Recently, a Foxconn factory in Mexico was attacked by hacker ransomware. The hacker organization DopperPaymer attacked more than 1,000 servers, stealing Foxconn’s unencrypted files, encrypting data related to North American business, and extorting the company to pay 1,804 bitcoins (value About 35 million US dollars) to buy a decryption tool.
Coincidentally, two months ago, Software AG, the second largest software company in Germany, was attacked by the Clop ransomware group, and its system was paralyzed. It was ransomed with a ransom of more than 20 million US dollars. The impact was huge and the company almost went bankrupt.
With the development of technologies such as AI, cloud computing, and the Internet of Things, security issues have become more prominent. According to the cybersecurity company Sonicwall in the “2019 Cyber Threat Report”, in 2018, Sonicwall recorded 32.7 million IoT attacks, which is an increase of 217.5% from 10.3 million IoT attacks in 2017.
He Chaoxi, Chairman and CEO of Sangfor Technology, stated at the just-concluded Bay Area Transcend · 2020 Cybersecurity Conference, “Leaving security to build new infrastructure is like building tall buildings on sand. In the future, once technical risks and large-scale attacks occur, It will evolve into a digital disaster for the whole society!"
So how can developers defend the security of the new infrastructure when the new infrastructure is accelerating?
"Security is at the front of the business and infrastructure construction, not at the rear"
Ma Cheng, vice president of Sangfor Technology, said that in the past, companies usually put business and infrastructure construction first, and then looked at the security risks, and added security products based on security risks. With the development of the black industry and the increasingly fierce international confrontation, cyber security is the starting point for protecting the operation of infrastructure in the future, and security should no longer be post-positioned.
He Chaoxi said that the new infrastructure provides a good opportunity for security. Since we have built a large number of new infrastructure, we can adopt new security thinking. For example, at the beginning of infrastructure construction, security is integrated into infrastructure and applications. For example, when security is applied to the cloud, when the traffic comes, malicious attacks can be automatically identified and alarmed, and there is no need to direct the traffic to the cloud for security detection. Another example is to do IoT authentication and encryption protection on the cloud IoT, without independent security protection. In this way, the integration of security with infrastructure and applications can greatly simplify the complexity of building security for users and reduce enterprise costs. This is the direction Sangfor is actively exploring.
The new infrastructure will bring new security capabilities, such as cloud computing costs, artificial intelligence computing power, and big data costs will drop sharply. Applying cloud, big data, AI and other technologies to security can train various security models, improve the detection rate of security detection, and improve the response efficiency of security operations. Therefore, our entire industry should actively embrace the new infrastructure, not only the demand it provides, but also the capabilities it provides.
So under the new infrastructure, how can companies and developers build new security capabilities?
Under the new infrastructure, security capabilities are built
He Chaoxi shared the following 4 points of experience:
1. Strengthen overall planning and operation. Enterprises need to pay enough attention to safety construction and invest sufficient resources, and both need to continue to invest. Safety operation mainly refers to routine and operationalization, PDCA iteration of safety work, and continuous formation of closed loop and review of pre-, during, and post-event disposal. In the past, construction was more important than operation, and the industry has improved significantly in the past two years.
2. Security is integrated into infrastructure and applications to enhance security capabilities. Sangfor believes that security may become the fourth largest infrastructure besides computing, storage, and networking. Why does security need to be integrated into infrastructure and applications? Because there is a lot of uncertainty in security, which may appear in any resistance of the system, the most effective and lowest cost method is to build security capabilities in infrastructure and applications and integrate security into infrastructure and applications.
For example, the internal medicine department of the storage department directly checks whether there is malicious software without installing anti-virus software in a certain server; various security capabilities are built into the application, including user authentication, injection inspection, and the SDK for trapping unauthorized behavior; in the infrastructure A trusted mechanism is added to the application to realize the protection ability... In this way, the ubiquitous security detection, response, defense, and recovery of the entire security closed loop are realized.
He Chaoxi reminded that with the advent of the 5G era, security can be integrated into 5G to form 5G native security. In addition to building 5G native security on the operator side, 5G native security can also be built on the user side, integrating security into 5G applications and user side and other 5G-related infrastructure. For example, there are many edge computing nodes in the 5G network, and multiple services are deployed on the edge computing nodes to share these top-level infrastructures. Therefore, the edge computing nodes can have built-in security protection to automatically sense and handle the risks of each application. There are a variety of Internet terminals under 5G networks. These terminals are connected to the cloud, and security needs to be integrated into it. The security SDK is embedded in the IoT terminal, and there are measures for application protection and traffic protection on the cloud. As a result, under 5G There is enough natural protection for the development of the Internet of Things and the deployment of Internet of Things applications. At present, Sangfor has invested in the development of native 5G security on the user side.
3. Open collaboration, security must be integrated into infrastructure and applications, and the entire industry needs to be open for collaboration. Security vendors, cloud or storage infrastructure vendors, and application developers have different capabilities. They need to cooperate and merge capabilities to communicate and protect users' services. Secondly, various infrastructure, applications, and security products need to realize different levels of interface opening at different levels, functional KPIs, log standardization, and mutual docking and safe operations can finally achieve safe operations. The third is the openness of talents. Security talents are very scarce. This phenomenon will exist for a long time. User units can effectively use external talent resources through security services and security policies.
Currently, Sangfor combines AI, big data, and cloud computing technologies to create an integrated protection technology of security + AI, security + big data, and security + cloud.
In terms of security + AI, Sangfor began to use artificial intelligence technology to strengthen security detection capabilities in 2016, such as the AI-based anti-ransomware terminal software SAVE engine, which captured more than 200 different ransomware this year. Applying artificial intelligence to the WAF engine improves the detection rate of application attacks to more than 90%. Applying artificial intelligence to learning access traffic, and establishing UEBA detection model through artificial intelligence, the detection rate of malware traffic is greatly improved.
In terms of security + big data, with customer authorization, more than 100,000 edge gateway devices are involved in the secure cloud brain, and the secure cloud brain gathers billions of logs every day. In this way, it can be modeled on massive amounts of data to detect real-time threat intelligence every day. Use the security cloud brain to quickly deal with threats. Whenever a new threat is found, these new features will be automatically generated. These new features will be distributed to all devices and products around the world within 5 minutes to update them to other users. protection of.
On security + cloud, Sangfor has recently released the SASE security product "Cloud Security Access Service Sangfor Access". Through the integration of "SD-WAN access service + complete cloud delivery security product stack" and multiple POP nodes deployed around the world, To provide users at home and abroad with more flexible, more stable and more effective end-to-end network and security services. Due to the limited security and services purchased by many SMEs, there is no way to get good protection. Through cloud computing technology, the traffic of small businesses will be imported to the cloud, and the cloud will be protected in a software-defined manner using a flexible security strategy to reduce corporate security costs and achieve inclusive security.
Although under the new infrastructure, security can be combined with cutting-edge technologies such as AI, finding suitable security talents has become a headache for enterprises. According to Ma Cheng, the current network security talent gap is about 2 million. In response, Sangfor established Sangfor Industrial University and formulated the strategic layout of "1262": "Sangfor Industrial University" as a brand; "Dual-core and dual-cycle strategy" network security and cloud computing two hard cores, domestic and foreign talent training dual-cycle two major Strategy; Convinced in the six major products and services of industry education cloud platform, school-enterprise cooperation and collaborative education, government-enterprise training, technology certification system, competitions, and talent training base construction; scientific research cooperation fund & talent training fund.