Shulou(Shulou.com)11/24 Report--

On September 8, Tencent Global Digital Ecology Conference held a special digital security event to explore the practice path of digital security immunity based on "integrated diagnosis and treatment", helping enterprises to speed up the construction of an elastic, adaptive and scalable defense system. Yang Guangfu, vice president of security at Tencent, said in a keynote speech that facing the intelligent era, security operation and management is the immune central system of enterprises. Enterprises can achieve the advanced construction of enterprise safety operation by building an attack and defense architecture that meets the needs of business scenarios and deploying intelligent security big data analysis.

(Yang Guangfu, Vice President of Tencent Security)

According to the China Network Security Industry Analysis report released by the China Network Security Industry Alliance, the size of China's network security market is about 61.4 billion yuan in 2021, with a synchronous growth rate of 15.4% and 63.3 billion yuan in 2022. The industry has maintained overall growth in the past three years, and the market size is expected to exceed 80 billion yuan by 2025.

On the one hand, the investment in network security is increasing, on the other hand, the security challenges faced by enterprises are becoming more and more serious. Nearly 25,000 new vulnerabilities were added in 2022, a record high, and blackmail soft attacks in 2023 will reach the second-highest level ever, with at least $449.1 million extorted by ransomware attackers as of June. In addition, in recent years, the domestic demand for software and hardware in the field of network security is increasing day by day, and the call for independent innovation in the basic hardware and software industry of information technology is becoming stronger and stronger.

In Yang Guangfu's view, enterprise security construction is in a relatively unequal situation of attack and defense. Weak internal safety awareness, lack of compliance understanding, lack of systematic thinking to promote defense by attack, lack of safety big data operation ability and other reasons all restrict the improvement of the safety immunity system.

From the perspective of the development and changes of enterprise safety operation and construction, the current enterprise has changed from compliance-driven enterprises to establishing attack and defense system for security incidents and actively carrying out intelligent deployment. In the past 20 years of security construction, Tencent Security has accumulated three major atomic capabilities: AI capabilities, threat intelligence capabilities, and offensive and defensive capabilities. How to really create value for enterprises and reduce the occurrence of security incidents is the idea of the evolution of Tencent security products.

Upgrade the architecture of attack and defense based on actual combat requirements

In the intelligent era driven by AI, the traditional security path has been unable to meet the development needs of enterprises. Security operation is no longer a simple technical problem, but a system engineering involving all aspects. In order to advance the construction of attack and defense system, the core pain point to be solved is to discover and perceive the existence and possibility of security threats, solve the problem of asset exposure, and meet the requirements of independent innovation.

Yang Guangfu said that the core of the construction of the attack and defense system is to carry out targeted protection construction from the perspective of the attacker and based on the understanding of the attack path. Tencent's security attack and defense architecture is an achievement based on Tencent's security technology over the past two decades, providing partners with full-channel security from an actual combat perspective.

In terms of traffic detection and response, Tencent Security Network threat Detection and response (NDR) performs protocol parsing, file recovery and full information storage on traffic through the combination of expert rules, Hubble sandbox, threat intelligence, AI algorithm and Tencent canopy bypass blocking technology to detect malicious attacks and potential threats in traffic, and quickly and accurately block them, providing analysis of attacks and traceability. Ensure the normal operation of the business and help enterprises to quickly establish an intelligent network security operation system.

In terms of attack surface management, the attack surface management platform (TIX-ASM) of Tencent Security threat Intelligence Center, based on threat intelligence security big data, provides SaaS asset risk monitoring and threat discovery services for global enterprises. From the perspective of external attackers, through a variety of surveying and mapping technologies, we can help enterprises gain insight into the threat exposure of digital assets, track information leakage events and content compliance risks, so as to take corresponding measures to prevent and mitigate the harm caused by security incidents.

In addition, the deployment of independent innovation of domestic security operation of the attack and defense architecture has become an inevitable trend. There are many problems in foreign open source components, such as limited adaptation of domestic hardware, limited license risk, lack of continuous support, and so on. Tencent Security keeps pace with the construction of national information technology fusion innovation system and revolves around the framework of independent innovation solution. Tencent security operation attack and defense architecture to achieve "full-stack independent innovation", providing one-stop Security and cloud construction programs that meet government-and enterprise-level performance and fully support independent innovation.

(Tencent Security "Information Technology Fusion Innovation" Product Matrix)

Intelligent deployment to achieve high-performance, low-cost security big data analysis

The rise of AI ushered in the intelligent era, the traditional security operation and management mode gradually failed, and the enterprise security operation construction upgraded to intelligent deployment. With the increase of enterprise scale and the increase of security equipment, the amount of security data increases exponentially. There are rich data sources, many kinds of data and wide dimensions of data analysis; at the same time, the speed of data generation is faster, and the response ability of security data analysis is also increasing accordingly. The data lake for security big data intelligent analysis will become the basis for enterprises to move towards intelligent security.

Yang Guangfu believes that the core pain point of intelligent deployment of security operations is how to achieve high-performance, low-cost security big data analysis. How can multiple, multi-terminal and diverse security massive data operate effectively and make decisions quickly? How to flexibly control the efficiency and cost of the storage and processing of secure massive data? How can intuitive content and conclusions be provided to help business decision makers understand security risks?

To this end, Tencent Security precipitates its data analysis capabilities into a cloud native security data lake, providing a high-performance data platform and an integrated intelligent analysis engine for security data analysis to solve the problem of data storage and usage cost. achieve intelligent analysis of massive security data, help enterprises to dig deep into the value of security data, and realize the transformation of security intelligence.

(Tencent Security Cloud native security data lake application scenario)

"for the cloud native security data lake, its core is to achieve a balance among scale, cost and efficiency," Yang Guangfu further introduced. "for example, reduce enterprise costs through a good data compression model, introduce an intelligent integrated intelligent analysis engine to improve computing efficiency, and flexibly expand the storage scale to solve the problem of secure and intelligent transformation."

Tencent Cloud's native security data provides enterprises with integrated pan-security data access, processing, storage, intelligent analysis, retrieval, alarm and visualization services. It has plug-in application development capability, supports PB-level data query and analysis in seconds, and can query and analyze contexts of high-risk security events and latent network attacks, and achieve rapid integrity audit, traceability, forensics and loss determination. According to Yang Guangfu, through cloud native, deposit separation, MPP architecture, column storage and other technologies, cloud native data lake can reduce the cost of secure operation and storage of enterprises by 90%, and increase the scale of data processing by more than 10 times.

With the acceleration of the digitization process, the boundaries of enterprise digital systems are constantly expanding, and security risks and challenges are increasing. In the first half of this year, Tencent Security and IDC proposed a "digital security immunity" model framework to help enterprises build a new security paradigm that adapts to the changes of the intelligent era from a development-driven perspective. Among them, the security operation management system is the "central system" of digital security immunity, and creating a new situation of unified, visual, active and collaborative security operation is a necessary measure to enhance the digital security immunity of enterprises.

Yang Guangfu said that Tencent Security's security operation product matrix always revolves around one thing, that is, how to create value for customers. In the future, Tencent Security will continue to open its technological atomic capabilities, integrate Tencent's leading technologies into the enterprise's existing security capabilities, and inject digital security immunity into the security practice of Qianhang Baiye.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.