Cloud Computing Conference: 360 Vice President Tanxiaosheng interpretation of the "sky Crisis"

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

At the latest China Cloud Computing summit, the fifth session of China's cloud computing conference, Mr. Tanxiaosheng, 360 Vice president, published a keynote address titled "The Sky Crisis," detailing the security threats faced by companies in the Internet era, and sharing 360 of the practical experience in "cloud + End + border" security protection.

Photo: 360 Vice President Tanxiaosheng speech

The following is the full text of Tanxiaosheng speech:

Fellow experts, fellow colleagues everybody good morning, just now Professor Feng Deng's speech I was very inspired, in fact, the 360 model is to divide cloud computing into Laas, PaaS, SaaS level, 360 provide the most is SaaS. In fact, we are now entering the PAAs arena, how we can turn security services into a platform that allows more people, including security service providers, to use this service. The information I share below is expected to help you with your cloud computing work:

Last year to this year there are some words that are hot words: apt/anti-apt, NGFW, BYOD, Big Data, fireeye.com.

Let's take a look at what happened in the last 2012 years, Simon. It can be announced that two enterprise-class product source code was stolen, VMware confirmed the source code was stolen, at the beginning of last year, Anonymous threatened to kill the entire Internet, attacks the DNS root server. What are the major security incidents where WikiLeaks has been hit by ongoing attacks, a worm flame (Flame) raging in the Middle East, Dnschanger, the US E-commerce website Zappos hacked, and LinkedIn confirms that some of the user's passwords have been compromised? What is the first attack object, The object of the attack is the source code, the next step is to find more vulnerabilities, to find more vulnerabilities is to attack various enterprises, for attackers can also initiate more in-depth things.

Five years of changes in the number of malware, in the first quarter of 2011 years is the highest peak, a day can be close to 7 million malicious samples, now down to about 3.2 million, it looks like the situation is better, in fact, this is the month we monitored in 2012 to the number of new phishing sites, Only the means of attack to achieve the transfer, virus Trojan in the security software under the strangulation of the number of fewer, but more is the way with the Web page joint role.

Extranet Security: 60% site security vulnerabilities, more and more enterprises have to embark on the Internet, in the Internet era, if not on the Internet feel will be eliminated, last year, a particularly hot word called O2O.

What's the status of the website? 360 there is a product called "360 Web site security testing platform", the Chinese site has millions of, we have probably detected a domestic network of 1/9 of the site, detection results are quite alarming: 60% of the site has a loophole, the total number of vulnerabilities found more than 60 million, including 30% Vulnerability is a high-risk vulnerability, it may lead to this site is black, this number is always updated, we can go to our website to see, this number is true.

Web site Vulnerabilities: We think there are two of the worst, cross-site scripting vulnerabilities and SQL injection vulnerabilities. This is normal's website, this site was black after the horse, if by industry division, the security of the weakest site is the government website, education site ranked second.

This year Europe also suffered the biggest DDoS attack in history, up to 300Gbps, so far the biggest attack in history. We measure the 50G, is the protection of the bandwidth is 50G, is full.

Extranet Security: DDoS attack trends, 360 of anti-DDoS products were put into use last June, to this year's time, we encountered the peak and number of attacks are increasing, more times one weeks to reach 10,000 times. We have protected more than 10,000 sites, because some users use anti-DDoS as a temporary demand, will only be launched when the attack of the 360 site defender category of products.

For intranet security will face a very large security threat is apt, Google's aurora attack, Night Dragon attack, RSA SecurID seed files stolen, Super Factory virus attack, shady rat attack.

March 20 this year, South Korea has 3 television stations and 2 banks were invaded, the entire system can not work. There were also rumors that the IDs from China were dry, and that IDs were not from China, but it was a very typical attack from the information disclosed.

This is apt some definition, in fact more it is the use of a variety of infiltration methods of attack, is a combination of various skills of the attack, with long-term, latent characteristics. The goal is often to steal information, including military intelligence data, major industrial data, such as a few years ago, the country's advanced fighter plane drawings in the hacker circle circulated. The past apt is the intelligence and the military majority, now clearly sees to the enterprise also many, we also very honored in the past has faced apt, has done a lot of defense work in this aspect.

Apt attack is actually a relatively high cost of attack mode, including it will use social engineering, loophole mining, Trojan Kill, vulnerability attacks, wireless attacks, password cracking, phishing attacks, encryption and decryption, costly. If your wifi and your intranet are directly connected, there is a big risk of wifi cracking. But now if it is for criminals, for Trojans, phishing sites, we can carry out rapid strangulation, including the fishing site can be blocked it two hours below the survival period, we have a point of view that these in fact will eventually put criminals into apt field, this is apt defense of a focus.

Typical attack methods: by email, APT's attack method has more than 90% attacks by email, email attachment appears to be a PDF file, Word file, seemingly safe, in fact, the attack point is not known to the public, these files can actually be maliciously constructed, At the same time can be embedded in the attack code, the end of the attack when the code overflow your code area, there will be Trojan code to your computer up. One of EMC's employees was very hard-working and dragged the mail out of the spam box and opened it. This is the equivalent of Trojans into EMC's intranet, slowly there will be some IT managers recruit, further extended to EMC. RSA was stolen by hackers to his seed files, the seed file to take away, this time the second factor authentication factor is abolished, when the discovery of the rapid withdrawal, the attack caused many U.S. corporate networks were hacked.

Apt is the type of malicious file: The first is RTF, the second is XLS, the third is zip and rap files. 94% is an attack via email, 76% of which is government and business. APT has not been much needed to target ordinary people, if it is a celebrity is another thing, as technology will be more and more people grasp the target will move down, medium-sized Enterprises will also become targets. The first is the government, the second is activist, and then down is heavy industry, aviation, finance, aerospace, steel, electronic equipment, electricity and so on, these are the foundation of some industries.

The mode of attack is WiFi, and WiFi for government agencies and large enterprises is vulnerable to hacking attacks. At 360 I was also in charge of the company's information security, I probably dragged a year to build WiFi for the company, because WiFi protection is very difficult, not only WiFi is easy to be cracked, this year there is a hot word called BYOD, is to use your mobile phone and pad work, in order to work can use mobile phone to receive mail, But the mobile phone is also personal assets, sometimes will install app, how do you know not to be with the Trojan thing, now BYOD has some mature products, but very rare.

One time to train the talent of an organization, it is our turn to lecture. My information security team brothers tested them, cracked three or four accounts, and was a living case.

This is a social engineering case where the system can be free of loopholes, but don't forget that people are flawed, the human loophole is greed, fear, laziness these things, this thing is to use people's fear, said your boss sent you a letter, read this letter immediately to the office, in fact, the attachment of this email is a Trojan horse.

The use of people afraid of losing, using 2013 years of holiday rest plan, please colleagues fill out the form and send to the Human resources department, the application form needs to fill in the name of the person, contact. But if your software system is not patched in time, it is an older version of Office, not to mention unknown, the known vulnerabilities also have a fairly high rate of recruitment.

2011 by APT Attack Enterprise has Sony, Citibank and so on enterprises, there are two kinds of companies in the world, one has been taken down by hackers, one is to be taken off the unknown.

Intranet Penetration: I think this is funny is that the control interface of the intranet was taken away, put in front of the intrusion, protection system.

Case 1: Night Dragon attack, there is a claim that China has done, for Mobil, attack cases through the SQL intrusion, to the Web server as a springboard, the internal network of other servers and terminal computers to scan, through the password brute force to hack and other ways to invade the intranet server and developer computers, to the intrusion of computer embedded malicious code, and install remote control tools.

Case 2:rsa Hacker attacks, 2011 recruitment mail, not much, only 4, on the Recruit.

Apt features and trends: are our traditional defenses effective? Why do the next-generation firewalls turn into hotspots? It also does not work with APS intrusion prevention devices, intrusion detection devices, etc.

This is primarily because past attacks are one-off, so past precautions are not contextual, more based on filtering. Whether it is the third fourth layer of filtration, or in the seventh layer of filtration, if your opponents stare a little bit into the infiltration, this time for the defense requirements for a lot higher, the need to judge the context, the defense boundary judgment is very important. It is not known at the time of the visit that the context of this access is part of the attack, if the total amount of storage will be very large, if the calculation of the search calculation will be very large.

A longer time dimension of attacks and adoption some time in the past the so-called 0day loopholes have not been reported, we do not know, today's defense when others attack means you can not understand, some day in the future you will know. The solution to this problem is just the ability of cloud computing, and now the cloud security guard provides an opportunity.

The solution is what is the way, is the cloud + END + border Joint defense. In the past, we have a clear division of labor, such as 360 in the past, we all think is to do the client security software company, for such as Venus Chen and other enterprises more biased defense, do network security equipment, in the border defense, the cloud in the past in the security do less. 360 and trend Technology is the first company in the world to start the security defense of the cloud, we put the virus, Trojan is in the cloud to prevent, now on the computer's cloud defense is a consensus, in the following for the enterprise security Defense is the further expansion of the technology, the enterprise security defense should also be placed in the cloud to do.

What does this say about the value of the cloud?

1, must have a huge amount of data storage capacity, these things do not write down on the way to further calculation, there is no way to detect history.

2, the massive data anomaly behavior carries on the detection, to the big cluster modelling, the analysis and so on, must have the more complex calculus.

3, to have the sharing of knowledge, a enterprise encountered attack to have the channel to attack the characteristics of its extraction, let all the other enterprises are defensive, this is our pc on the Trojan and fishing defense experience, on the PC why we kill the Trojan, in the past 500,000, 1 million of the infection, now an average infection 16 times, A sample in the implementation of the time when we extract the very fast processing, in a few seconds in the cloud, a few minutes after the whole network will be strangled, these Trojan attack costs will be very high. In the enterprise-class defense should also be the same idea, this is my for everyone, everyone for my mutual benefit process.

4, the service can afford, why this thing in the clouds, a single enterprise deployment of course, it is possible that the enterprise is rich enough, not only affordable money, but also a lot of cloud computing people, such as Sinopec can do, but like medium-sized enterprises may not be able to do, this is actually the implementation of cloud computing is exactly the same, We can use the centralized scale to make everyone enjoy cheap and quality service. The technology used in this area, distributed storage, distributed computing parallel Computing, machine learning technology, quasi real-time computing.

The borders still have a lot of value here, not have the end and cloud boundary has no value, the boundary first can provide the information collection, the traffic interception, may do the agreement reduction, the general present computation ability, the X86 computation control achieves the seventh level control efficiency is still good, especially the communication control, There are also attacks that can be blocked. Once a suspicious attack is detected it is easy to block on the border.

Where is the client's boundary? which process in the communication, is not the process of sample extraction for analysis, the same can do network access control and Program Access control, hardware access control. There is a trick to APT's running, is not white or black, if from strangers into acquaintances is very easy, but the difference between good and bad strangers is very difficult, the actual reality is that we found in the new program now 90% are bad, from the total number of running a good program to run more times. This is the Cloud + end + boundary of a train of thought.

For enterprise security, 360 own 360 Enterprise Edition, first is the security software, the second is the enterprise management software, the third is the hardware asset management software.

360 Cloud security Infrastructure: With the cloud computing requirements, we've got 6 distributed computing brands, and now private cloud architectures. The first is to solve the problem of distributed storage, with HDFS, distributed form System hbase, distributed k/v system Cassandra. The first calculation is the M/R computing system, we do a Euler calculation ourselves. Here is no information introduced.

This is the past we have planted more somersault, and finally went to the Cassandra.

Euler Platform algorithm Library, Euler platform each is 288, one is the algorithm, including network attack detection all take this to calculate.

Real-time computing platform, currently can do 15 seconds and 10 seconds of delay. 10 seconds before the attack, we protected the amount of 335 billion times a day of access, we can in 10 seconds after 10 seconds to target what kind of attack to analyze. Apt our delay time is 15 seconds.

Now from the Internet, the attacks from the clouds, our defense mentality is also based on cloud protection, vulnerability scanning, there is no need to let users buy a scanner to put the company to scan, we provide a cloud scan, and the future of the cloud based scanning is free, because its boundary cost is very low.

The

360 Web site security detection platform can be detected, horse detection and tamper detection, 360 site defender can resist DDoS attacks. DDoS attacks spell the last physical strength, you have not enough servers, enough bandwidth to allow attackers for a period of time to kill. If an enterprise external only 100 trillion bandwidth minutes will be killed, our 360 web site defender current anti-attack capability, the whole network 11 nodes, no 100G bandwidth will not kill us. So these are based on the cloud technology, is not a lot of hit, there are hundreds of servers, the actual input of 200G bandwidth for defense, the idea is based on the cloud agent, Cloud WAP on the cloud, through the analysis of BS, the flow of clean-up after the restoration.