Recently, the 3rd Digital Security Conference was successfully held in Beijing, and the authoritative digital industry third-party research and consulting organization "Digital Consulting" officially launched the new "2023 Digital Security Capability Map (Industry Edition)" at the conference. The capability map is based on the "Panorama" brand update iteratively launched by the founding members of Digital World Consulting in September 2016, from the evolution of technical products to security capabilities, from the full version to the selected version, and then to the current industry version. Beijing Boundary Infinite Technology Co., Ltd. (Boundaryx, Boundaryx) has been selected into the two major industry segments of finance and energy by virtue of its technology, market advantages and innovative application security solution Jingyunjia ADR.
In order to reflect the mainstream security vendors among important industry users, Data World Consulting launched the "2023 China Digital Security Capability Map (Industry Edition)" for the first time based on the dimension of the industry, which includes the mainstream of the ten most important industry fields in the digital security industry Digital Security Vendor. The intention of launching the capability map industry version is obvious, that is, to try to solve the disadvantages of communication inconvenience, statistical inconvenience, and procurement inconvenience caused by various complicated classification confusions, highlight excellent security capability providers, and reduce trial and error costs for both suppliers and buyers. Provide research reference and reference for the industry colleagues in the field of digital security. Boundary Infinity was successfully selected into the two major fields of finance and energy, which marks that its industry-leading application detection and response solution Jingyunjia ADR has accelerated the process of landing in the industry.
Finance: Memory Horse and Open Source Vulnerabilities Highlight Risks
"Memory horse is one of the most common attack methods at present, and many colleagues in the financial industry are deeply troubled by it. ADR's defense against memory horse attacks can be said to be an urgent solution, especially during red-blue confrontation offensive and defensive drills and real network attack and defense. In addition, Open source component governance and vulnerability management are an essential part of the security operation process. ADR provides vulnerability verification and recurrence capabilities, solves the gap between development testing and security operations during the implementation process, and provides application system security protection. Alleviating the contradiction between business development and vulnerability backlog is very suitable for our current business and operation development.”
Vulnerabilities in various systems of financial institutions are widespread, and cyber attacks are pervasive. They must quickly improve their own security concepts and protection methods to deal with various financial security threats and challenges. With the widespread popularization of open source technology and business cloudification, vulnerability risks, especially those of open source components, are increasingly affecting systems and applications in critical information infrastructure. cause serious consequences. In particular, it should be pointed out that memory horse, as a fileless attack method, has been increasingly used by hackers recently, which has brought severe challenges to the security protection of the financial industry.
Based on grid-based traffic collection, Jingyunjia ADR efficiently and accurately defends against various security threats such as 0-day vulnerability exploitation and memory horse injection by linking application endpoint data and application access data; Security technology can effectively realize the control of data security risk situation. While providing comprehensive application security guarantees for enterprises, ADR effectively improves the incident handling efficiency of security operations through virtual patches, vulnerability threat intelligence, access control and other operational means. Through a comprehensive scan of the application component library, combined with the massive vulnerability information in the vulnerability statistics, it helps the security team discover hidden security risks in the application, and through the virtual patch technology of Jingyunjia ADR, the application is defended and protected at the periphery of the system to ensure security Users' core business applications only run as expected, and will not be attacked due to vulnerability triggers. Boundaries has also established and improved threat intelligence and information sharing mechanisms to help users improve their ability to proactively discover attacks and protect application security.
For memory horse attacks, which are relatively common for financial customers, Jingyunjia ADR is an effective solution in the industry and has been verified by many customers. Memory horse is a technical method of fileless attack. The attacker registers an API with backdoor function in the web system through application vulnerabilities combined with language features, and such API will not write files and code data on the disk after implantation. It is only stored in memory, which brings great difficulty to traditional security device detection. This has caused headaches for the majority of government and enterprise users in network attack and defense drills and actual network attacks. The attacker can use the fileless feature to hide the backdoor very well, and use the Web API containing the backdoor code to control the business system for a long time and serve as a network springboard to enter the enterprise. Boundary Unlimited Jing Yunjia ADR adopts the dual defense mechanism of "combination of active and passive" to effectively defend against the injection behavior of memory horses based on RASP capabilities externally. Internally, by establishing a memory horse detection model and continuously analyzing malicious codes in memory, it helps The user solves the "time bomb" buried in the memory. For memory bugs hidden in the memory, Jingyunjia ADR provides a one-click clear function, which can directly clear the memory bugs, and realize the rapid processing of the memory bug threats. Jingyunjia ADR can also effectively block the injection of memory horses through active interception + passive scanning; provide source code and feature detection information for the memory horses that have been injected, and clear them with one click without restarting the application. These are at the leading level in the industry.
In addition, Jingyunjia ADR is based on RASP technology, which can realize 0-day vulnerability defense without rules, and can realize 0-day vulnerability interception without any rules, and can naturally immunize more than 90% of 0-day vulnerabilities in the industry. Repair the security issues of open source components, and improve the closed-loop mechanism of open source technology problem discovery, feedback, and resolution through solutions such as asset inventory, vulnerability discovery, and POC verification; protect supply chain system vulnerability attacks, and achieve "zero interference" in business.
Energy: "Zero shutdown" and "last mile" are valued
"State Grid has been committed to complementing the shortcomings of business security protection under the full-scenario security protection system, enhancing protection against memory horses, business attacks, application access control, middleware environment security governance, old business and outsourced business security, etc. , providing the last mile protection capability for all-scenario security. The application detection and response to ADR has certain reference significance.”
As a key infrastructure related to the national economy and the people's livelihood, the energy industry is currently facing severe threats of security attacks. The energy industry has high requirements for the construction of the entire security system and business stability, as well as high requirements for the handling and response speed of security incidents. In recent years, the energy industry is actively moving towards digital transformation. High technologies represented by big data, artificial intelligence, and cloud computing are gradually introduced and implemented in production management. Network security risk factors continue to increase, and normalized offensive and defensive construction is paying more and more attention to results. , and how to efficiently establish a new security line of defense has become a puzzle for the industry.
According to the characteristics of the energy industry, Jingyunjia ADR effectively defends against unknown vulnerability threats such as 0day attacks, and avoids unequal information in offensive and defensive confrontations; quickly researches and judges memory horses, and "zero shutdown" for emergency response services; quickly clears loaded memory horses to protect business" Zero impact" to improve the efficiency of enterprise security operations. In the cloud era, traditional border protection schemes are easily bypassed, and applications will become the "last line of defense" for user protection. It is necessary to build an in-depth protection system and an overall protection system, so as to achieve real dynamic and comprehensive protection and realize key business "Zero shutdown", "less shutdown".
As a runtime protection, ADR has a significantly different positioning from traditional application protection and host protection products. In the security defense system, it can be combined with the traditional border protection system to form a more systematic defense-in-depth capability. For users who already have WAF products, using ADR not only does not overlap with WAF, but also can strengthen the last line of security defense for web application access.
Application Security: From Perimeter Defense to Internal and External Considerations
In the new stage of digital intelligence, the development drive has become a general consensus on security construction, and enterprises need to change from passive security to active defense. Boundary Unlimited launched Jingyunjia ADR based on RASP technology, which is committed to the updated form of application security protection, taking into account compliance and attack and defense, as well as runtime protection and supply chain security management. It can form an in-depth defense system with WAF to achieve dynamic defense , Internal and external considerations, and upgrade application security from the previous 1.0 era that focused on border protection to the 2.0 era that integrates internal and external, continuous detection and response.
As an innovative cloud security vendor driven by both attack and defense and technology, Boundary Infinity has insisted on independent innovation of core technologies and focused on the current development trend of network security since its establishment in 2019. The pioneer is committed to helping government and enterprise customers build a safer and more flexible network and a more dynamic and valuable defense-in-depth system by restoring the real attack and defense. Up to now, Unlimited Boundary has reached business cooperation with dozens of customers in government, finance, energy, cloud service providers, e-commerce, Internet and other fields to build stable and efficient security protection for them. In the future, Boundaries will continue to adhere to the parallelism of technological innovation and security compliance construction, improve application security protection immunity, create a cloud-native-based dynamic defense-in-depth system, and help Guanji customers reconstruct the new paradigm of application security protection in the digital security era.