Information about building defense in depth system

2022-08-06
  • Detail

Swiss number information: what are we doing about building defense in depth system

defense in depth is not actually an exclusive term in the field of network security. As early as the early 20th century, former Soviet field marshal minetukhachevsky put forward an idea called the theory of large-scale in-depth operations on the basis of his experience in World War I and domestic wars. Because the essence of network security is the attack and defense war between hackers and developers, the concept of defense in depth in the field of information security has something in common with the idea of war science. Its core is to deploy defense at multiple points, from point to area, and form a multi-level, three-dimensional and all-round defense system to frustrate the enemy and ensure its own overall security

why establish an all-round defense system in depth

great changes in it architecture

the arrival of 5g era has led to the emergence of new applications. The rapid development of cloud, big data, IOT, mobile terminal, artificial intelligence and other technologies is accelerating the great change of IT architecture and the transformation and upgrading of enterprise digitalization. According to IDC's prediction, by 2022, the global smart ownership will reach 4.51 billion from the current 3.78 billion, and the connected IOT devices will reach 40.7 billion. In particular, the number of various applications will increase 100 times, from 5million to 500million. In the future, all systems, devices, users and data associated with the network will face more and more complex known or unknown security threats, constantly challenging the enterprise's ability to quickly identify and respond to attacks

the rapid trend of network attack

the traditional attack types are changing. In the Internet + mode, the black and then stress is further increased until the sample is torn. The ash production is not limited to the pure manual attack mode. A large number of enhanced attack methods with the help of automated tools, simulated human beings and multi-source low-frequency are emerging in endlessly. Emerging attacks cover almost all scenarios of all channels and industries, including but not limited to malicious registration, scanning numbers and hitting databases Reptiles, wool collecting, and stealing numbers. The black industry ecology driven by business and data value has formed an almost overwhelming advantage for enterprise security defense, leaving enterprise security protection overwhelmed in the competition for business resources, man-machine confrontation, and real and virtual attack and defense identification

continuous upgrading of protection technology

network security is like a never-ending attack and defense war. The attack situation and defense means change and upgrade alternately. Obviously, the single protection of traditional leak detection and defect filling can no longer adapt to the current security protection situation, and various protection means against security threats and attacks are also evolving. However, security protection cannot be won by quantity. Simply stacking a large number of protection means is difficult to resist the emerging new automated business attacks. Whether various protection means meet the protection requirements, whether there are mutual obstacles, mutual influences or overlaps between them, whether they can respond in a coordinated manner, automatically upgrade the protection strategy, and form a 1+1 2 cohesion effect are all the contents that enterprises must pay attention to in building an all-round defense system in depth

Swiss digital information omni-directional defense system in depth

as a leader in the field of automatic attack and defense, Swiss digital information has further expanded the scope of application security defense from the web to the mobile, cloud, API, IOT fields by relying on new technologies such as dynamic security, artificial intelligence, programmable confrontation, and automated Threat Intelligence. At the same time, it has deepened business threat perception and data perspective, and deeply enabled multi scenario business and application security, Create a multi-dimensional, multi means and multi capability all-round defense system for enterprise risk management and security protection

01 multi-dimensional defense in depth

active security defense

bots defense - Swiss digital dynamic application protection system (robot firewall botgate)

automatic threat defense capability is the skill of Swiss digital information. As the first product launched by Swiss digital information, botgate takes the dynamic security technology as the core, innovatively puts forward the concepts of dynamic defense and active defense, subverts the traditional passive defense technology based on attack characteristics and behavior rules, and effectively distinguishes all kinds of known and unknown automatic attacks that camouflage and fake normal behaviors

web application security - Swiss dynamic web application firewall (smart safeplus)

in addition to the basic ability of traditional web end security products (covering ow, some universal experimental machines on the market now use T-shaped ordinary screw ASP TOP10), safeplus adds the anti bots function of dynamic security and AI intelligent analysis, which can effectively prevent malicious scanning and vulnerability exploitation by automated tools, Application layer DDoS attacks initiated by zombies and unknown attacks such as zero day vulnerabilities

mobile app application protection - App dynamic security protection system (APP botdefender)

on the mobile app side, Swiss digital information follows the idea of cloud management and provides unified security protection for various native apps, H5 and hybrid applications and other multi application portals. It is the only overall solution in the industry to achieve end-to-end integrated security protection for mobile applications and businesses

application API protection - API botdefender

the ADMP security model is composed of four modules: API sensing, discovery, monitoring and protection. By sensing the source environment and user behavior, the ADMP automatically discovers the API, and monitors and alerts all abnormal API request behaviors; At the same time, with the help of dynamic response mechanism, abnormal API requests can be blocked, limited or cheated

iot application protection - IOT dynamic security protection system (IOT botdefender)

uses ai artificial intelligence technology to assist dynamic security, block all kinds of IOT malicious code attacks and zero day vulnerability attacks in real time, provide dynamic protection for all kinds of IOT applications, and achieve lightweight security maintenance

intelligent perception and analysis

business threat perception system (biz insight)

this system extends the traditional business risk control system to the client, and realizes the pre risk control. The built-in owasp21 kinds of web application automation threat models, combined with the fingerprint Library of AI engine, the intelligent analysis and automatic output capability of threat intelligence, and programmable countermeasures technology, realize the continuous resistance to automated attacks and the resulting business fraud

data insight

as an analysis platform for multi-source heterogeneous massive data, it breaks the data gap between business operation and maintenance and security. It can collect, sort out, archive and store machine data in any format, realize application-oriented full flow recording and analysis, and provide what you want is what you get data analysis, search, reporting and visualization capabilities

02 multi means defense in depth

dynamic technology

includes dynamic packaging, token, verification, such as manufacturer, batch number, raw material batch and other information certificates, confusion, challenges and other technologies. It is the core technology of Swiss digital information defense in depth system. Through the dynamic change of the bottom code of the page and the real-time man-machine identification technology, the possible attack entry is hidden to increase the unpredictability of the server behavior; At the same time, it ensures the correct operation of application logic, effectively distinguishes known and unknown automated attacks that camouflage and fake normal behavior, and directly blocks automated attacks from the source

ai technology

integrates AI technology covering machine learning, intelligent human-machine identification, intelligent threat detection, holographic device fingerprints, intelligent response, etc., makes full access records of all request logs from the client to the server, continuously monitors and analyzes traffic behavior, realizes accurate attack positioning and tracing, and conducts deeper analysis and mining of potential and more hidden attack behaviors

programmable countermeasure technology

has built an open and simple programming environment for enterprise users and users, providing hundreds of fields for rule writing, so that customers with a certain programming foundation can customize their self-protection needs and realize flexible and convenient attack and defense countermeasures according to their own conditions

automated Threat Intelligence

through big data analysis capabilities, combined with the characteristics of business threats, real-time monitoring of traffic is carried out. Comprehensively perceive the source, tool, purpose and behavior of the perspective automation attack, draw a portrait of the attacker, and establish an IP reputation base, fingerprint reputation base and account reputation base to achieve security without dead ends

03 defense in depth with multiple capabilities

beforehand: Hidden vulnerabilities

although there are a large number of known vulnerabilities, only about 6% are actually exploited by hackers. With the strong development and application of automation tools, the upgrading of vulnerability scanning and vulnerability utilization tools will not slow down. This proportion will inevitably increase significantly. Leak proof scanning will still be a common but enduring topic in the field of web application security. In the field of business security, the existence of vulnerabilities will still provide opportunities for black and grey products, and the repair of business-related vulnerabilities is even more difficult than web vulnerabilities

based on the core technology of dynamic security, the all-round in-depth defense of Rayleigh digital information continues the outstanding ability of Rayleigh digital in identifying robots and other automated tools, essentially removes the dependence on rules, and advances the protection to the execution of scanning tools and programs by blocking tool behavior. While hiding vulnerabilities, it hides the page directory structure, and also reduces the probability of attackers' discovery and utilization during the period when the station is not patched or the patch window is empty, so as to strive for response time for the maintenance personnel of the station

in process: dynamic response

the traditional risk control usually adopts the risk control rules of post analysis or the reputation base input by the third party to identify the response lag. Moreover, traditional risk control usually requires manual analysis of business logs to establish risk control models and rules, and frequent business changes will inevitably lead to frequent changes in risk control rules, increasing operation and maintenance costs. At the same time, the coupling of risk control interception logic and business logic will lead to abnormal complexity of risk control rules, and the response ability and effect will be more hindered

therefore, the all-round defense in depth of Rayleigh number information focuses on providing strong dynamic response and risk control front-end capability. With the programmable countermeasure technology, the rules are programmed through more than 300 information fields collected by the client. The microsecond response of attack and defense countermeasure can be implemented according to the device characteristics, input events, access behavior and other scenarios. It can also provide soft interception capability and flexibly configure various dynamic response strategies, such as interception, redirection, delay, challenge initiation, etc., so that the system is impeccable

after the event: tracing the source

security incidents occur frequently. How to effectively carry out retrospective analysis and evidence collection is the key to summarize lessons from the existing incidents. With the help of AI intelligence and big data analysis capabilities, and in combination with the characteristics of business security threats, the Swiss digital information omni-directional in-depth defense system can conduct real-time monitoring and full access records of traffic data, comprehensively perceive the source, tools, purpose and behavior of perspective attacks, so that hidden attacks have nowhere to hide and accurately trace the source

at the same time, according to the collected data, the attacker's portrait can be sketched, the IP reputation database, fingerprint reputation database and account reputation database can be established, and returned to other parts of the defense in depth system as threat intelligence, so as to establish security joint defense and cover the whole life cycle of enterprise application and business security

in a word, the defense in depth system is not only the depth and harmony of the traditional protection position

Copyright © 2011 JIN SHI