“Cloud Security White Paper 2021” was written by the Howler Security Industry Research Institute through multi-party research and expert interviews over a period of more than a month. This cloud security white paper introduces the perspective of Party A for the first time. The Howler Industry Research Institute explained at the meeting that the cloud security market is about to break the 10 billion mark in 2021, and the profit model will also start from simply selling products and “people”. Tilting to more capital side, channel side and economical profit model side, the high-speed development trend of cloud security in the future is unstoppable.
In the cloud security industry salon event, some enterprise representatives shared wonderful stories at the event. The Hoohoo Security Industry Research Institute organized the essential content of the conference and released it exclusively in Hoohoo in the form of serialization, and presented it to everyone step by step. Welcome to pay attention!
Zhou Yongcheng Commercial Director of Security Operation Center of Baidu Security Department
Speaking up front
From personal experience, here are a few points:
√ If you want to do a good job in security, you must not look at the problem from the perspective of security, but from the perspective of business. Only from the perspective of business can you achieve greater security.
√ To find the “Tao” that has remained unchanged for ten, twenty or thousands of years. “People share the same heart, and the heart shares the same principle.” After finding the core of these problems and establishing the core, and then doing things, it will become more and more stable.
√The thinking of security operation has shifted from the passive defense in the past to a strategic perspective and active planning direction.
The digital economy and new infrastructure have created new security issues
In recent years, with the development of a series of projects such as digital economy and new infrastructure, it has set off another new upsurge of digital and intelligent connection in China. The last climax started in 2004, with informatization as the main symbol, and now it is mainly reflected in multi-network linkage, terminal perception, and data interaction. It is worth mentioning that terminal-aware devices are gradually being used and have become tools for security attacks. Among them, data is a new type of production factor, and problems such as data theft and data leakage emerge in an endless stream, and intelligent applications are also constantly evolving and developing. Smarter applications need to be more secure.
In the current context, there should be a new idea for the construction of security capabilities: AI + security
Security problems derived from intelligence are solved through AI + big data. In the context of the new digital economy, the Internet of Things and intelligence, new security issues have arisen. Are there any new solutions to deal with them? I got some inspiration from Lao Tzu’s “Everything bears yin and embraces yang, and rushes into qi for harmony”: everything is like Tai Chi, there is yin and yang, and when it brings you problems, it will bring you solutions at the same time. In terms of artificial intelligence, Baidu has a deep accumulation. Since 2011, Baidu has invested heavily in the research and development of artificial intelligence technology, and has won many awards, ranking second in the world for intelligent patents. Precisely because of these capabilities, it can be integrated into the security field. Baidu’s solution is to use artificial intelligence to solve the security problem of artificial intelligence.
The AI capability of graph analysis and mining enables the security brain to think more deeply. Baidu has accumulated data including traditional Web page searches, small speakers, and smart cars, and combined it with artificial intelligence to form Baidu’s own identification, defense, detection, response, and prediction mechanisms. Use the collected data to create a security map, which can then form a network of criminal gangs, and cooperate with relevant departments to carry out a crackdown on illegal production.
Continuous AI learning improves the detection capability of advanced threats (0Day). Large enterprises have many businesses with different business logic and business performance. Protection products based on positive rules cannot effectively detect advanced threats (0 Day). The AI white model can master the business logic rules within a certain period of time through self-learning and training of the interface behavior, and then block the attack on the business from the logic layer.
Positioning and Advantageous Capabilities of Baidu Security Brain
The Baidu Security Brain Model includes an operation center, a decision engine and a data base. The data base aggregates user data + Baidu security big data resources. On this basis, the AI decision support platform is used to conduct decision analysis, and after the analysis, it provides situational awareness, intelligent traceability, and comprehensive decision-making for the operation side. Baidu intercepted a total of 77.79 billion malicious web pages throughout the year, with an average of 25.124 million new malicious web pages detected on the entire network every day. Big data is used as the base for a secure brain, and a good model is trained under a few terabytes of traffic.
Baidu Security has advantages in data and artificial intelligence: 1) Strong data ecological accumulation. It has a secure big data resource database accumulated by Baidu for 21 years, and based on a variety of professional analysis tools independently developed, it can conduct multi-dimensional analysis of graphs. 2) AI+ security cutting-edge technology strength. Using Baidu’s powerful AI capabilities to cover the entire business security life cycle, in security operation scenarios, it can replace 80% of the tedious and automated security operation and maintenance work, and provide decision-making basis for advanced analysis. 3) Rich industry experience. With nearly 21 years of best practices and experience in serving Baidu’s full line of business, it supports the security operation protection needs of various complex business scenarios in an all-round way.
A case of safe brain in a smart area
Based on the security problems faced by smart cities in the new era and new situation, we will build a smart city safety brain of the city’s trinity to escort the safe development of smart cities. Taking a smart area served by Baidu as an example, by arranging the traffic, communities, vehicles and corresponding emergency responses in the area into a network, with Baidu’s security brain solution, all-round, multi-dimensional real-time monitoring and comprehensive query can be achieved. The overall security situation of smart cities can be grasped as a whole to provide decision-making basis for daily protection and emergency response. From the final result, the traffic improvement is more obvious, and the utilization rate has been increased by 20%-30%.
At the specific practice level, Baidu Security starts from the most basic layer of the server as a controllable environment, and has done three scenarios: Security strong confrontation security, Safety non-strong confrontation security and Privacy privacy and data security, that is, the interactive processing between big data . On the three-layer model, copy the security services of the security and intelligent threat hunting platform and intelligent data security gateway, and establish a security scenario based on these to serve a smart area.
Baidu Intelligent Threat Hunting Platform covers WAF, IDS, EDR product scenarios, supports mixed deployment with traditional products, and provides management capabilities. It not only preserves the value of existing security investments, but also has strong traceability and unknown threat perception capabilities. , which can quickly perceive attacks and effectively help enterprises play an important role in strong traceability scenarios. The platform can help security engineers reduce the workload of security operation and maintenance, provide more valuable data for advanced threat analysis and decision-making, deal with advanced threats such as 0day and APT attacks, and then help enterprises to quickly and efficiently build a deep integrated linkage system, Reduce the cost of enterprise safety construction.
Baidu Intelligent Data Security Gateway is a security product launched for enterprises and follows the concept of zero trust. Based on traffic analysis, NLP, AI and other technologies, it helps enterprises to sort out data assets and solve the problems of unclear assets and vague attribution faced by data governance. , improve the security management capability of the enterprise through unified and centralized management and control of the enterprise intranet business. Its value lies in the needs of enterprise digital management. When contract information, agent information, supply chain information and other core confidential data are placed in the information system of the enterprise intranet, the intelligent data security gateway can effectively protect it through desensitization, watermarking, etc. Data assets in information systems to prevent sensitive data leakage.