Image source @Visual China
Abnormal offense and defense and fragmentation of products/equipment are the two typical problems in current network security offense and defense.
Abnormal offense and defense lies in the first place in technical ambiguousness and talent ambiguousness. "Hacking attack technology has always been ahead of organizational defense technology, and defensive talents are very scarce, so it is difficult for the demand side to retain such talents." At the IDC 2022 CSO Global Cyber Security Summit (China Station), Mr. Zheng Lei of Shenxin Service Technology Co., Ltd. said in an exclusive interview with Ti Media App.
offensive and defense asymmetry is determined by the characteristics of network security offensive and defense. Cybersecurity offense and defense is a war where gunpowder is invisible, boundless and silent. Taking advantage of the convenience of cyberspace, the attacking party can quickly assemble a large number of "troop forces" and easily carry out organized attacks and retreats. For example, in recent news, we saw that the national hacking team launched frequent attacks on universities/enterprises in other countries, which took advantage of this "average attack" feature.
Regarding the current fragmentation of network security attack and defense, Zheng Lei said: "In the past, organizations mainly built network security driven by compliance. This has led to a large number of organizations paying more attention to whether they deployed network security equipment and products, while ignoring the actual operation effect of equipment and products. Over time, multiple brands, multiple generations, and multiple models have stacked, but lacking linkage, and they act independently and have poor operational results. This is the phenomenon of fragmentation. Especially at key nodes such as "offensive and defense drills" and "remaining protection", fragmentation not only leads to poor protection effects of many organizations, but also requires dozens of teams from multiple manufacturers to maintain and support at the same time." How can
solve the problem of network security in offensive and defense aberration and product/equipment fragmentation? Seeking change may be an inevitable choice for organizations to cope with the development trend of network security.
uses "SaaS, intensive " to deal with aberrations and defenses
SaaS and intensive
SaaS and intensive
SaaS are an effective means to deal with aberrations and defenses exploring in recent years.
"In the past, traditional security hardware faced sudden threats and could not be updated in time. It took a few days or weeks to meet new threats. However, SaaS-based response to new threats can be fully synchronized within a few hours. As long as you order SaaS-based services, companies can enjoy the latest security capabilities as quickly as possible." Zheng Lei said.
At the same time, SaaSization has also alleviated the cost of network security. "For customers, the SaaS-based delivery model is the first step toward lower procurement costs and higher scalability. For security manufacturers, they can also iterate their security product versions and capabilities more quickly to deal with the threat of rapid change and effectively solve the dilemma of 'offensive and defense asymmetry'," said Zheng Lei.
He also mentioned an intensive concept. He believes that in addition to SaaS, private cloud is also an option for enterprises. He believes that the true connotation of private cloud actually means intensiveness: "For the vast majority of non-data-sensitive organizations, public cloud is a limitless and cost-effective choice; for data-sensitive organizations, it can still support the intensive management of the industry and group, and a clear boundary private cloud and industry cloud deployment model is still indispensable." The intensive concept of
has been adopted in many information construction, such as the big data platform of the steel industry, the power industry cloud, the group cloud, and all enterprises that are unified in data management. Correspondingly, network security construction can also achieve this intensiveness, improving the security construction level of the entire industry, the entire field or the entire group, which is still much better than building independently of each single-point and scattered branch.
, especially today, with the rapid development of big data and , artificial intelligence , intensive construction can also bring about a scale effect, which greatly improves the industry's network security capabilities. Zheng Lei revealed, "After we have achieved the online and cloud-based network security capabilities, we found that we can obtain massive security information and customer demands from all over the world in real time. These data provide a basis for us to quickly explore unknown threats, zero-day vulnerability , threat intelligence, security situation, etc.This was hard to imagine in the past, because fragmented traditional hardware could not achieve effective data collection, so there was no data scale effect. "
So he believes that the future will definitely be a trend of common development of public and private clouds. The two models will coexist, but fundamentally the two are still a basic thinking of cloudization and intensiveness.
uses " to collaborate " to deal with fragmentation
collaboration is the best choice to deal with fragmentation.
solves the fragmentation of customer network security construction, and starts with the network security manufacturer itself. deeply convinced Adopt the "platform" + "component" model to solve the problem of collaboration between internal and external products.
"We use a small number of two or three platforms to aggregate the daily operation and maintenance/operation management of customers, and then link components through these platforms." Deepin believes that the evolution from the development of single products to the development of component-level products. This component-level product can collaborate well with the platform and become the eyes, ears, hands and feet of the platform. At the same time, the platform not only realizes the linkage of all functions through components, but also realizes the collaboration of multi-brand products through open APIs, completely solving the problem of fragmented network security construction.
However, such high-frequency collaboration also made Shenxin feel the lack of network security talents. However, Zheng Lei also said that the lack of network security talents can be neutralized by SaaS.
can "aggregate" a limited number of elite security talents and provide services to a large number of customers. Assuming that 50 elite security talents are used to arrange on-site services, they can only serve at most 50 customers. However, if these 50 security elite talents are brought together and the capabilities are opened through the platform and SaaS service, they can be convinced. Serving hundreds or thousands of customers. This is also a very important starting point for the current SaaSization of network security.
Transformation Challenge: Cash Bull concessions to emerging business
Whether it is the SaaSization of the business or the connection and collaboration between product lines, it is a great transformation challenge for Shenxinfu, an early network security company that started with security hardware. "We are still in a period of transformation, and we are the first to release the SASE platform and the first government MSS cloud hosting service platform... Many things are ahead, and the transformation has entered the deep water zone for the third year. "Zheng Lei said.
is still in the strategic transformation period of "platform + components + services". These six words seem simple, but in fact they face many challenges in execution. "This includes both assessment and resources tilting towards new online businesses, and the challenges of traditional hardware firewall moving towards online and virtualization. In this process, the traditional business "Cash Bull" must bow to emerging businesses in the growth stage. "Zheng Lei said. Fortunately, for Shenxinfu, after nearly three years of transformation, Shenxinfu's various network security "platforms" have matured from scratch, such as the scalable detection and response platform XDR, the zero-trust platform ZTA, the cloud security access service platform SASE, the secure hosting service platform SASE, etc.
However, compared with transformation and challenges, network security manufacturers are also in opportunities.
, The digital transformation of enterprises has accelerated to make remote office, business cloudization, etc. the norm, and the corresponding online demand for network security has also emerged intensively, matching the development trend of transformed security manufacturers' capabilities; on the other hand, with the continuous introduction of relevant national policies, laws and regulations, more companies have seen the importance of network security. In the past two years of experience in major actions such as "offensive and defense drills" and "re-guarantee", more and more enterprises have moved from "compliance" to "actual combat".
" In particular, practical offensive and defensive activities such as ‘offensive and defensive drills’ have made more companies realize that only by relying on services can these visible and tangible equipment truly bring out their value. Online services can not only deliver high-quality services anytime and anywhere, but also greatly alleviate the shortage of high-level service personnel and high costs compared to traditional local on-site methods. This also brings more opportunities to security manufacturers in transformation. "Zheng Lei said. (This article was first published in Titanium Media APP Author | Qin Conghui)
