In recent years, under the background of compliance-driven and the normalization of actual combat drills, the construction of a network security protection system is no longer a simple stacking of equipment, nor is it a coping approach of treating headaches and feet. Showing a trend towards actual combat-oriented offense and defense, focusing on building the ability of actual combat-oriented security operations.
How to build a practical security operation capability? According to Cao Jia, Vice President of NSFOCUS, effective security operation is to sort out the security capabilities of users according to various practical application scenarios of users, connect with the professional security capabilities of manufacturers, and then let them play through management and processes. role, making operations more measurable, more efficient, and able to combine peace and war.
At the “Tianfu Cup” International Cybersecurity Competition and Tianfu International Cybersecurity Summit Forum held some time ago, NSFOCUS fully interprets the way of cybersecurity operations under the new situation and the security industry through competitions, speeches, and forums. direction of development.
Digital Transformation Brings Three Opportunities to the Security Industry
In the digital economy era, opportunities and challenges coexist in the cybersecurity industry.
Cao Jia said at the main forum that under the background of digital transformation of enterprises, the opportunities and growth points of the network security industry mainly come from three aspects.
The first growth point comes from data security. Data is the core asset of an enterprise. Under the booming wave of big data technology, new application scenarios are constantly increasing, and the demand for data security supervision and compliance is increasing. In terms of data security, the technology system construction and solution research and development of the security industry are promising.
The second growth point comes from the process of digital transformation and industrial digital development, some industries that intersect with key information infrastructure, such as manufacturing, transportation, health care, etc., these industries have an increasing demand for information security, which contains huge market opportunity.
The third growth point is that the current development of industrial manufacturing is very different from traditional manufacturing, and information security is the foundation of its healthy development. Taking the field of intelligent interconnected vehicles as an example, the collection of information and data must be legal and compliant, and the construction of its own security structure and security system must cover the entire production and use cycle of the vehicle, and the information security industry has a lot to do.
Scenario-based practical security operations
Opportunities are at hand, and helping users build a security system that meets their own needs and the needs of the times is the top priority of the security industry. Since NSFOCUS released the “Smart Security 3.0” system in March this year, network security operations in the context of actual combat have become one of the main concepts of NSFOCUS.
Actual combat is the current mainstream direction of network security. Li Chen, Vice President of NSFOCUS, said at the practical security operation forum hosted by NSFOCUS that the Ministry of Public Security’s No. 1960 “Guiding Opinions on Implementing the Network Security and Other Security System and Customs Security System” emphasized the “three chemicals and six defenses”. ”, in which “three modernizations” refer to “practicalization, systematization, and normalization”. Based on this guiding ideology and NSFOCUS’s many years of first-line practice, NSFOCUS’s “Smart Security 3.0” concept is committed to helping customers build a “full-scenario, trustworthy, and practical” security system and capabilities, which are in line with the overall strategic direction. “Three chemical and six defense” requirements.
Under the guidance of the concept of “Smart Security 3.0”, NSFOCUS has carried out extensive and continuous practical security operation practices in terms of key capabilities such as technology research, security product development, security services and security operations.
Cao Jia introduced that based on actual combat knowledge and ecological intelligence analysis, NSFOCUS has built an actual combat operation system based on intelligence and threat hunting, which can provide customers with accurate threat intelligence; at the same time, it can automatically process actual combat intelligence and solve the problem of untimely intelligence response. Or problems with high thresholds for intelligence processing.
The actual combat operation system divides security threats into three scenarios: event-based direct threat hunting, intelligence-based indirect threat hunting, and traceability-based threat hunting. According to different scenarios, the paths in the threat hunting actual combat are classified into three for operation, and based on this, the actual combat operation indicator system is constructed.
The other side of actual combat is normalization. Cao Jia said that the purpose of actual combat is to improve the level of daily protection. With the help of security operation services, it is possible to transform the support work of surprise attack and defense drills into normalized, practical and systematic security operation capabilities.
How to implement the actual combat security operation? Liu Haiguang, a security operation expert from Sichuan Rural Credit Cooperative Union, introduced the practice of practical security operations in the financial industry. Liu Haiguang said that the financial information system has always been an important target of cyber attacks because of its own value, and the capacity building of the security operation system combining peace and war has become the core idea of the current security construction in the financial industry. As the largest financial institution in Sichuan, Sichuan Rural Credit Cooperative Union has established a situational awareness platform and completed the construction of a preliminary security operation system. It has exerted its operational capabilities through practical security operations and achieved good results.
In addition, for popular ransomware attacks, as well as advanced APT attacks, zero-day attacks, and supply chain attacks, Fan Dunqiu, deputy general manager of NSFOCUS Technology Competence Center, introduced that actual combat should be conducted based on TI, which is threat intelligence. With the support of real-time threat intelligence, the connection between manufacturers and users, cloud-ground coordination and other links will be more efficient and intensive in security operations. All aspects have good effects.
Cao Jia emphasized that emphasizing the actual combat of security operations can help users improve security levels, ensure business security, and smoothly respond to drills, re-insurance and security inspections at all levels, but this does not mean that ordinary security operations are not important. With the help of safety operation services, the surprise exercise support work can be transformed into normalized, practical and systematic safety operation capabilities, and turned into routine safety work. With reasonable investment, relative safety can be achieved. Not only can practical problems be discovered, but also can solve the problem.
As a “learning bully” manufacturer in the security industry, NSFOCUS has accumulated a lot of advanced technology and practical experience in its long-term development. Practical operation is an important direction of NSFOCUS’s “Smart Security 3.0” concept, that is, to adapt to the changes in security needs under the new situation, and to give full play to its own technical advantages to provide users with truly effective security capabilities.