Shulou(Shulou.com)11/24 Report--

80% of the retail enterprises across the country have suffered security attacks, and the e-commerce industry has become the main industry of Internet attacks, of which 62% are related to online retail. Cyber attacks against retail enterprises such as brushing, fleece, malicious bad reviews, malicious orders, malicious crawler fraud and so on are common, resulting in huge economic losses and brand reputation damage from time to time. How to enhance the immunity of enterprise digital security and balance business development and digital security has become an important issue to be solved in the retail industry.

On August 24, the Tencent Security Open course focused on the security construction scene of the retail industry with the theme of "how to enhance the digital security immunity of retail enterprises to reduce costs and improve efficiency". Jiang Jun, CTO of Shanghai Laiyi Co., Ltd., Lan Sichuo, Tencent Cloud native security architect, and Huang Yuqian, senior product manager of Tencent Cloud Business Security, were invited to optimize the security deployment architecture in the retail industry. To achieve efficient security management, business risk control and other issues, for enterprises to enhance digital security immunity to provide new ideas and reference.

AI empowers dynamic management to keep the safety bottom line of the "small store chain" organization.

As a national chain retail enterprise, the "small store big chain" model is facing a cloudy environment and multiple subsidiary access, and the complex infrastructure situation has brought great challenges to network security governance. Combined with the actual business scene of the enterprise, Jiang Jun, CTO of Shanghai Laiyi Co., Ltd., brings the enterprise safety exploration of small stores and large chains in the AI era, and deeply shares the safety practical experience accumulated by Laifei over the past 20 years.

Jiang Jun said that Laiyi's IT architecture implements security three-line dynamic management at the internal, external and core levels, through red lines, basic lines and extension lines to control the construction of new and old applications and operation and maintenance specifications and different levels of sensitive data requirements to protect the entire life cycle of data.

Laifei integrates many years of experience to form a network security practice capability of unified configuration, network isolation and two-line hot backup. With the rapid development of AI, how to use the ability of AI to further improve the level of security intelligent management has become an important exploration topic for Laifen. In practice, faced with conflicts such as 24-hour business operation, 3600 store management, business opening and system security, Laifen uses AI capabilities to enable security construction, insists on "awareness + tools" for information security, and provides capacity upgrading in many areas such as risk management, vulnerability management and information security awareness training through AI, and explores a security protection system based on AI.

Minimalist security system to solve the problem of balancing security efficiency and deployment cost

Lan Sichuo, a native security architect at Tencent Cloud, pointed out that the retail industry is second only to finance. On the one hand, enterprises are facing increasingly prominent network security challenges, such as business risk of risk control layer, Web application layer security risk, host layer security risk, network layer security risk, etc., on the other hand, the enterprise's own security water level raising effect is not good, but the security investment continues to increase, but the actual protection effect does not increase accordingly.

Faced with the dilemma of being caught between traditional security problems and new cloud security threats, in order to minimize the cost of security deployment and raise the overall protection level, Tencent Security is based on the concept of digital security immunity, to create a minimalist security system of "one access, two convergence, three protection", and to protect the cloud security of retail enterprises through integrated management.

The specific path of "3x1" security protection is as follows: Tencent Cloud firewall serves as the "first line of defense" to seal IP, block loopholes, prevent intrusion, and build a solid main position of enterprise security; Tencent Cloud Web application firewall adds "second line of defense" to provide comprehensive and all-round protection. Tencent CVM / container security is the "last line of defense" for real-time monitoring and precise protection against threats of vulnerabilities, providing process-level in-depth protection for hosts / containers on and under the cloud. The Cloud Security Center finally joins three lines of defense to achieve multi-account management and multi-cloud unified management, drawing a "concentric circle" of one-stop security portals.

Build retail business risk control system in three steps to enhance digital security immunity

Black ash products erode the marketing funds of retail enterprises, which usually appear in customer acquisition fission, one thing, one code scene, Mini Program, community and other private domain scenes, live broadcast scenes and so on. Focusing on business risk control, a common security pain point in the retail industry, Huang Yuqian, Senior Product Manager of Tencent Cloud Business Security, shared the best practices of Tencent Security's "three steps" to quickly build a retail business risk control system.

Huang Yuqian pointed out that attacks are everywhere and business risk control is "operational integration" in order to continue to escort the enterprise's business risk control. First, full-stack risk control engine accurately identify account and equipment risks, and exclusively support Wechat ecological underground industry identification to solve the problem of fraud in registration, landing, marketing activities and other business scenarios; second, brand protection, help enterprises to "fight counterfeiting", AI monitoring, continuous detection for 7 × 24 hours to crack down on brand counterfeiting; third, one-stop content security protection, identification of content risks and maintenance of ecological health.

According to Huang Yuqian, Tencent has 20 years of risk control practice, has massive risk control characteristics and rich experience in black ash production, and has provided risk control services to hundreds of customers, covering all kinds of business risk control scenarios. accurate and stable protection of enterprise business security.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.