The epidemic heats up telecommuting, threat intelligence technology heads up against the wind

  Our reporter Hua Ling

  In the first half of this year, the new crown pneumonia epidemic swept the world. With the acceleration of remote office applications, various industries have become more and more urgent for network security services.

Under the dual impact of the international situation and the epidemic, my country's network security industry headed against the wind and its market share continued to expand.

  According to the "White Paper on China's Cyber ​​Security Industry (2020)" released by the China Academy of Information and Communications Technology in September this year, the scale of my country's cyber security industry has reached 156.359 billion yuan in 2019, and it is expected that the industry scale in 2020 will be about 170.2 billion yuan.

  As one of the subdivisions of network security, the threat intelligence market is gradually emerging.

Previously, analysts from Gartner, an information technology research and consulting company, defined threat intelligence as evidence-based knowledge about existing or potential threats to assets, including scenarios, mechanisms, indicators, inferences, and feasible recommendations that can provide threat response Basis for decision-making.

In today's cyberspace offensive and defensive battlefield, threat intelligence has long become an indispensable part of the cyber security defense system.

Threat intelligence is becoming a necessary technology and means

  Since the implementation of the “Cyber ​​Security Law” on June 1, 2017, the new version of the “Administrative Measures for Information Level Protection”, “Regulations on the Security Protection of Critical Information Infrastructure” and other provisions and regulations have been implemented one after another, which has affected cloud computing, mobile Internet, Internet of Things and industrial The security requirements of the control system continue to expand, and the integration of network security technology with new technologies such as cloud computing, big data, and artificial intelligence is becoming increasingly close. New network security technologies and products are in urgent need of production.

  At the same time, with the development of the digital economy and the deepening of digital transformation, data assets continue to increase, digital businesses are increasing day by day, and cyber attacks targeting data are becoming more and more fierce. The threat of organized attacks and cybercrime is diversified and unknown , The establishment of a combat-based offensive and defensive capability system is the general trend.

In actual offense and defense, threat intelligence is becoming a necessary technology and means.

  According to reports, the research object of threat intelligence is "threat". The so-called "threat" may be a single Trojan horse implantation, remote domain name hijacking, IP attack, or a security incident or an attack group.

The research result of threat intelligence is "intelligence", and "intelligence" is also divided into different levels: simple intelligence is data samples such as Trojan horses, domain names, URLs (network addresses) and so on related to the attack process; while complex intelligence may involve The mapping of personnel's virtual identity to real identity.

  Compared with the traditional network security thinking characterized by vulnerability scanning, threat intelligence starts from the perspective of the attacker, finds the data assets of the attacked enterprise, characterizes the attack technique, extracts the fingerprint of the attack tool, and finally forms the attacker's portrait.

  In addition, security practitioners also need to analyze the massive amount of intelligence they have, to have a more comprehensive understanding of the attacks and attack groups behind them, and to track the "threat" every move in real time based on the massive basic data they have.

  "Based on dynamic threat intelligence, using effective active detection methods as tools to help companies detect threats in a timely manner and quickly concentrate superior resources to respond will become the trend of cyber security development." said Wang Lei, managing director of CICC Capital.

The development of related fields needs healthy competition to lead

  It is understood that the concept of threat intelligence was first proposed in 2014. Around 2015, this concept was introduced into the domestic market, and it has only been 5 years since then.

  Industry experts analyze that from the perspective of the big network security market demand, the demand for threat detection in various industries continues to increase, and several major industries such as government, finance, the Internet, and smart manufacturing are still the main industries that require threat intelligence.

At the same time, the demand for network security threat detection and protection has begun to sink from leading companies and large companies in various industries to medium-sized companies and IT industry teams.

In addition, the trend of collaborative defense in the industry is obvious, and security incidents and intelligence sharing projects represented by the financial industry have begun preliminary practice.

  However, many practitioners believe that it will take time for the threat intelligence field to mature and specialize.

  For example, the 360 ​​Cyber ​​Security Research Institute previously pointed out that threat intelligence has been facing the problem of ambiguity in value evaluation standards, especially for the key element of measuring the quality of threat intelligence-IOC (Indicator of Compromise, which is used to identify systems or networks. The value evaluation of data on potentially malicious activities has always been a core issue that plagues the development of the industry.

  The "2020 Cyber ​​Threat Intelligence Status Quo Survey Report" released by the cyber security research organization SANS also pointed out that there are many reasons for restricting the application of threat intelligence, and the primary factor accounting for 57% is the lack of professional staff and the ability to make full use of threat intelligence. Experience, in addition, difficulty in operation, poor automation, etc., also account for a large proportion.

  Xue Feng, founder and CEO of Beijing Weibu Online Technology Co., Ltd., said that current threat intelligence has become a field of competition among major domestic security vendors, and healthy competition is expected to continue to promote the long-term development of this field-including standard identification and the overall ability of practitioners Will be resolved.

At this stage, compared with comprehensive security vendors, the opportunity for security companies focusing on the subdivision of threat intelligence is to cultivate core technologies.

  In Xue Feng's view, one of the core technologies lies in the cloud's big data capabilities.

In the context of cloud reconstruction of enterprise IT architecture, it is an inevitable trend for network security products to break through the original technical framework and make full use of new technologies such as big data, cloud computing, and artificial intelligence. Therefore, the cloud-based SECaaS (Security as a Service) model, It will gradually replace the traditional software service model based on localized deployment and become a standard requirement for a new generation of network security products.