Recently, hosted by FreeBuf, a network security industry portal, and co-organized by Tencent Security, the "Security Operation Summit Forum Shenzhen Station" was successfully held at the Westin Shenzhen Yitian Hotel. At this cyber security industry event, hundreds of cyber security professionals from all over the country gathered together to discuss "security operations" and "the value of threat intelligence to enterprises in the new era", and jointly explore new security trends in the digital age. train of thought.
Hong Chunhua, deputy general manager of Tencent Security , delivered a speech at the Security Operation Summit Forum. He pointed out that threat intelligence has a very high consensus value in the industry. Through the first SDK integration method and industry security vendors, especially the cooperation in the firewall field, the focus on threat intelligence atoms Ability to keep threats beyond boundaries. At the same time, with the development of NDR/EDR/XDR, the detection and response capabilities of security operations are constantly improving. Tencent Security launched a self-developed big data log platform based on the "cloud native technology architecture" to help improve the security capabilities of the basic software field.
Hong Chunhua said that Tencent has always been committed to building a safe and credible digital ecosystem. After ensuring the security of the group, the security of supporting business success, and the security development of Tencent's security ToB in three stages, in the security fragmentation and demand-side actual combat In the background, the solution of "focusing and atomizing security capabilities" is proposed, digging deep into core capabilities and technologies, focusing on core products, and building a practical security operation system with ecological partners. Currently, the system is focusing on solving bottlenecks in the security industry through "innovation" Engineering has been widely used in finance, government affairs, energy, industry, transportation, pan-mutual and other industries.
Safety atomic force helps enterprise safety construction
At the forum , Sun Yadong, a senior expert in security operations at Tencent , shared technology from the two sections of building security atomic force and reusing security atomic force with the theme of "Security Atomic Power Helps Enterprise Security Construction". With the multi-source heterogeneous security system becoming the norm, facing the security island & data island problem caused by dozens of security products and PB-level data under the public cloud, private cloud, and IDC architecture, Tencent Security uses "Identify, Protect, Detect, Response, Recovery" builds security atomic capabilities, combining Tencent's more than 20 years of security construction experience, the leading security attack and defense capabilities of the seven laboratories, industry-leading big data capabilities, the most complete security database on the cloud pipe end, and a strong industry ecosystem Collaborative capabilities, integrated and developed into threat intelligence and security big data atomic force. Empower enterprises and help them build security.
Threat intelligence empowers third-party security detection, defense, and operation products to deal with modern advanced threats, covering scenarios such as attack surface management, daily operations, re-insurance protection, and business risks. Hybrid multi-cloud unified practical security operation platform, unified data standards, security capability standards and interfaces, through the next-generation security big data platform, integrates multi-source heterogeneous security products to form a unified, coordinated, linked, intelligent, and integrated security operations platform.
In terms of security practice, Tencent Security relies on the "SOC+ security operation system", combines its own 20 years of offensive and defensive confrontation experience and security laboratory top technology at the atomic level, and drives the customer's overall security operation capabilities to continuously upgrade and evolve towards "practical combat"; in the product At the power level, through the deep integration of NDR/MDR/TIX threat intelligence centers, the in-depth collaboration between products and services is strengthened and the precise application of single products or flexible extended combination applications are supported; at the level of ecological power, services are guaranteed by linking ecological resources and capabilities Resilience, creating a brand-new security operation system and structure, and building digital security immunity for enterprises with leading technologies.
Experts gathered at the security operation summit forum. Li Shaopeng, the founder and general manager of Digital World Consulting, shared the security operation with the theme of "Origin and Development Trend of Security Operation"; With the theme of System Theory - Rediscussion on Security Operations, security was disassembled layer by layer in three dimensions of time, space, and function; Chen Zhinian, information security partner of Vanke Group, shared Vanke Group's information security operation practice with the theme of "Vanke Group Information Security Operation Practice" Landing experience in safe operation practice.
In addition, Qin Yangqing, head of development security at Essence Securities, shared the best practices of software supply chain security governance and open source software governance with the theme of "Software Supply Chain Security Governance and Software Security Operation Practice"; Zhang Zhiyao, solution expert of Douxiang Technology The theme of "Systematic Construction of Enterprise Data Security Capabilities" was shared.
Threat Intelligence Helps Enterprises Improve Immunity
In the roundtable discussion on the theme of "The Value of Threat Intelligence to Enterprises in the New Era", security experts focused on the "early warning system" in the digital world-threat intelligence, based on the three perspectives of industry, Party A, and manufacturers, from the perspectives of legislation, users From the perspectives of intelligence type, attack surface, etc., how to make good use of threat intelligence, attack surface management, and the future development of threat intelligence will be discussed, and how to realize dynamic, customized, refined and intelligent threat intelligence.
Tencent security expert Gao Rui gave an in-depth interpretation of how threat intelligence can be integrated into an enterprise's existing security system from a business perspective and ecological industry cooperation. He said that threat intelligence includes attackers' trends, attack methods, attack assets, and how to combine with defenders, sort out the attack surface, and establish an effective closed loop of protection. From the perspective of Party B, it is hoped to establish unity through sceneization, form specific solutions through scene guidance, and then realize lightweight deployment. Take Tencent's security threat intelligence as an example. Relying on more than 20 years of protection experience accumulated in to C-related businesses, the advantages of the top-level public cloud in the country, and extensive coverage of businesses, Tencent can effectively conduct closed-loop security operations against actual threats.
In addition to providing boundary, terminal and security operation center services in simple attack and defense scenarios, Tencent Security also makes corresponding detections for threats discovered in new business formats. For example, Tencent Threat Intelligence builds a matrix with four products. First, the intelligence community aggregates Tencent’s security capabilities to help Party A’s customers dig deep into attacker portrait information; second, it provides traditional mapping and corresponding threat discovery for IP operations, and It can detect enterprise Internet business assets and reduce the exposure of assets; third, through the provision of API and SDK service models, it can cooperate with more ecological partners to create a better threat intelligence ecosystem; fourth, through localization The threat intelligence platform is integrated with more security products to form a mature and complete solution.
At present, the explosive growth of AIGC is exacerbating the security risks of data leakage and content compliance. Facing the security status quo such as cloudification, remote office, and complex IT technology stack, the security operation system also needs to be reformed urgently.
Tencent Security has accumulated more than 20 years of security capabilities into the field of threat intelligence. Relying on the core products of "SOC + security operation system", it has continuously polished the weapon of "turning passive into active" in enterprise security defense, and realized threat intelligence operations and offensive and defensive confrontation. Based on the foundation, build a digital security immunity of "intelligence-offense-defense-service-ecology".