Shulou(Shulou.com)06/01 Report--

When it comes to APT attacks, I believe people in the industry are already very familiar with them. APT is not a new term, especially in recent years, APT attacks pose a serious threat to the normal operation of enterprise business. Someone once said that there are two kinds of enterprises in the world, one is to know that their own enterprises have been invaded by hackers APT, and the other is that they have been invaded by APT, but they have no idea.

In fact, for some enterprises, it may stack a large number of traditional network security devices, firewalls, intrusion detection and anti-virus and other security devices are available, so why APT attacks are still difficult to prevent? In the final analysis, it is the camouflage of APT attacks that plays a role. For enterprises, they may face a large number of security warnings and intelligence every day, but most security managers are tired of analysis and response, especially for unknown security threats, which leads to more and more aggressive APT attacks.

It is precisely because of the strong camouflage of APT attacks, how to detect APT attacks in time and defend effectively has become a big problem! In order to solve this problem, many security manufacturers can be said to take great pains. After continuous discussion and research, in 2015, Gartner finally launched a new security defense concept-SOAR.

From SOAR to threat Governance Strategy 3.0

At present, from the point of view of security operation, AsiaInfo Security proposes a precision choreographed automatic detection and response-XDR system based on SOAR model, which is also the embryonic form of the next generation threat management strategy. According to the director of AsiaInfo Security products, the SOAR system is mainly composed of three cores, namely, the linkage security solution precisely choreographed by SOA, the emergency response platform or service of IR security incident and the TIP threat intelligence platform.

So what value can SOAR bring to network security defense? To sum up, its value mainly includes the following points: first, SOAR can greatly shorten emergency response time and improve emergency response efficiency; it can reduce and optimize unnecessary and redundant work in traditional SOC; in addition, API with security product integration can speed up the automation process; SOAR can also provide rich and related data security services, including threat intelligence platform In addition, SOAR can also improve the quality of alarm analysis and the ability of detection and detection, improve work accuracy, reduce the cost of training new security operation and maintenance analysts, and improve the overall operation and maintenance ability to measure management security.

In other words, intelligence collection, security alarm, intelligence analysis and response work can be integrated through the SOAR platform to form a complete security automation solution. And this set of complete security concept coincides with the latest threat governance strategy 3.0 released by AsiaInfo Security!

Ten years of "War of Resistance" against APT attacks

Recently, CICA Security successfully held the 10th Anniversary of Advanced threat Governance and the launch of XDR strategy. From the initial threat governance strategy 1.0 to 2.0 to the newly proposed threat governance strategy 3.0, AsiaInfo Security (predecessor trend Technology) and APT attacks have been fighting for more than a decade. Tong Ning, general manager of AsiaInfo Security General Security products, said: "over the past 10 years, we have experienced a process of exploration, innovation, integration and spiral iteration, and the game with lawbreakers has led AsiaInfo Security to lead in the field of advanced threat governance." this is a long showdown about the future and the future. "

Dayri said that AsiaInfo Security's latest threat governance strategy 3.0 is in line with 1.0 and 2.0. Through the survey of enterprise business security requirements, AsiaInfo Security believes that the biggest problem encountered by enterprise customers at present is that they do not know how to analyze threats and do not know how to respond quickly to threats; what is more, they do not know how to integrate closely with security operations in the whole process, which are the main problems to be solved in the 3.0 phase of threat governance strategy. And it is in order to solve these problems, with the help of the 10th anniversary of advanced threat governance, AsiaInfo launched a new security solution-XDR.

Integration and upgrade of XDR solution launched by AsiaInfo Security

What is XDR?

Friends in the security circle may have heard of EDR (Terminal Detection and response), MDR (hosted Detection and response), and NDR (Network Detection and response). What is the XDR of AsiaInfo Security?

Through understanding, the XDR solution as a whole is born out of the SOAR platform, is a set of discovery, response, prediction in one set of solutions. According to Liu Zhengping, deputy general manager of AsiaInfo Security General Product Management, X in XDR represents the future scenario. No matter what scenarios hackers attack through, the solution can provide variable response, while D (Detection) represents the detection and monitoring mechanism, mainly the monitoring of security threats. R (Response) represents the response mechanism, the so-called precision choreography, which can orchestrate response patterns according to different business characteristics, and is more and more inclined to automation.

According to reports, the XDR scheme of AsiaInfo Security includes seven stages of "preparation, discovery, analysis, containment, elimination, recovery, and optimization". The preparation phase includes a standard plan for each type of hacker attack. After finding threat data, the data is centralized to local threat intelligence and cloud threat intelligence for analysis, using machine learning and expert teams. Through the analysis of hacker attack time, path, tools and other details, its features are extracted, and then containment, clearance, recovery and optimization.

Where will the next move go?

In a flash, the game between AsiaInfo Security (former trend Technology) and APT has been more than a decade, and his answer has been given as to how the next move will fall. Liu Zhengping said that the future network security can not only rely on professional people to do, but more artificial intelligence into the network security, the use of artificial intelligence technology to analyze the remaining data, so as to improve the combat effectiveness of operation and maintenance. And whether AsiaInfo Security based on SOAR's latest XDR scheme can be invincible in the next game, let's wait and see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.