Since Threat intelligence was proposed in 2013, it has been widely used in the field of network security. Many security products such as firewalls, intrusion detection, situational awareness, endpoint protection, SIEM, vulnerability management, DDoS protection, etc., can be seen The figure of threat intelligence has been greatly improved. According to IDC research data, threat intelligence can drive improvements in security and operational efficiency, enabling organizations to discover threats 10 times faster, respond to and resolve threats 63 percent faster, and proactively identify 22 percent of security threats before they are attacked threaten.
There are many ways to implement threat intelligence. Tianji Youmeng has chosen a high-quality “supplier” to do a good job in threat intelligence, and put forward the “TI Inside” ecological strategy interpretation. TI is the abbreviation of Threat Intelligence. Inside is similar to the computer industry. Intel focuses on making good CPUs and empowering various PC manufacturers. Tiantian Youmeng also uses TI Inside to empower the entire security industry, through TI Inside collaboration, and through ecological aggregation of power , to realize the integration and linkage of threat intelligence capabilities and security vendors.
On June 18, the TI Inside Threat Intelligence Application Ecological Collaboration Summit with the theme of “New IN Powers Vientiane” was held in Beijing. Under the agglomeration effect of the “TI Inside” ecosystem, the summit attracted a large number of representatives of cybersecurity companies, threat intelligence ecosystem cooperation agencies, and analysis agencies to share the best application practices of threat intelligence, discuss the “TI Inside” ecosystem co-construction strategy, and promote Ecological coordination of threat intelligence in the security industry.
“TI Inside” ecological partners appeared and said
The most direct audience for threat intelligence is network security vendors. According to reports, relying on the TI Inside model, Tianji Youmeng currently has 200+ intelligence sources and 60+ cooperative security vendors, which has become a solid foundation for threat intelligence applications in the security industry. Qi Anxin, H3C, IBM, Liufang Cloud and other companies shared the effectiveness and advantages of the TI Inside model and the practice of threat intelligence at the meeting.
Liang Liwen, director of the H3C Security Attack and Defense Laboratory, agreed with the TI Inside model. She believes that the collaborative and shared nature of threat intelligence determines that TI Inside ecological construction requires the joint efforts of enterprise customers, security vendors and intelligence vendors. Active security and defense-in-depth systems based on threat intelligence coexist. Defense-in-depth is the starting point of active security, and the two complement each other. The TI Inside mode can realize a closed loop of threat intelligence production and consumption, allowing threat intelligence to flow effectively, thereby raising the overall defense level of the enterprise, shortening the detection and response cycle, and improving risk prediction capabilities and analysis levels.
Wang Liejun, head of the Qi Anxin Threat Intelligence Center, believes that it is necessary to combine external and internal intelligence. The first is to use open source and commercial threat intelligence data, and the second is to collect threat intelligence from your own security equipment, emergency response and security analysis processes. At present, the proportion of users who both “consume” and “produce” threat intelligence accounts for even nearly half. “Endogenous intelligence” is an essential supplement to the SaaS empowerment of threat intelligence. It is suitable for closed organization protection scenarios that cannot be externally connected. At the same time, endogenous intelligence data and corresponding judgment capabilities are also required to deal with APT advanced threats.
Gao Shuang, information security pre-sales manager of IBM Greater China, emphasized that the industry should build high-end threat intelligence services. IBM X-Force, as one of the leading threat intelligence research institutions, will join hands with Tianjiyoumeng to build an open and shared ecosystem, build a threat intelligence alliance, and jointly build high-end threat intelligence services. , Show richer threat intelligence usage scenarios, and improve users’ height and awareness of threat intelligence usage.
Liu Jianxing, general manager of Liufang Cloud Product Department, introduced the construction of TI Inside mode in the industrial Internet security system. Using AI threat detection + TI Inside mode, through threat detection, cross-validation and traceability query, the threat intelligence capabilities are integrated into industrial Internet security products, comprehensively perceive the security situation of the entire life cycle of industrial production, and build a highly intelligent Industrial Internet safety protection system.
The original intention and future of jointly building a new security ecosystem “TI Inside”
Why focus on being a “vendor” of threat intelligence? The fundamental purpose is to help security vendors reduce costs and increase efficiency, and focus on doing what they are good at.
Yang Dalu, CEO of Tianji Youmeng, said that cyber threats are becoming more and more specialized, and security vendors have limitations in obtaining threat intelligence by themselves. At the same time, the investment in building their own threat intelligence system is huge. This is where the value of third-party intelligence providers lies. As a professional and neutral threat intelligence provider, Tiantian Youmeng can realize the convergence of the whole industry chain and multi-source threat intelligence, and play a fundamental role in the TI Inside ecosystem. Together, we maximize the value of threat intelligence.
Tianyoumeng CEO Yang Dalu
Yang Dalu introduced that the threat intelligence capabilities of Tianji Youmeng have realized the connection with leading enterprises such as Qi Anxin, H3C, IBM, etc., and also realized the integration and linkage with 60+ security vendors. At the same time, Tianji Youmeng has reached intelligence data cooperation with many well-known security agencies around the world, realizing real-time aggregation of 200+ intelligence sources, updating 20 million+ hot intelligence daily, and providing feed intelligence subscriptions to support batch delivery of data in plain text, which is convenient and secure. Product integration or reprocessing.
In addition, according to the positioning, performance and application scenarios of different types of security products, TI Inside has designed three typical intelligence fusion strategies, including disposal collections, analysis collections, and EDR collections. Threat intelligence data, to meet the efficient integration of different types of security products and threat intelligence.
According to different intelligence sources and threat types, Sky Alliance’s threat intelligence market establishes an intelligence card system. When subscribing to threat intelligence data, you only need to add one or more cards of interest to the data download collection, and you can download them freely. use. At present, Tiantian Youmeng maintains a number of high-quality intelligence sources including its own intelligence, IBM, Huorong, Wangsu, etc., and more than 40 kinds of intelligence cards including malware, C&C nodes, digital currency, APT intelligence, malicious websites, virus Trojans, etc. .
Under the concept of ecological sharing, as an assisting drafting unit of the national threat intelligence standard (GB/T 36643-2018), Tiantian Youmeng not only produces threat intelligence that meets the national standard, but also provides offline plaintext threat intelligence, and supports online query functions to help Network security vendors use TI Inside services efficiently, conveniently and at low cost. In addition, Tiantian Youmeng has also designed a complete and efficient data credibility evaluation mechanism to achieve credibility evaluation and dynamic tracking of intelligence, and then perform data aging processing and data cleaning accordingly to ensure the reliability and reliability of relevant data. effectiveness.
Regarding the development of TI Inside in the future, Zhao Jiawei, head of TI Inside strategy of Tianji Youmeng, said that Tianji Youmeng TI Inside will adhere to the concept of openness, ecology and symbiosis, and is committed to working with security manufacturers to create a safer cyberspace for end users. The TI Inside mode not only needs to realize the integration and linkage with security vendors to form a new fusion effect; it also needs to empower ecological partners through threat intelligence to deal with various scenarios of customers’ actual business and ensure that customers can operate in the digital and intelligent era. Steady and far.