Shulou(Shulou.com)11/24 Report--

The "intelligent emergence" brought by the large model not only endows Qianxing with new development opportunities, but also brings new challenges to the safety construction of enterprises. Traditional security policies, paradigms and tools are gradually invalid in the face of the improvement of "attack effectiveness" brought by the AI model, so it is urgent to reconstruct the security construction path and goal.

On September 8, at the 2023 Tencent Global Digital Ecology Conference, Tencent safely released the "Digital Security immunity level Assessment tool" to help enterprises re-evaluate security values and systems in the intelligent era and grasp the overall security construction of enterprises from an overall perspective. " Digital Security immunity Model "is a new security paradigm proposed by Tencent Security and IDC in June this year. It builds security from the perspective of enterprise development and deploys three layers and six modules from the core data and business of the enterprise.

Ding Ke, vice president of Tencent Group and president of Tencent Security, said that the "digital security immunity level assessment tool" is similar to the security version of the "personality test", providing corporate decision-makers with a security "coordinate system". Committed to helping enterprises diagnose and solve problems themselves, Tencent itself and a large number of enterprise users of Tencent security services are practitioners and beneficiaries of the "digital security immunity" model.

Re-measure the security construction in the intelligent era, the head enterprise highlights the demonstration effect.

In the face of the rapidly expanding security risks in the era of AI model, the traditional security paradigm of enterprises needs to be rebuilt. "Enterprises need to jump out of the passive defense rut of 'anti-black and anti-ghost', focus on the two core values of business and data, and build an endogenous digital security immunity." "it's like fighting a variety of viruses, the best choice is never to take antibiotics, but to build a strong body and immunity," said Lu Yiping, general manager of Tencent's Security Strategy Development Center.

("Digital Security immunity" model framework)

On the forum, Tencent Security combined with immunity Model released the "Digital Security immunity level Assessment tool". Lu Yiping said that this assessment tool is based on business identification of key risks and establishes a yardstick with reference to the industry. Each enterprise will get a benchmark score after participating in the test. Through comparison, you can know its own horizontal position in the industry. What is the gap with the industry head and median? on the basis of a clear understanding of risks and gaps, help enterprises establish a landing security construction path.

(Lu Yiping, General Manager of Tencent Security Strategy Development Center)

The evaluation tool designed based on the immunity model, through a structured "maturity" survey, a total of 120 questions are set around six security dimensions: data security governance, business risk control, security operation and management, boundary security (network security), endpoint security and application development security, covering typical scenarios of enterprise security construction.

"the security colleagues of many enterprises will focus on the sectors they are responsible for, but from the perspective of development, we should consider all the core modules as a whole. the original intention of the assessment tool is to give security builders a chance to 'take a step back'. To be able to look at security from a more global perspective." Lu Yiping said.

In fact, some industry leaders have taken the lead in establishing the demonstration effect of digital security immunity. For example, Cosco Shipping, one of the benchmark enterprises in the logistics industry, clearly deployed the defense line around the core data assets and digital applications when it cooperated with Tencent, and the two sides joined hands to create a security system of "civil air defense + technical defense + joint defense". Fully integrate the security innovation technology and the experience of security experts to effectively ensure the core data, systems and business security of COSCO Shipping.

Zhongyuan Xiaojin focuses on the "life gate" of the financial industry-- business risk control construction, from anti-fraud to federated learning modeling, and then to intelligent decision-making platform. in the past three years, it has joined hands with Tencent Security to build a dynamic and intelligent security risk control system to support the development of online financial business with 20 million users.

The evaluation results of three key industries have been released, and data security and business risk control have become the focus of security construction.

It is understood that at present, 60 enterprises, including finance, energy and industry, have participated in the testing of assessment tools. The survey results show that the security modules that enterprises most want to improve are mainly concentrated in two parts: data security governance and business risk control.

Take the financial industry as an example, 40% of enterprises expressed expectations for the construction of business risk control, and 35% of enterprises said they most wanted to improve their data security governance capabilities. This is strongly related to the business attributes of the industry. The financial industry is a natural data security sensitive industry, which requires more detailed data rights management. In the process of retail digitization, in order to adapt to the characteristics of customer base sinking, financial products release and rapid audit, we also need more fast, accurate and agile risk control ability.

(digital security immunity level assessment tool)

More than 50% of enterprises in the energy industry and manufacturing industry are concerned about the improvement of data security governance capabilities, and there is a need for deployment of security products such as intrusion prevention and VPN.

In addition, the head effect of safety capacity building in various industries is obvious, in which the head of the energy industry is more focused, and the level of the manufacturing industry is more similar. The overall score of the financial industry is the first, and the industry has a high level of digital security immunity, but there is a slight deficiency in the risk control scenario for business segmentation, while the energy industry and manufacturing industry are more adequate in the deployment of security tools, but the modules around key data and business need to be improved.

According to the feedback of 60 enterprises participating in the test of the evaluation tool, the "Digital Security immunity level Assessment tool" can modularize the shortcomings of the enterprise's own security construction, help enterprises locate the key risks, and thus help enterprises to optimize their security deployments and help enterprises build multi-dimensional security barriers.

The large model drives the industrial Internet into the intelligent second half, and the security construction is dynamic. To create a flexible, flexible and scalable security immunity capability, the security construction of enterprises will be more effective. Starting from the "Digital Security immunity level Assessment tool", Tencent Security will combine its own practice and experience in serving a large number of enterprise customers, open up its own technological atomic capabilities, and help enterprises improve their digital security immunity. Calmly deal with the security challenges of the new era.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.