In recent years, network security issues become increasingly severe, companies were captured event after another hacker, attack and defense business is like a cut off from outside intrusion barrier, once the barrier is compromised, information and data security will lose protection. With the arrival of the wave of cloud computing, more and more companies began to explore new routes in the cloud, the amount of data expected to solve complex application, server operation and maintenance of high costs, unstable operation of the host, supporting resources and other issues to be improved, and cloud computing applications boom, but also to the cloud security has become a new proposition.
Offensive and defensive combat:
Security of a wall cloud
Into the cloud era, the closeness between enterprises and between enterprises and enterprise users with the gradual strengthening of a single carrier has been unable to meet the storage needs of this stage of data security dimension, there is a big vacancy on cloud security business, face between industry connection enhancements, cloud security hazards will also rise, with different age of the Internet, hacking tools cloud era faced more "clever."
● meter plan of attack: on the attack before the cloud server, the hacker has targeted play logic, to expose the vulnerability of the cloud periodic attacks, prevent professional security offensive and defensive team location tracking, so that the source of the attack more difficult to troubleshoot .
● large-scale operation: a single terminal host-initiated active attacks, has been difficult to cause harm to the cloud have absolute protection system, and the ash production team Trojan viruses invade a large number of personal devices implanted through a network, making hackers "chicken" to this cloud-scale attack on the host, so that traffic on the cloud server overload and crash.
● burst damage : due to the influx of many people in a particular node, malicious person access to the investigation difficult, hackers often node initiates burst damage in these times, which defeated the cloud server.
In the era of cloud computing, cloud offensive and defensive capabilities become one of the effective means to combat hackers. Whether on business cloud or cloud service providers, cloud security issues in the face of the current complex and volatile, and gradually began to take the offensive and defensive thinking shift from passive defense to offense and defense. For businesses, compared to the self-built complex architecture of network security attack and defense system, choose secure cloud service providers to provide cloud services become the choice of most businesses. For cloud service providers, cloud on how to protect data security, offensive and defensive provide cloud services to ensure stable cloud applications, cloud is to build offensive and defensive systems on the primary benchmark.
Product reviews
Battle cloud, cloud injection native force Tencent
Tencent cloud security offensive and defensive system was established 20 years Tencent achievements in safety technology on the basis of, for Tencent, Tencent cloud build offensive and defensive system has a double meaning, on the one hand , to maintain their own security system maintenance, protection Tencent cloud host security, guarantee safe and stable operation of the server in the cloud, not hacked to ensure safe operation and maintenance of various product lines; on the other hand , the ability to integrate technology, integrated into Tencent cloud and other products, to provide security offensive and defensive help as partners, to protect enterprises data in the server's security, stability and smooth running system applications.
In the security building on the cloud, the cloud for enterprises, the core data security demands that the terminal server operates in a stable, safe and reliable technology.
● data security , Tencent cloud has industry-leading AI technology, threat intelligence, and offensive and defensive capabilities, serving the world's more than 1 billion users, with more than 500 business scenario, the formation of massive amounts of digital assets safe "security units" to protect enterprise data Safety;
● In the server stability , Tencent mounted stabilized cloud server network architecture, the network mature NIC virtualization technology and binding technique, T3 running the data center and above, high network availability, load-bearing capacity;
● In terms of reliable technology , Tencent cloud security architecture designed in accordance with international standard line, is the world's first to obtain ISO / IEC 27701: 2019 standard certification of cloud service providers, the latest release of "Chinese Internet cloud technology patent analysis Report" cloud security technology and patent applications Tencent are the first.
From network security to application terminal, from the underlying system architecture to application data protection, Tencent cloud access security attack and defense to provide full protection. In building enterprise security attacks test system, Tencent cloud provider site penetration testing, offensive and defensive drills - red and blue against the public safety and measurement services, promote enterprise information system to improve and enhance the safety of operation and maintenance personnel protection awareness. And in the construction business protection system, Tencent cloud to provide network security, data security, terminal security, application security and security operations center services, the establishment of effective security barrier.
Tencent and so on security against system diagram
Analog attack line: taking the offensive, the cloud security vulnerability detection
1. Web site penetration testing
By fully simulate hacker might use to attack vulnerability discovery techniques and technology, the security system of the target depth of the probe, found that the most vulnerable parts of the system, which can effectively verify the presence of each degree of security risks and points available, and from the most urgent need to identify the enterprise to solve security problems, helps managers understand the distribution of systemic risk point, allowing managers intuitively know their own problems faced by network. Tencent cloud has first-class technical strength and rich experience in offensive and defensive team of experts, combined with Tencent seven joint laboratories offense and defense experts, prospective study security vulnerabilities technology, insight into the latest security threats.
2. The offensive and defensive drills - red and blue against
In practical understanding of enterprise security situation on the basis for the core business, simulate a variety of real confrontation of red and blue (network attack and defense) scenario, the business people understand the process and the actual common network attack protection, corporate security awareness training and upgrading of security personnel and increase the level of protection and safety skills of security personnel from the actual environment. Can be carried out between the various provincial and municipal red and blue confrontation, affecting a wide range of information security team can promote development and exchanges in all provinces, but does not limit the methods of attack, you can find a better system vulnerabilities, strengthen technical personnel safety skills, improve their overall information security technology.
3. Public safety measure
Privately, efficient security testing through the "white hat" (front hackers, identifies your computer system or network security vulnerabilities in the system), to help companies discover the full range, and submit a business in security vulnerabilities and risks to help enterprises timely response and fix security vulnerabilities, to avoid greater loss of business. Tencent cloud of white hat has a professional team, help enterprises penetration testing, from the perspective of a hacker discovered security vulnerabilities and risks, test coverage, detection of particle fineness, to ensure that all levels of the enterprise systems are tested.
Line of defense: defensive to the offensive, deploying all-round protection layer
1. Network Security
Network security layer is actually the application layer security isolation, by resisting DDoS attacks and the establishment of WAF application layer protection system, and achieve basic protection.
Network security architecture diagram
Against DDoS attacks: DDoS attacks, also known as distributed denial of service attack, simply put, is a hacker to access a server by manipulating a large number of "chicken" at the same time, eventually leading to the attacked server does not work properly. Tencent cloud DDoS protection with a comprehensive, efficient, professional protection, provide for the organization of high anti-DDoS package, IP and other high anti-DDoS DDoS solutions to the problem of DDoS attacks.
Stable "self-development + AI intelligent recognition" cleaning algorithm to protect the user's Tencent cloud service through adequate, high-quality DDoS protection resources, combined with the continued evolution and safe operation. Distributed take protection solution, deployed by many external cloud the Protective node, dispersed flow, on the one hand to improve attackers threshold, on the other hand increase the capacity of DDoS protection, but also can increase business flexibility in the face improve service availability when attacking large traffic DDoS.
Cloud Firewall (Cloud Firewall, CFW) is a SaaS-based firewall technology public cloud environment to provide users with Internet boundary, network access control VPC border, while a variety of embedded security capabilities-based traffic, for access control and integrated security defense and automation, is the first network security infrastructure cloud on the customer's business.
2. Data Security
Data security structure chart
Tencent cloud integrated use of management experience in data security and data protection technology, to create a data center security management, service data encryption, key management system, credential management systems, data security audit, fortress machine, sensitive data processing and other seven product system for manner provided in each stage of the data lifecycle protection, data security protection to help users overcome the "four difficult", help enterprises quickly build data security defense.
From the point of view of data security, Tencent cloud services using cloud security password conforms to the requirements of state secret Bureau and finance industry specifications to provide data encryption services to protect data security, risk-averse. Database security audit system based on artificial intelligence, database mining process can be run in all kinds of potential risks and hazards, escort for the safe operation of the database; from the data management perspective, through sensitive data discovery algorithms, data security management center can pinpoint your sensitive data, and the combination of AI technology and threat intelligence, screening out abnormal operation of these access sensitive data to help businesses prevent data leaks ahead of the problem.
3. Terminal Security
Security configuration diagram of the terminal
● Zero Trust:dependent on terminal credible, trusted identity, trusted application three core capabilities, Tencent cloud terminal to achieve security, stability, efficient access to corporate resources and data in any network environment. Before granting user access to enterprise applications, including enterprise to provide micro-channel scan code, Token two-factor authentication including a variety of authentication methods to verify the identity of all users. According to the functions conferred specific user / user groups and access requirements, to ensure that users can only access the network within the access to applications and data within the rights, the implementation of the principle of least privilege, to better protect access to security-sensitive production environment.
● The mobile terminal security management system (EMM):providing mobile services security management solutions, may be used to construct secure mobile control office space. EMM to provide a safe working space for staff terminal to separate business office environment with employee private environment, while providing identity, device, and mobile unified management background risk detection capabilities of applications.
● Host Security:threats based on the data accumulated massive Tencent security, the use of machine learning to provide users with a hacker intrusion detection and early warning risk vulnerabilities and other security services, including password cracking interception, abnormal login reminder, killing the Trojan files, and other high-risk vulnerability detection security features to address key network security risks faced by the current server, to help companies build server security system to prevent data leakage.
4. Application Security
Application security structure chart
● Web application firewall (WAF):help Tencent cloud inside and outside the cloud Web users respond to attacks, intrusions, exploits, hanging horse, manipulation, backdoors, reptiles, domain name hijacking and other sites and Web services security issues. Tencent organizations through the deployment of cloud website butler service, a Web threat of attack pressure transferred to Tencent cloud Site housekeeper protection cluster node, minute level Tencent acquired Web service protection, as the organization's website and Web services security escort operations.
● Mobile Application Security:provides full life cycle of APP-stop security solution that covers the reinforcement applications, security testing, compatibility testing, piracy surveillance, monitoring collapse, security components and other services.
● vulnerability scanning service:a security service to monitor website vulnerabilities, provide enterprises with 7 × 24 hours accurate and comprehensive vulnerability monitoring service, and to provide professional repair is recommended in order to avoid loopholes exploited by hackers, affecting asset security companies. Currently vulnerability scanning service has been widely used in many industries in finance, telecommunications, government, energy, military, and has been the use of multiple regulators and industry grade protection units.
5. Security Operations Center (SOC)
Tencent large mass-based data security, and a wealth of security experience, continuous monitoring of the customer's business security, real-time alerts to security incidents, warning users of possible security risks. Through ongoing analysis of massive data multidimensional, intelligent, to provide users with information vulnerability, threat discovery, event handling, baseline compliance, and leak detection, risk visualization and other capabilities, and take appropriate security measures to protect the security of information systems, help users realize the full life cycle of security operations.
Security Operations Center architecture diagram
Ability chapter
Tencent cloud three hard core, the cloud security guard companies
For businesses, the cloud is the foundation of offensive and defensive capabilities. Tencent seven joint laboratory injection native force of Tencent cloud, based on machine learning, artificial intelligence, edge computing, digital twin other cutting-edge technology to create cloud security products best meet security companies in operation and maintenance process required for customers offensive and defensive capabilities to provide integrated security dimensions on.
Tencent seven Joint Laboratory
● cutting-edge technology:As Tencent cloud support characteristics, security is the underlying core. As one of the offensive and defensive elements of the enterprise cloud, cloud native is considered enterprise "cloud" of the cornerstone of the strategy, the so-called cloud native, is a kind of building and running the application method, which takes advantage of the model of cloud computing delivery, how to create and deploy applications integration, which means that the application is in the cloud, rather than the traditional data center, security, data protection and great controllability. Constructed of native cloud security system, providing a network and access security, application security, data security, system security, cloud infrastructure security. It is the safety of these application architecture layer, providing a secure firewall Tencent cloud.
With respect to IT infrastructure "cloud", Tencent and so on native technology products based on the latest vessel, the micro-service, non-server technology to help companies build native cloud applications from the development, deployment, operation and maintenance of software life cycle, on the one hand give full play to stretch and elasticity of cloud computing advantages of on-demand to help companies quickly build a new generation of business structure to adapt to the Internet model, on the other hand, to help companies build the full link safety system for enterprises in the cloud security, and stability.
● echelon personnel:on the security aspects of personnel development, Tencent cloud has the absolute talent matrix, the linkage Tencent seven joint laboratories and security platform section Chaoguo300research forces set up a "full-stack cloud security research working group" on the cloud comprehensive security, prospective study, at the same time, build3500of security experts and technicians poured into the construction of Tencent cloud security system, to provide personnel to assist on cloud security.
● Ecological Construction:Construction of industry best defense programs, need to integrate the various core security capabilities, Tencent cloud ecological joint security partnership, launched P17 security leaders club, while polymerization mainstream security forces FP50 cutting-edge clubs, and industry partners to build secure Internet ecosystem ecosystem. In addition, Tencent advantage of various safety interlocks safety products and equipment for customers to collaborate defense. Under the cooperative system, both Tencent native security capabilities precipitation itself, but also from the outstanding ability of ecological industrial chain partners, injected into Tencent cloud ecological safety, the safety benefits can be maximized to play.
CSS 2019 P17 security leaders roundtable
Actual articles
Tencent and so on offense and defense practice
Guizhou cloud security offensive and defensive combat game:
2018, called the most stringent in the domestic game cloud security practical exercise "Guiyang big data and network security offensive and defensive drills" in Tencent cloud in the "attack" and "defense" are the two projects come out on top, winning strength. Close combat exercises, designed to test the safety performance of mainstream cloud services platform. 44 from Tencent and other domestic first-line professional security team, respectively, for the mainstream cloud platform launched against the offensive and defensive drills, Tencent eee final team in the "attack" unit won the championship, while Guangdong digital security, security platform Tencent Department, Tencent enterprise IT department Tencent security wing, Tencent cloud security, safety Cohen Tencent labs, in defense against attack, and always maintained without break, to realize their own cloud platform 100% defense.
GeekPwn Cloud Security Challenge:
October 2019, Tencent Anquan Yun Ding laboratory work together GeekPwn launched cloud security challenge, which is currently the world's first cloud-based security real common cloud of offensive and defensive contest. Tencent secure cloud Ding lab by using the most mainstream of the open source cloud platform components, combined with laboratory black cloud attack and defense technology range, to build a true, can complete work full-stack cloud environment, full recovery of mainstream cloud platform architecture, technology and system hardware and software environment, the offensive and defensive rehearsal cloud. On the technology with industry, Ding laboratory technical capabilities will also be injected into Tencent cloud security system, providing offensive and defensive security on cloud Tencent cloud, thus better for the industry to provide a more secure cloud environment.
Battle on the cloud:
Tencent Security Emergency Response Center (TSRC) joint Tencent secure cloud Ding laboratory start the "Battle of the cloud," for the special vulnerability Tencent cloud solicitation of key products, the program aims to protect the security of cloud business, identify potential security risks and promote repair, committed to enhancing the overall security of cloud services, cloud computing to protect and promote the development and operation of the business, to provide security for the realization of the value of the cloud. Finally found a total of more than 34 active vulnerabilities, high-risk accounting for 56% , the effective convergence of online security risks.
Shigeyasu Project Walkthrough:
Tencent cloud with a cloud bank in the project cooperation, the two sides work together to Tencent cloud TCE private cloud as the core, to quickly build a cloud platform in line with the financial level of ecological standards in the public cloud within 40 days of time to build a complete the underlying infrastructure, container, operation and maintenance of security and technological capabilities corresponds. And, in a project Shigeyasu practice, Tencent cloud assist the bank successfully block attacks 1.97 billion times, banned IP 6.8 million, or 52 times incident investigation, the protection of the cloud platform and the platform of dozens of tenants, hundreds of applications , thousands of hosts assets.
Extortion virus events:
May 12, 2017, the use of loopholes in the eternal blue worm spread WannaCry extortion virus outbreak, just a few days, more than 100 countries and regions, hundreds of thousands of computers were attacked, Ding intelligence laboratory team rapid response, Tencent cloud against the epidemic alert users to publish and synchronize on Link block protection mechanism, blocking the worm from the outside using the request, to avoid the spread of the virus spread on the Tencent cloud, hundreds of thousands of users on Tencent cloud fresh there were infected, the epidemic has been fully controlled in the shortest time.
With more and more companies choose cloud, cloud security attack and defense strength to become one of the important parameters of business value. Tencent Tencent years of relying on cloud technology, talent, experience in the security dimension, the aggregation of many ecological security partner capacity, will continue for many businesses, banks, local government agencies, to provide a safe, stable, reliable cloud services industry.
