"360 wants to complete a dream, which is also my own original intention. It is to open up the security brain system of various regions and industries, form threat intelligence and data mutual inquiry, build a national-level distributed security brain, and truly improve the entire country. Security capabilities.” Zhou Hongyi, chairman of the ISC conference, founder of 360, and chairman of the board at the 9th Internet Security Conference (hereinafter referred to as ISC 2021) bluntly said that it does not carry goods, and only expresses its original intention.

  It is reported that on July 27, the ISC conference was grandly opened in Beijing with the theme of "Network Security Needs New Tactics, and Network Security Needs New Framework".

At the opening ceremony, Zhou Hongyi delivered a strategic speech titled "Future-oriented Next-Generation Security Capability Framework", sharing the development practice of 360 Company (stock code: 601360.SH, hereinafter referred to as 360) in the past ten years to a global audience. How to form capabilities, how to generate safety concepts, and how to build a new capability framework.

  Respond to new cyber threats with "operation, confrontation, offensive and defensive thinking"

  "Cybersecurity can no longer be regarded as a vassal of informatization, relying on piling up fragmented products to try to solve the ever-changing security problems, but should face security challenges directly, guided by'operation, confrontation, offensive and defensive thinking', and systematically build security capabilities. ." Zhou Hongyi mentioned in his speech.

  This is because cyber security threats will surpass traditional security threats and become the biggest threat in the digital age.

According to Zhou Hongyi, from last year to the first half of this year, major cybersecurity incidents occurred frequently around the world. Supply chain attacks, blackmail attacks, industrial control equipment attacks, APT attacks, data theft and other attack methods emerged in an endless stream. Cyber ​​attacks have also become a confrontation between major countries. Hot topic.

"In the future, national-backed cyber forces, APT organizations, and organized cybercrimes will become the biggest threats to cybersecurity. The targets, methods, and destruction of cyberattacks will break through the norm, and threats will continue to escalate toward high-end.”

  Zhou Hongyi said that digitalization has three characteristics: everything is programmable, everything must be connected, and big data drives business. The essence is software defines the world, and cities, cars, and networks will all be defined by software.

This also means that digitalization has made the entire network security environment more vulnerable, security risks more ubiquitous, and the entire world more vulnerable to attacks and greater harm.

Therefore, network security requires a new set of tactics and a new framework.

  360 captured 12 APT organizations that attacked my country in the first half of the year, and the annual big data maintenance cost exceeded 500 million

  The offense and defense of the cyber world are usually not well-known to ordinary people, but Zhou Hongyi disclosed for the first time at the conference: “360 captured 46 national-level hackers abroad, and monitored more than 3,600 attacks involving more than 20,000 attack targets. This year only In half a year, 360 captured 12 APT organizations that launched attacks against our country, of which two were discovered for the first time: Wuqiong Cave and Pseudo Hunter."

  The discovery of these threats relies on 360's security big data, which ranks third in the world.

According to Zhou Hongyi, 360 is the first commercial company in the world to use secure big data for analysis, and it is also the company with the most secure big data.

“Currently, 360’s total security big data storage volume exceeds 2EB, with an increase of over 1.5PB/day, and it has 210 data centers, more than 200,000 servers, 1 million CPU cores, export bandwidth 2,300G, and processes 200 billion logs per day. Maintenance costs amounted to 500 million."

  In addition, 360 has accumulated a global unique attack knowledge base and knowledge sample library. The total number of sample files has reached 30 billion, with 10 million new additions every day, and it has refined the world's top cyber attack and defense expert team, and created 200 people. A team of security elites and a team of more than 3,800 security experts.

  Based on the integration of "big data + knowledge base + experts" and massive computing power, 360 has established a big data analysis platform that captures APT, forming a prototype of 360 cloud security brain.

Zhou Hongyi revealed that using this big data analysis platform, in all units outside the military, more than 96% of national-level hacker organizations were independently discovered by 360.

  360 has also been thinking about how to help party, government, military and enterprise users also build security capabilities.

In this regard, 360 has infrastructureized its own capabilities and formed a cloud infrastructure system. At the same time, it has cloudized security big data and various security capabilities, and XaaSized its operational capabilities to provide security for party, government, military and enterprise users like water and electricity. Basic services to realize the efficient external empowerment of 360 cloud security brain and cloud infrastructure.

  In this context, 360 has invested more than 20 billion in 16 years and formed a new set of tactics and a new generation of security capability framework, which pointed out the direction for responding to digital transformation and major security challenges.

  Building a nationwide distributed security brain has landed in more than 10 cities

  Zhou Hongyi said that this new set of tactics will be guided by "operations, confrontation, offensive and defensive thinking", the security system is integrated with the digital system, and the offensive and defensive capabilities are integrated with the management and control capabilities.

The main role of the new-generation security capability framework is to provide a reference framework for party, government, military and enterprise units to build security capabilities.

  Specifically, the new-generation security capability framework includes four parts: one is the security brain of the regional/industry/enterprise headquarters, the second is the security infrastructure system, the third is the emergency response system operated by security experts, and the fourth is the security basic service empowerment system.

This framework can help customers establish a security system that is complete, operable, growable, and exportable.

  Zhou Hongyi emphasized that this framework can be copied from 360 to various party, government, military and enterprise units, building their own security brains and infrastructure, allowing each unit to manage and operate its own security data, and establish an operating system to empower subordinates through services unit.

For places where the capabilities of various units are insufficient, 360 can also continue to provide the empowerment of network-wide big data and advanced security experts through the cloud.

  In Zhou Hongyi's view, the security capability framework can integrate various ecological products and expand various digital scenarios that support various industries, such as industrial Internet, car networking, energy Internet, smart cities, etc., to form scenario-oriented security solutions.

  At present, this new framework has blossomed in many places and many companies.

It took 17 months for 360 to start the construction of safety brains and safety infrastructure groups in more than 10 cities including Chongqing, Tianjin, Shanghai, Qingdao, Suzhou, and Xiamen. Businesses cooperate to help customers improve their safety capabilities.

  He said that 360 hopes that based on the new-generation security capability framework, it can open up the security brain system of various regions and industries, form a mutual query of threat intelligence and data, build a national-level distributed security brain, and truly improve the security of the entire country. ability.