Xu Lisong: Building a comprehensive security ecosystem to meet future challenges

Xu Lisong: Building a comprehensive security ecosystem to meet future challenges

Editor’s note:A few days ago, the Chinese Academy of Engineering released the white paper “16 Major Technical Challenges in the Development of China’s Electronic Information Engineering Science and Technology in 2020″, which described the challenges in the field of “cyber security” as follows: In the face of the fierce competition among countries for network rights, “maintaining network security” Security sovereignty needs to innovate an active and adaptive multi-layer linkage technology system, build a positive defense barrier with fast fights and wisdom against wisdom, break through the key network border defense technology of “defense and attack outside”, and form a threat that is dominated by me Perception and attack prediction ability” is an important challenge currently faced in this field. In order to promote the joint discussion of how to deal with this challenge from all circles of industry, academia and research, this magazine specially interviewed Xu Lisong, senior technical director of Hangzhou Anheng Information Technology Co., Ltd. Beijing Branch.

Xu Lisong: Building a comprehensive security ecosystem to meet future challenges

Reporter: What are the key technologies of network border defense that “defend attacks from outside”? What are the security technologies that China urgently needs to improve?

Xu Lisong:The so-called “defense attack from the outside” is more inclined to the concept of early information security, and a set of border defense system is built mainly with security protection products, such as IPS, FW, WAF, etc., are the embodiment of this idea.

However, in today’s information security environment, targeted attacks, APT attacks, ransomware, mining viruses, etc., whether it is a virus-based attack method or a precise targeted attack mode based on attack targets, basically ignore the existence of boundaries. If the attacker does not attack from the border, the corresponding border defense technology can play little role.

Building a comprehensive security ecosystem is the solution to the fundamental problems in the field of information security today, and what my country urgently needs to improve is intelligent analysis, attack traceability, security protection linkage and other components to build a complete security ecosystem.

Reporter: How to realize the initiative to maintain network security sovereignty and innovation, and build an adaptive multi-layer linkage technology system?

Xu Lisong:This issue should be viewed separately. “Adaptive” is currently a technical field that major security vendors are gradually improving. The 2019 security buzzword “SOAR” is one of the goals in this direction. Building a security system based on intelligent orchestration and automated response for users is the future direction of this goal. Although the wording may be different, the principles and goals are the same.

The “multi-layer linkage technology system” cannot be analyzed purely from a technical point of view. Major security manufacturers are currently working on adapting the linkage mechanism of their products. However, what restricts this system is the lack of global dominance. At present, there is no standard and specification to stipulate the standard of the linkage interface of the products of major security manufacturers. The reality is that if you need to build a multi-layer linkage technology system, you need the integration of products and technologies. In short, they must all come from one manufacturer.

Reporter: At present, when China has not yet completed the establishment of an independent security information industry system, how can we achieve “self-centered”?

Xu Lisong: Although my country has not yet completed the construction of a “me-based” information industry system, in the field of information technology, some areas of network communication and information security can basically be localized. And the construction of safety supervision, so that the information network can be analyzed, queried, locatable, and can be disposed of, and another way to achieve phased “me-based”.

Reporter: As we all know, the world today is going through great changes unseen in a century. What kind of new situation and changes do you think my country’s network information security is facing under the changing situation?

Xu Lisong:In today’s changing situation, as a supporting project for information construction, information security needs to face many new situations and changes.

The first is the change brought about by the current autonomy process, which corresponds to the gradual adaptation of information security, not only the adaptation of chip-level hardware. With the gradual construction of the autonomy process, the autonomy of the software architecture will also be gradually carried out. It may mean that the practitioners in the security industry are now reshuffled again. Whoever wins this new battle first, who may once again occupy a new commanding heights.

The second is the gradual lack of reference targets. The development of my country’s information security field is relatively late. Early technologies and ideas are mainly based on reference and imitation. The world’s first-class security practitioners are our learning goals. However, with the gradual improvement of the development of information security, my country can already keep pace with the world in the field of information security infrastructure. At present, there is no unified cognitive reference target in the field of information security system construction. Information security practitioners are building and exporting their own solutions. Take the two hot security buzzwords “SOAR” and “Zero Trust” in 2019 as an example. They represent different goals and can be built individually or in combination. However, the technical cost, labor cost, time cost and economic cost invested will definitely be very different, and there is also uncertainty about the future benefits. And these all remain to be tested by time.

Third, information security will develop into a complete ecological industry. The ecological industry referred to here is mainly from the perspective of practitioners. At this stage, practitioners are basically self-learning, and most of them are non-professionals, whether it is interest-oriented or interest-oriented. Although many colleges and universities now offer information security majors, they are not ideal in terms of practical results. The lack of courseware textbooks and professional teachers are the reasons for this phenomenon. But these problems are definitely short-term. More and more colleges and universities are starting to make changes, and a large number of school-enterprise cooperation is gradually being carried out. Now more professional and stronger information security practitioners will emerge in the future.

The new situation and new changes must bring new challenges and new opportunities. my country’s information security construction had a cognitive bias 50 years ago, but with the nearly 20 years of catching up, the overall gap is not only gradually narrowing, but is also being Gradually improve the development path that meets China’s actual needs.

Afterword:Building a comprehensive security ecosystem requires the joint efforts of all parties in the industry. Under the guidance of Academician Fang Binxing, “Information Technology and Network Security” is becoming an important platform for information dissemination in China’s information security field. It is hoped that this interview will allow the industry to deepen Understand the technological development trends and directions in the field of network security, and make better contributions to the cause of national network security.

Welcome to the public account of “Information Technology and Network Security”

The Links:   PM100CSD060 LTA084C271F Sharp-LCD