Security is not an empty talk, its essence lies in the actual combat between the offensive and defensive sides. In the new era led by 5G, AI and other new technologies, the security of enterprise digital services is facing unprecedented challenges.
Attack and defense drill is an effective practice to test the construction of enterprise security system. In the process of attack and defense actual combat, facing the fully open environment, massive accounts and uncontrollable terminals, enterprises are triggered to think about the following points:
· Existing fragmented, boundary-centered single-point defense systems that are difficult to effectively deal with large-scale, high-frequency, and advanced targeted attacks?
· Asymmetric offensive and defensive information, the attacker breaks through layer by layer, unable to deal with 0day attack, a little negligence may lose points?
· After the attack broke through the border, invested a lot of money to fight the enemy head-on, lacked deceptive tactical defense, failed to effectively trap the attacker’s intelligence, and passively dealt with the response?
· Heavy protection, light operation, difficult to scientific evaluation of the existing defense capabilities, emergency response capabilities? Lack of overall security tactical control?
Adaptive security architecture
YUNDUN Gartner based adaptive security architecture concept, intelligent linkage prior security event monitoring and prevention, things threat detection and response disposal, to attack the “emergency response” extend for the whole life cycle of the attack “continuous dynamic response,” for real Internet and adaptive response of all kinds of security risks.
Active prevention: the security system is empowered with self-learning ability, multi-dimensional monitoring for vulnerabilities, contents, leaks and availability, and the threat intelligence system is empowered, thus forming a closed-loop threat processing process.
In-depth defense: Establish a panoramic defense mechanism to achieve in-depth defense, reduce the attack surface of the service system, raise the attack threshold, and ensure that the security system can respond to threats in a timely and effective manner.
Continuous detection: establish a sound risk identification and threat alarm mechanism, reduce the “shutdown time” of the security system when attack events occur, and help enterprises realize the knowable, visible and controllable security situation of the whole network.
Investigation and response: threat intelligence of the whole network can assist threat analysis, achieve traceability and analysis of attack events after occurrence, provide enterprise intrusion authentication and attack source analysis, and continuously enable research and upgrading of attack and defense countermeasures.
HW Security Architecture
Based on nearly 10 years of experience in security offensive and defensive combat, and relying on the adaptive security architecture, YUNDUN has formed the overall security offensive and defensive combat tactics for the whole scene, which are aimed at the stages of actual combat drills and preparations, rehearsals, actual combat and post-war recovery, effectively responding to red attacks, and building a defense system in depth to improve security prevention and control capabilities.
HW toolkit
The HW Toolkit (Base Platform) is the technical base of the HW Security Operations Center. It contains tools, software, and platforms needed by security experts and joint operations teams. Based on YUNDUN adaptive security architecture, the pre-event security prevention, in-event monitoring and threat detection, and post-event response and disposal can be realized more efficiently and feasible relying on the basic platform.
Based on YUNDUN cloud native unified safety operation and management platform, to realize the automatic assets inventory, Internet attack surface mapping, the cloud security configuration leakage risk inspection, compliance risk assessment, monitoring, log audit and retrieval research, security arrangements and automatic response and security visual ability, provide one-stop automation, visualization, cloud security operation management.
Core strengths
Relying on online YUNDUN ten years of actual combat experience accumulation, at the same time based on threat intelligence, AI, new technologies, such as zero trust depends on the shield eye laboratory continuous research upgrade combat against strategy, integrated Web honeynet, business-level Web application firewall HW, form overall effective HW practical solutions, and not in a single product delivery as the goal, Results-oriented, build 7 * 24 * 365 full-time security waiting.
HW sharp tools -Web honey net
Web honey network is one of the few to be able to HW actual combat enemy clear my dark scene, to obtain the attack and defense control, the initiative and the attacker to carry out effective confrontation. YUNDUN builds a deceptive defense system to confuse and quickly identify attackers and protect the real target system by deploying a highly simulated dynamic honey network.
After the YUNDUN honeynet system traps the enemy deeply, the intelligent cloud WAF is linked to effectively capture the attacker’s attack path and attack methods, and the precise traceability is carried out by combining the whole network threat intelligence and social engineering methods. At the same time, the attacker loophole is used to attack and counter the red side, and the passivity is changed to the initiative to reverse the offensive and defensive situation.
Asset deployment: From the perspective of the attacker, analyze the attack path, arrange honeypots in the area that may become a breakthrough, and form honeynets throughout the honeypots.
Monitoring and judgment: abnormal behavior analysis, judging the intention of attack, by the attack deception to trap the brain for judgment. Honeynet temptation: according to the results of brain research and judgment on attack deception, induce abnormal behavior, attack transfer, and strive for protection initiative.
Alarm disposal: Once the induced honeypot is touched, timely alarm, linkage disposal, lock the attack behavior, enter the honeynet, attack observation and strategy self-learning.
Description of attack portrait: Collect the information of attack behavior and identity of attackers, summarize the information of attackers, describe the portrait of attackers, and report to the judges to obtain more scores. Location tracing: locate attackers by counter-scanning and anti-fishing, and report to the judges to get more points.
HW Tool -Web application firewall
WEB application firewall is driven by automata algorithm and based on semantic analysis engine, rule engine and machine learning engine. It detects and deals with the intrusion behaviors caused by WEB system vulnerability. The automata algorithm driven engine can flexibly deploy the three core detection engines to detect threats. The three core detection engines greatly improve the accuracy and recall rate of vulnerability detection and have strong anti-interference. At the same time, the risk decision-making module and risk disposal module can make decisions and disposal according to the detection results, making the whole threat defense process more flexible and more suitable for user needs.
Meanwhile, for Webshells, the module provides a dedicated detection engine based entirely on machine learning to ensure accurate identification of real Webshells. This detection method does not need to consider the deformation and encryption of Webshell source files, nor does it need to consider whether there are features in request communication. As long as hackers try to access Webshell, they can be identified.
HW Assurance – Safety expert team
The essence of network attack and defense is human confrontation, especially for HW combat drill. In order to solve the shortage of security personnel in the early stage of enterprise establishment, YUNDUN gathers professional security experts and business support team, relying on 10 years of experience in front-line security service combat. To provide enterprises with 7*24 hours of depth defense, security situation monitoring and analysis, threat intelligence on duty monitoring, honey network attack traction, accurate traceability and other services, and to ensure timely and effective response to unexpected security incidents in HW actual combat exercises. At the same time, relying on YUNDUN shield performance laboratory, the internal rehearsal of red-blue combat is realized to ensure the reliability of HW combat plan.
“It starts with compliance and ends with safety; Begins with trust, trust “finally, YUNDUN is committed to through the HW practice, help enterprise study core information system security problems and hidden dangers, build prior security event monitoring and prevention, things threat detection and response later disposal ability, and improve safety awareness and safety system, effectively cope with and control possible network security incidents.
