attacked, resulting in the suspension of more than 1000 ships, Toyota's supply chain enterprise was attacked, resulting in upstream and downstream industries, factory shutdown and other global attacks, which sounded the alarm for industrial Internet security. It can be said that without network security, there would be no industrial digital transformation, and it would be impossible to turn data assets into data wealth. "

However, even though enterprises have spent a lot of money on security construction, they are still helpless in the face of network attacks. The main reason is that enterprises often face internal and external "double attack." Internally, except for large enterprises, most enterprises have insufficient investment in security construction. Tencent Security survey data shows that 70% of enterprises invest less than 5% in security, and many enterprises invest less than 1%; In addition, even if the cost is invested, the safety construction concept of most enterprises is still relatively lagging behind, mainly focusing on "post-disposal," unable to timely discover and resist potential threats.

From the outside, companies have to deal with "invisible enemies" ranging from individual hackers to advanced threat organizations. They are more "advanced, timely and efficient" in security knowledge update, intelligence mining, attack means, etc., and enterprises are often in a "passive" state. For example, every year, various high-risk vulnerabilities will erupt on the Internet. Most enterprises will not detect the vulnerabilities until one week later, and it will take one month to repair them. However, advanced threat organizations can get the information of these vulnerabilities within one day, assemble them into weapons within one week, and scan the whole Internet. The time difference between vulnerability repair becomes the "best entry point" for hacker organizations to exploit attacks.

Su Jiandong believes that "to solve the internal and external problems and challenges faced by enterprises in safety construction, enterprises should first understand the value of safety construction and how to deploy safety defense lines, that is, the problems of 'knowing' and 'doing'. "

At the cognitive level, in the past, the industry mainly carried out safety construction from "compliance-oriented" and "practice-oriented." For example, the state has issued compliance requirements such as laws and regulations and safety standards for six consecutive years, and the regulatory authorities will regularly scan websites and external exposure. After 2019, the public security organs at all levels and industry regulatory agencies will organize offensive and defensive drills at the national, provincial and municipal levels to test the offensive and defensive confrontation capabilities. However, falling into the essence of business attribution, these two orientations are still difficult to solve the balance problem between "safety" and "development" of enterprises, so it is difficult to drive enterprises to really attach importance to safety construction. The lag of safety construction restricts the development of enterprises.

For this reason, Tencent security joint famous analysis organization IDC launched "digital security immunity" model framework with "development-driven" as the core. Just as we rely on exercise to exercise our bodies, rely on vaccination to deal with diseases in advance, and grasp the root causes of diseases, the concept of digital safety immunity advocates a more active and proactive view of safety, replacing "treating diseases" with the concept of "treating diseases before they occur." Compared with the traditional security paradigm, the model framework of "digital security immunity" has three major upgrades: one is to change the core goal of enterprise security construction from building security to protecting enterprise data and business assets; The second is to transform the confrontation mode, upgrade the security confrontation mode of individual combat into systematic confrontation through the new paradigm of security immunity; Third, transform enterprise security thinking and establish an elastic, adaptive and expandable digital security immune system with active security paradigm.

"The core of establishing a digital safety immune system is to build an immune center, that is, safe operation and management, which is the key to achieving disease prevention and active safety. To establish an immune hub, enterprises can achieve this through two strategies: intelligence-driven threat exposure management and attack-defense-driven full-link verification. "Su Jiandong mentioned.

First, enterprises need to identify their own assets exposed on the Internet, including new digital assets such as Mini programs and public accounts, and identify problems with these digital assets. Intelligence-driven threat exposure management, identifying and fixing vulnerabilities before advanced threat groups launch attacks, is key to achieving "cure" to "cure".

Tencent security monitors more than 500 first-hand intelligence sources around the world. Through machine learning algorithms to identify clues and expert team comprehensive judgment, it can find major vulnerabilities within 30 minutes and start response within hours to ensure extremely low false alarm rate and false alarm rate. Before this, Tencent security monitoring that a domestic bank has part of credit card data in the dark network "circulation," it quickly contacted the data sales author to obtain sample information for confirmation, and then together with customers for traceability analysis, according to the data provided by customers and leakers, finally confirmed the leakage path, formed a data analysis report, help enterprises greatly reduce the impact caused by data leakage.

Secondly,"attack-defense-driven full-link verification" can help enterprises actively and systematically discover problems, which is the key to realize from "passive defense" to "active security." Tencent builds cloud security attack and defense matrix 3.0 to help enterprises discover problems through matrix structure and systematization; manual verification of red-blue confrontation and automatic verification of security validity verification system are combined to effectively improve the efficiency of verification of the entire security link.

For example, Tencent Security cooperates with a domestic automobile enterprise to carry out full-link attack and defense verification, breakthrough from cloud and IDC scenarios, enter employee terminals and office networks through fishing, launch near-source attacks from overflow WiFi of office buildings and service centers, simulate UAV intrusion into factories, etc. Finally, Tencent Security won all the core targets inside the enterprise and found that there are six types of security risks in the enterprise, including office network access risk, factory access risk, R & D network access control, supply chain risk, data leakage risk, etc. After all-round investigation, Tencent Security quickly helps automobile enterprises repair risks and comprehensively improves the safety construction level.

Su Jiandong said that when the digital transformation of the industry enters the "deep water area," the value of network security will be highlighted exponentially. In the future, network security construction is not only an additional question carried out "afterwards," but an introductory question that must be answered "beforehand."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information


© 2024 SLNews company. All rights reserved.