For the IT industry, this is an age of concepts. In such an environment, if security technology, products, and solutions are relatively mature, will it be a conceptual hype to advocate Security 2.0? Guo xunping, Symantec's director of business development in China, addresses this question for us.
Causes of disruption
Guo xunping believes that the concept of security 2.0 is related to the deterioration of the security environment. Specifically, Guo xunping said that the current security attacks are different from previous attacks in the following four aspects.
First of all, for the purpose of the attack, many of the original attacks were not specifically targeted and aimed at fame and show off technology, the current attacks are related to the theft of trade secrets and confidential information, data, and money. Secondly, from the perspective of the technologies used, since the purpose of the technology was to show off, people around the world may wish to know after the attack, but now they are aiming to steal economic benefits, the attack is very concealed, just like stealing when you are unknown.
In addition, most of the attacks were initiated by individuals or non-profit groups, but they are now organized. Finally, the impact of attacks on users has also changed. Because IT was originally intended to show off technology, many attacks and threats to users' IT assets mainly affect their infrastructure. In the original attack, the worm may be sweeping the world in a day, but the loss of users is only the paralysis of the server, and recovery is also relatively fast, you only need to patch to solve the problem. However, the attack target for profit is no longer an infrastructure, but an operation data on the infrastructure. As the attack target changes, the corresponding preventive measures must also change.
From the external point of view, the security environment faced by users is getting worse and worse. From the internal point of view, security management problems faced by users are becoming more and more complex. Guo xunping said: "What users face is more than just technical problems. For example, the security terminals of large enterprise users may be widely distributed. anti-virus software and terminal protection solutions only address security protection issues. However, after this problem is solved, individual users in the enterprise may have weak security awareness, which makes daily maintenance tasks such as regular upgrade and patching a difficult problem. In this way, enterprises need a terminal security management standard, and users' needs will shift from protection-centric to policy-centric ."
According to Guo xunping, we believe that security 2.0 is based on the original security products, security technologies, and security solutions, coupled with some security policies. Guo xunping pointed out that the security management ideology is very complicated. "The establishment of security management is not a simple task. Taking the execution of the Sarbanes-Oxley Act as an example, the promulgation of the Sarbanes-Oxley Act requires the relevant enterprises to have a strong internal control means. The Sarbanes-Oxley Act is not a one-time job for enterprises. As long as you go public, you must follow this standard if the stock exchange does not change.
For enterprises, we should first consider how to follow the rules as quickly as possible every year with minimal input, and improve internal management on this basis. However, many enterprises may regard the Sarbanes-Oxley Act as a project every year, increasing investment virtually. Symantec has a complete solution against the Sarbanes-Oxley Act, which is actually to help users achieve IT automation. The so-called automation is in the client, database, ERP system, you need to ensure that your security measures, configuration, including the password and account that you normally manage must comply with the requirements of the Sarbanes-Oxley Act. In this way, enterprises form a virtuous circle in internal control management, and the cost is naturally reduced. On the contrary, some enterprises develop their own systems. Compared with these systems, our products are totally different from those developed by ourselves ." Therefore, Guo xunping said: "Security 2.0 is very necessary for a single compliance requirement ."
Connotation of subversion
For subversion, we often love to use the word "Revolution" to describe it. But most people may not know that the word revolution came from the beginning of the book-Yijing-thousands of years ago. Therefore, when talking about the concept of Security 2.0, we need to understand its meaning rather than simply understanding its representation.
Guo xunping introduced the concept of Security 2.0 as follows: "Security 2.0 has two fundamental concepts and points of view: First, it not only protects users' infrastructure, it also protects users' enterprise information to protect enterprise interaction. From the perspective of supporting the normal operation of enterprises, IT is already an essential part. At the infrastructure level, a large amount of data is required to support these applications. These applications will eventually serve the enterprise, which is doomed to have information interaction with third parties, downstream engineers, and even competitors. Therefore, in general terms, 'security 100' not only protects users' Security architecture, but also protects users' data, applications, and information, protects the security of user data, applications, and information during third-party interaction. In terms of specific products and solutions, we need to integrate firewalls, IDS, and IPS to help users achieve client security ."
Specifically, how Symantec makes Security 2.0 a reality, Guo xunping said: "Symantec originally focused on infrastructure protection, however, our big solutions focus on protecting user data, applications, and information. At the product level, Symantec integrates computer protection, policy compliance, data recovery, and terminal management. In the future, users only need to install one system, this includes their security, compliance, compliance with control requirements, and patch distribution."
Continuation of subversion
In the new category of Security 2.0, management is integrated and multiple products are integrated into one product. It can be seen that integration has become a trend. However, if we continue this trend, we will find another problem. The upstream operating systems and chip vendors have begun to integrate, with the intention to integrate security protection into the operating system or even the chip. Guo xunping expressed his views on this.
He believes: "Cooperation with chip vendors is a convenient way to help users solve security problems, but this does not replace client security protection. We have worked with Intel and AMD and have integrated solutions. However, this only helps users propose a solution to the problem. In terms of technology, the original anti-virus software can solve some problems that cannot be solved by chip-level security. For example, anti-virus software can detect viruses, but it cannot be clear. The reason why it cannot be clear may be due to technical problems or an optimal solution after comprehensive consideration, it may consume too much resources to clear the virus. In this case, cleaning the virus will damage the system. The virus library of anti-virus software also needs to be upgraded in time, but it is very difficult to upgrade the chip ."
For the operating system, Guo xunping went on to say: "Nowadays, many anti-virus software runs on the operating system. As a service of the operating system, it can only reach the kernel level at most, however, many threats cannot be reached the kernel level. For example, the current Rootkit threats make your operating system unable to find the virus, and you cannot use traditional anti-virus technologies to kill the virus. Because you cannot bypass the operating system and clear the virus. Now we have installed a bare device to clear the virus directly by bypassing the file system. This is impossible to directly embed security software into the operating system ."
For enterprise businesses, Guo xunping believes: "The responsibility for security management is handed over to chips and operating systems for implementation. Once chips and operating systems are infected or damaged, the consequences will be unimaginable. There may be no way for enterprises to deal with Chip faults, but some responses can be made at the software level. It is precisely for these reasons that security vendors cannot be replaced by operating system manufacturers and chip manufacturers ."
Regarding security 2.0, Guo xunping believes that this is not a concept promoted by the manufacturer, but a product that promotes the manufacturer to update technologies based on user requirements. In the end, it is still born out of user needs. Without the needs of users, Security 2.0 cannot reflect its own value. After all, the information security awareness of enterprise leaders has improved. Next, they will have some ideas and ideas. They will need some tools to execute these ideas. At this time, Security 2.0 will adapt to the current situation, appeared in front of the user.