Shulou(Shulou.com)11/24 Report--

On September 5, Fuzhi held a press conference.

It not only interprets the "new security paradigm".

It also issued a new security operation plan.

More authoritative organizations, users and friends to share.

Let's review the scene together.

According to the monitoring and research of China Information Security Evaluation Center:

From 2018 to 2022, the number of new vulnerabilities continued to surge, and the growth rate of ultra-high-risk vulnerabilities was as high as 98.8%, among which the contest of 0day vulnerabilities reached an unprecedented state.

In the year 2022 of ✅, the number of advanced attacks increased, the means of attack became civilian, the targets were generalized, and the blackmail of APT became more and more obvious.

In ✅ 2023, GPT large model technology broke out, and the attacker used vulnerability information to convert POC to achieve work efficiency of up to 5 individuals.

Behind the shocking conclusion of the data is a great change that has not happened in a century, and the situation of attack and defense is surging.

Ren Wang looked forward to the "new paradigm" of network security:

First, to change the understanding of the new, organizational units and network security manufacturers should take the initiative to seek change, fickle.

The second is to create new development, seek innovation while adhering to the overall concept of national security, and seek development in innovation.

The third is to seek new governance, grasp the relationship among the state, enterprises and individuals, and build a new pattern of network security governance with coordinated and high-quality development at all levels.

Xiao ran concluded that the current organizational units are unable to prevent, detect and respond to threats, and the reasons are as follows:

✅ 's traditional way of dealing with the core competence of threats has been unable to adapt to the rapid development of threats, especially the application of AI technology.

In the past, the security construction of ✅ is stacked layer upon layer, and the equipment is on its own, so the security experience and effect are not satisfactory.

The ✅ localized delivery model is highly dependent on personnel levels, and there is an upper limit on the ability to deal with advanced threats.

As a "time-honored brand" in the network security industry for 23 years, it is convinced that it has developed in innovation and launched a "new security paradigm"-"open platform + leading components + cloud services" with AI and Yunhua as the core.

This new paradigm is based on the open platform "seeing, seeing, hearing, listening, hearing and hearing", fully connects the various components like limbs, takes AI as a blessing, and makes full use of cloud data, computing power, expert resources, and cloud-based collaborative services to form a systematic and intelligent mode of operation, raise the safe water level, reduce the input-output ratio, and help organizational units deal with unknown and advanced threats efficiently and accurately.

According to the latest research from IDC, network security is regarded as a strategic investment for organizational business success. Enterprises seek higher security operation efficiency and have measurable results, but the shortage of network security personnel is still the primary challenge.

Enterprise security operation needs more simple and effective security tools. In this year's IDC FutureScape: global Future Trust Forecast, it is mentioned that by 2026

In 2008, 30% of large enterprise organizations will build automated SOC

To solve the problems of shortage of network security personnel and lack of capacity, so as to achieve more efficient repair, event management and response. XDR technology represents the best technical route of automated SOC.

Cathy Huang pointed out that while SIEM is still useful in log management, compliance, threat-independent data analysis and management, XDR focuses more on timely threat investigation, isolation, containment, and response to attacks, effectively meeting users' pursuit of performance and efficiency.

Based on analysis and automation, XDR collects high-quality telemetry data from multiple security tools, and combines new technologies such as AI / machine learning to correlate security data / events, accurately detect threats, and respond efficiently.

In the past, the mode of safety construction is highly dependent on people, who are the ceiling of effect and the weakness of the organization.

When an alarm / event occurs, security operators need to find the traffic log and host log related to the alarm in the massive data, complete the traceability analysis of the event, and then combine the tools to complete the event response work. This highly depends on one's own ability, knowledge and work efficiency.

Like the development of car driving technology, it brings convenient experience to human beings. We are convinced that safe operation will enter the era of "smart driving", using technology dividends to release people's energy, turn individual capabilities into organizational capabilities, and help organizational units improve efficiency and reduce costs.

Convinced of the new security operation paradigm, based on high-quality telemetry data, through the collaboration of XDR, SOAR, ASM, MDR and cloud services, combined with security GPT technology enabling, greatly improve operational efficiency and actual combat effectiveness.

Among them, XDR technology continuously obtains high-quality first-hand telemetry data, uses rich and detailed context information for scene detection, restores storylines, and automatically investigates and provides evidence to achieve less and accurate detection results; through hierarchical threat operation, releases manpower from massive research, judgment and disposal work, and further reduces the threshold for users under the blessing of security GPT technology.

Based on years of deep cultivation in the field of XDR technology, this meeting was convinced that the joint FreeBuf released "Global Insight: research report on the Development and Application of XDR Technology in the Forces nouvelles" to help more people understand the evolution, application scenarios and future development trends of XDR technology.

According to the actual working journey of users, the operation effect demonstration based on XDR platform is also carried out on the site. Under the specific scenarios of daily operation and actual combat attack and defense, users enjoy the technical dividend brought by the new paradigm through XDR multi-source data aggregation analysis, rapid tracing of attack storylines, intelligent confrontation, threat characterization and other value features.

In the process of safe operation and construction, the Ministry of Water Resources has explored many ways: from the "network"-based multi-brand and multi-device defense, to the "end"-based protection of core assets, to the typical SIEM architecture, to the current "open and growing" XDR development route.

From pursuing the quantity of access data to focusing on the quality of access data, the Ministry of Water Resources combines its own business with algorithm fusion and model tuning on the basis of XDR out-of-the-box detection model, thus turning passive defense into active perception.

On the basis of calculation, this architecture ensures that the necessary high-quality log data of threat awareness is collected through standardized processing of multi-source data, dynamic management of asset data and optimization focus of vulnerability data.

On the basis of the algorithm, this architecture constructs the algorithm model of attack threat detection, multi-source alarm fusion and business fusion abnormal behavior detection, which solves the previous challenges such as massive alarm difficult to deal with, advanced threat detection and so on.

At the meeting, users from Konka Group, China Railway Construction, Zhejiang Unicom and Hubei Daily expressed their unique views on the "new paradigm of safe operation".

I am convinced that Shang Xin will be released in this security conference.

Focus on "adding code" to your safe operation

Promote the change of productive forces with new technology

Promote the landing of various industries with a new paradigm

May you reap the harvest

"experience is one step ahead and the effect leads the way."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.