Preface

At this year's black hat conference, participants focused on product interoperability, third-party vulnerabilities, data loss to prevent threats to critical infrastructure and other network security development trends. The following are the specific contents.

1. Demand for a new generation of soar

When Kevin mandia, chief executive of fireeye, talked about the first generation of security operation, analysis and reporting (soar) products, he thought that when they were used to detect and summarize a large amount of security information, there was no problem at all, and he should be ready to go to the next stage to find out how to meet customers' needs for higher interoperability.

Large multinational organizations and companies use relatively more products and complex environments, so they have a strong demand for high interoperability between products, hoping to shorten the process from problem occurrence to completion of repair as much as possible. The next generation of soar products need to be specially optimized for interoperability, so that they can have a certain degree of automatic operation ability in the face of various complex situations.

Mandia said that the future security operation center should provide more one key functions through the network security center, turn many things that still need people to participate into automatic operation, enhance the interoperability between products from different suppliers, and accelerate the process of solving network security problems.

2. The application of artificial intelligence in the field of behavior analysis

According to Chester Wisniewski, chief research scientist at Sophos, AI can be used to process input data, reduce false positives, and make data easier to manage, thus helping the user and entity behavior analysis (ueba) market.

Due to the huge amount of data used in the ueba market, it is difficult for practitioners to write algorithms that can take all content. Therefore, organizations and enterprises will receive a large number of false positives, which means that even if an exception is detected, the security operation and maintenance personnel are unlikely to take action. They will only mark the problem and submit it to the security operation center (SOC) for research.

Thanks to the progress of artificial intelligence technology, false positives can be automatically processed and reduced by means of tools. It can be predicted that organizations and enterprises will eventually fully open automatic tools to handle all alarms. At the same time, it can also make time for security experts to study the most important security issues.

3. Data security has become the core issue

Ken Levine, chief executive of digital guardian, believes that the investment of enterprises in network security is far from enough, and they have been unable to prevent potential threats and new attack media. It is difficult to find and locate the intruder in the enterprise network. Only when the intruder can get data from the company network, can it attract the attention of the enterprise.

In order to prevent the data in the enterprise network from being stolen, the enterprise must make it clear that the confidentiality level of information is based on the user's access rights to these information. This approach enables enterprises to build security barriers around the data itself, rather than being limited to detecting malicious activities in the corporate network.

4. Infrastructure has become the target of malicious activities

According to bill Conner, chief executive of SonicWALL, there are more and more attacks on infrastructure through botnets or routers, targeting energy and utility systems, even Internet infrastructure.

In the United States, about 95% of the infrastructure is privatized, which results in solution providers working with utility providers and government regulators to repair. From the actual cases, we can see that some infrastructure technology providers or suppliers, such as laboratories or academic institutions, will also become the targets of malicious activities. Hackers try to find the weakest link from the most basic place.

As more and more new chips are put into use, and malware for PDF or Microsoft office continues to flood, infrastructure is facing more and more security problems. Bill said the new attack tools are better at camouflage, making it harder for infrastructure providers to detect and prevent cyber security problems.

5. Third party loopholes should be taken seriously

According to Tom Turner, President and CEO of bitsight, risks from third parties or organizations with business contacts have become a hot topic that company decision makers must focus on and discuss. Last year's wanna cry ransomware attack was a milestone for the third-party risk to enter our vision. For example, if the port is attacked by malicious activities and the ships of the upstream shipping companies cannot leave the port, the losses will be huge.

The outbreak of wannacry made the executives realize that controlling the risk of the third party is very important for the normal operation of the company's business and the stability of the stock price.

6. Data security risks brought by scattered staff

John Delk, general manager of security and information management and government products at micro focus, said that with the change of employment forms, many enterprises have more and more scattered staff, so that employees will bring sensitive data out of the company in various ways.

If employees use a variety of access points to log in to the company intranet to access the required data, it will bring a very complex security infrastructure design challenge. John suggests starting with a simple approach, such as multi-step authentication, and then gradually improving network security for distributed data and distributed labor environments, such as data loss protection.

7. Turn passive into active

Lior div, co-founder and CEO of cybereason, said that enterprises are moving from using passive network security (including new generation anti-virus software) maintenance means to actively finding and avoiding threats. Building a safe wall around the enterprise can only provide protection in a short time. Don't forget the story of the Trojan horse. In the past six years, the investment of enterprises in the field of network security has been increasing every year, but the incidence of new attacks and the situation of enterprises suffering from hackers' invasion have not substantially improved.

At this time, enterprises must change their thinking and take more active actions, such as introducing a third party to conduct security testing to simulate the penetration of hackers, and taking the initiative to resolve network security risks.

8. The rise of data protection business

Marcus brown, vice president of digital Guardian global channels, told the media that data protection business has become one of the fastest growing areas in the network security market, because the development of cloud computing technology provides enterprises with more ways to integrate data and resources.

In addition to the occasional DDoS attacks, almost all the vulnerabilities and hacking events around the world are data theft. The serious consequences caused by data leakage have sounded the alarm to various industries. More and more enterprises have raised data protection to a high priority, with the chief executive officer, CFO and board members taking full responsibility.

The judiciary is also strengthening the regulation of data protection, such as the gdpr regulation of the European Union and the data privacy act of California. In view of the harm of data leakage to the reputation, stock price, intellectual property protection and competitive advantage of the company, the enterprise should increase the investment in data protection.

9. Continuous diversification of media for spreading malware

Julian Martin, vice president of the mimecast channel project, said that in the new era, the media for spreading malware are becoming more and more diversified, such as email, Internet, instant messaging and social media, which means that solution providers must provide customers with comprehensive products to meet the security challenges from multiple channels.

Hackers always attack a little, but not the whole enterprise or organization's network security system. They will analyze users through e-mail and social media, and find the weak link of the intrusion enterprise through a certain entry point. Therefore, solution providers should jump out of the traditional thinking mode and provide a comprehensive set of security solutions around the daily life and work of enterprise employees.

10. The more devices touch the net, the higher the risk

Faraz Siraj, RSA Security's vice president for the Americas, said that in recent years, the rapid development of the Internet of things has provided enterprises and consumers with various solutions to connect cars and home appliances to the Internet.

These new network access methods bring more modern and novel experience to users, but the ensuing network security threat can not be underestimated. Imagine how terrible it is to let hackers illegally access the network where the device is located, control the car at will, etc. When developing new technology, designers always pay attention to how to use it quickly and easily at first, and they often neglect safety. Faraz said designers should look for ways to develop systems that do not slow down the development of the entire system, but also take into account network security.

Black hat conference introduction

Blackhat is recognized as the highest event in the information security industry and the stage for hackers to show off their skills. On average, more than 7000 hackers and experts from global security companies and security agencies, as well as officials from the U.S. Department of defense, the Federal Bureau of investigation, the national security agency and other government agencies attend the event every year.

Source: network security vision

About Ping An Financial Security Research Institute

The first comprehensive financial security research and innovation institution in the industry established by Ping An science and technology, under the guidance of "focusing on finance, focusing on innovation, leading the industry and building brand", focuses on integrating the industry's excellent resources of "politics, industry, learning, research, finance, introduction and use", and cooperates with national, industry, universities, research institutes and other strong ones to "focus on innovation and landing first hand" In the financial information infrastructure security, financial technology 3.0 security, and financial business security risk control three parties continue to innovate and practice, and committed to building a security ecosystem in the era of "Financial Security 3.0", providing strong financial security technology support for Ping An Group, industry, and country, and providing information security construction and business security wind for financial institutions in the era of Internet and artificial intelligence Control, financial science and technology security and national financial security make scientific and technological contributions, form unique academic research advantages, products and services for sustainable development, promote and lead China's scientific and technological progress in financial security, and build a financial security brand.

At present, the research institute is divided into six research fields: network security, data and content security, system security, financial business security, financial security standards and policies, medical information and application security. The backbone elites in various research fields are from well-known universities, scientists' teams, bat, well-known consulting companies, financial institutions, top domestic security companies, etc.