BCS2021 Technology Summit: Under the battle of offense and defense, network security technology is changing

On August 28, the 2021 Beijing Cyber ​​Security Conference (hereinafter referred to as "BCS2021") technical summit was successfully held.

Top cyber security technology experts from all over the world share the latest research results and practices of the industry's cutting-edge product technology, analyze the complexity and application of cyber security technology from a technical point of view, and discuss the future direction of security technology research and development. Technological innovation and development.

As the final summit of the three BCS2021 summits (strategic summit, industry summit, and technology summit), the technology summit has attracted the eager attention of global network security technology enthusiasts. At this year's summit, Forrester Vice President and Group Research Director Laura Koetzle (Laura Koetzler), Beijing Cyber ​​Invitrogen Technology Co., Ltd. chairman Tan Xiaosheng, Kryptos Logic Senior Threat Intelligence Analyst and Malware Researcher, WannaCry cracker Marcus Hutchins (Marcus Hutchins), Deputy Dean Yang Min, School of Computer Science and Technology, Fudan University, and David S. Ebert, Assistant Vice President and Chair Professor, University of Oklahoma Albert), Yuan Xiaoru, executive deputy director of the National Engineering Laboratory of Big Data Analysis and Application Technology of Peking University, Wei Tao, vice president of Ant Group, and Duan Haixin, director of Tsinghua University-Qianxin Group Joint Research Center, etc. delivered keynote speeches. Chen Wei, Editor-in-Chief of Security Niu and Vice Chairman of the International Information System Audit Association (ISACA) China Expert Committee, attended the technology summit as the host.

Extortion viruses, supply chain attacks, and threats are unpredictable

2021 has been an uneasy year at the beginning, and the global cyber security field is also full of changes and challenges.

Since the SolarWinds supply chain attack at the end of 2020, two keywords have been flooding people's attention, one is supply chain attack and the other is blackmail attack. It is noteworthy that,Qi Anxin Threat Intelligence Center has monitored many supply chain attacks caused by intrusions of security companies.

Even, the two began to combine. On July 2 this year, enterprise management software supplier Kaseya was exposed to a vulnerability in its product KASEYA VSA software, which has been exploited by the REvil hacker ransomware organization and caused a large number of its customers to shut down services.

"They don't care about which company they hacked into, they only care about getting the most revenue at the least cost." In her speech, Laura Kotzler explained the reason for the popularity of supply chain attacks. The target is often in the upstream of the supply chain, so it usually has the characteristics of "attack one point and hurt a piece", especially attacking those widely used software and hardware products.

In order to deal with this type of attack, organizations should try to use a zero-trust architecture to minimize the security risk of each visit. At the same time, they should establish a software asset list to facilitate a clear grasp of the risks faced by the software supply chain, even if In the event of an attack, the correct response can be made in the shortest time.

The "2021 China Software Supply Chain Security Analysis Report" released by Qi'anxin shows that among the 2,557 domestic enterprise software projects analyzed by Qi'anxin Code Security Laboratory, each software project has 66 known open source software vulnerabilities on average, the most There are 1200 known open source software vulnerabilities in software projects of.

Among them, projects with known open source software vulnerabilities accounted for 89.2%; projects with known high-risk open source software vulnerabilities accounted for 80.6%; projects with known high-risk open source software vulnerabilities accounted for 70.5 %.

"A number of open source components are affected by high-risk vulnerabilities, loose open source community management is difficult to effectively promote vulnerability repairs, and open source code vulnerability patch deployment is chaotic, which are the three main reasons for the huge threat of vulnerabilities facing open source code." Yang Min explained. "Faced with these shortcomings, we hope to solve this problem by mining open source component vulnerabilities, enhancing open source vulnerability information, and assessing the status of vulnerability patches, although in this process we encountered low vulnerability mining efficiency and incomplete vulnerability database information. , Patch deployment and management confusion."

Of course,It is not only ordinary open source software or other commercial software that are plagued by vulnerabilities. The vulnerabilities of Internet core protocols are also not to be underestimated. Because of their wider use, their harm is even greater. OpenSSL was exposed in 2014. The blood leak in the heart seemed to be yesterday.

"Small problems with basic Internet protocols are often big problems with the Internet." Duan Haixin, director of the Tsinghua University-Qianxin Group Joint Research Center, emphasized that, as a security expert in the field of Internet basic protocols, Duan Haixin once again shared him at the Technology Summit The latest research results in this field.

Duan Haixin said, "After long-term research and offensive and defensive practices, we have discovered some significant features of the Internet's basic protocol vulnerabilities. The vulnerabilities of basic protocols have a wide range of impacts, but it is very difficult to use automated methods to mine or find vulnerabilities. Moreover, the vast majority of these Internet protocol vulnerabilities are logical vulnerabilities, and even many vulnerabilities appear when multiple systems are combined, and require multiple systems to be combined to discover.”

At the same time, as a threat in recent years Another "star" on the side, ransomware has also maintained a high degree of activity, and is even the most important threat that triggers the enterprise's emergency response process. "Ransomware usually no longer invades consumer systems, but attempts to infect the entire corporate network." Marcus Hutchins introduced the changing trend of ransomware attacks in recent years.

Marcus Hutchins emphasized that the prevention of ransomware is not just a technical problem. It cannot be solved by improving security and increasing the security budget alone. It requires multi-party cooperation in the fields of finance, law, and network security.

AI visualization and parallel cutting planes, technological changes on the protective side

The magic is one foot high, and the road is one foot high. Qi Anxin Group Chairman Qi Xiangdong stated at the 26th Strategic Summit that only by working hard to operate the safety system can the safe operation of business activities be ensured. Operational security is the dynamic control of network security. Only when security capabilities are activated and continuously upgraded,In order to solve complex problems.

Regarding the development trend of network security technology, Tan Xiaosheng conducted a very in-depth and detailed analysis on all technical fields of network security such as endpoint security, network security, and application security. From firewalls to next-generation firewalls, from IPDS to NTA and NDR, from SD-WAN to SASE, as well as security management and security services, it has promoted the development of the entire network security protection level.

Among all the technologies used in network security, the application of machine learning, visualization, and parallel aspects has gradually entered the public's field of vision.

David Ilbert said that although deep learning has been successful in many fields, it is not a panacea, and it has not yet been able to maximize its value. Therefore, many people think that deep learning is far better than There is a lot to do now.

David Ilbert believes that people need to create a visual analysis, visualization and human-machine collaborative decision-making environment to help the public make full use of all existing data sources and integrate knowledge in vertical fields into a visual analysis system In, improve the analysis process, and make more efficient decisions based on data and advanced analysis.

"Security Parallel Aspect System (Security Aspect) is a security infrastructure that decouples security management and control from business logic through various levels of tangent points embedded in the end-pipe cloud , and provides security services through standardized interfaces Internal vision and intervention capabilities." Wei Tao gave the concept of safety aspects.

It is foreseeable that in the DT era of data explosion, the introduction of a safe parallel aspect system can effectively promote new breakthroughs in data perception coverage and high-precision analysis of data link bloodlines to solve the problems faced by data governance Accuracy, coverage, freshness, and other serious challenges in deep waters, and play an important role in key data governance tasks such as App privacy control, data classification and classification, data subject verification, and data output anti-leakage.

BCS2021 by Qi'anxin Group in conjunction with China Electronics Information Industry Group Co., Ltd., Internet Society of China, China Cyberspace Security Association, China Cryptographic Society, National Federation of Industry and Commerce Big Data Operation and Maintenance (Network Security) Committee, China Sponsored by the Institute of Communications and the China Association for the Promotion of Friendship,Focus on opening up the boundaries of strategy, industry, and technology, connecting needs and supply sides, and creating a platform for exchanges and cooperation involving government, industry, enterprise, intelligence, learning, and use. After several successful holdings, the BCS Conference has become an international exchange platform based in Beijing and radiating the world. It represents China's high level of cyber security and cutting-edge voices. The latest ideas have become the vane of industrial development every year.

.