Qihoo 360 Shi Xiaohong: Information security in the Internet and digital business age

December 12, the world's first large-scale conference to explore the industry Internet, 2014 CVW. The industry Internet conference was held in Beijing and was synchronized through the big screen of New York Times Square. The conference was made by the Asia Letter Group, the cloud base and the Chuang-Zhuang economic and Technological Development zone jointly hosted more than 5,000 global it and traditional industry leaders and elites who are concerned about the development of Internet and traditional industries, and explored the evolution of "Internet access to traditional industries", "traditional industry internet" and the technological model and business innovation of industrial Internet.

In the afternoon's "Internet Security @ Internet" Theme Forum, Qihoo 360 vice President Shi Xiaohong brought "information security in the Internet and digital business age" keynote speech.

The following is the full text of his speech:

Shi Xiaohong: I'm glad to have this opportunity to communicate with you. Starting with the Gartner Seminar, it is mentioned that the digital age will lead to new business models and new processes. Here they list the 15 ten trends, you can see the real world and the virtual world of the Union, is ranked first, including IoT, we see the so-called Internet of things and so on. So the 10th is risk-based security and self-protection, which in some ways shows the problems that our industry's internet might encounter. In general we see targets that can be attacked, in other words, as long as they are connected to the Internet. Personal computers, terminals, servers, cloud services platforms, embedded devices, Internet of things, etc., including network equipment. The reason why we are attacked, for example, we see some natural defects in computer architecture, my communication protocol is flawed, including the internal organization of the management system, the most important thing is people. This flaw is unavoidable, talk about the safety of our traditional is anti-virus, this is common people or the majority of enterprises a more familiar concept.

But the human virus, Trojan such security threats, our past means is these, traditional based on the feature of the Trojan scan, there are now based on the cloud of the killing, put in the cloud to build a very large specification library. So hips are host intrusion protection, based on the host of some behavior of your computer behavior, the process of behavior to determine whether it is a malicious program. There is also the sandbox, in this way to determine whether a program is malicious. We see attacks getting more complex and attacking the roots of our system. We see a variety of systems, from the operating system, applications including mobile terminals and so on all aspects, including infrastructure network facilities are vulnerable, this vulnerability is unavoidable. And there may be a pessimistic reality that if you invest more money to dig holes, there may be more vulnerabilities. More serious loopholes, the outbreak of loopholes this year, we have a better understanding. For example, heart bleeding, which is widely used in the Kaiyuan software contains loopholes, our enterprise or Internet, your IT facilities built on the Internet, to adopt a large number of systems, it contains many loopholes, it is difficult to estimate.

Then look at China's web site, this is our statistics, the proportion of this figure is almost, as of last year this time, we tested, more than 900,000 of the Chinese website, which has a loophole of nearly 600,000, the proportion of the vulnerability is very high, there are two-thirds. This is the main type of vulnerability, and now we look at the growing popularity of smart hardware, a variety of smart home appliances, smart cars, including in-car, based on OBD such smart devices. Such smart hardware, as long as it is connected to the Internet of things, is an attack possibility, which has been proved. This year's meeting demonstrated that hackers can crack 45 minutes, and can crack Tesla's car, including for Audi, BMW's car keys, can copy its wireless signal. If the start-up can be forged, the car can be left. The key in the design process is not considered, can detect the key is really in the side of the car, may be designed to cause such a flaw.

Faced with a variety of risks or loopholes, how our traditional security at some borders, especially for our enterprises to block these threats at the border of the intervention, so there will be IPs such a firewall products. But the problem is that, in the internet age, its essence is to say, "Break the region" or "border." Especially after cloud computing comes out, your business system will move to the cloud and will coexist with other users ' systems, and the boundaries will blur. Also has the mobile, the mobile terminal, the intelligent terminal application. BYOD, with their mobile phone or pad, or many corporate employees with their pad to the client office, mobile terminals make your boundaries further blurred. If a lot of smart hardware, equipment came in, now the internet has become increasingly networked space. Where should you take precautions? You will see an enterprise has the website, you have the internal business system, the external provides the website, the website is not a boundary? Your company builds internal WiFi, your in-house wifi for employees, and now it's easy to build WiFi, and 360 also offers very cheap portable wifi. Just mentioned the BYOD, with its own equipment, and supply chain. Your supplier employees to the enterprise, may bring new problems, including the router mentioned just now, where exactly is the border? So our traditional security, some systems have begun to evolve. In the beginning our idea is that the corresponding + protection of the security system, then we found that we first detect there is no danger, we respond, hope to respond to this mechanism to protect.

Then we went into the so-called barrel, our business is a lot of protection points, but as long as there is a short version, these threats will come in. So now more into such a model, how to construct as much as possible a multi-level, multi-level comparative three-dimensional protection system. In addition, we have several assumptions about the safety of a business or organization. The first is that your system must have an uncovered leak, which is certainly a fact. How to find out if these leaks have been exploited? Second, the vulnerabilities that have been discovered, you probably haven't patched, how to find all the equipment inside the enterprise, all the software systems have no fixed vulnerabilities. The third part of your business has been infiltrated, you don't know, and your employees are unreliable. It is really difficult for us to build a system of safety protection on the less reliable beaches. 360 also into such a security field, we think there is such a model from a number of aspects, from the terminal to the pipeline, that is, the boundary, we have a multi-level protection system. Terminal more understanding, for all the internal PC terminals, mobile terminals how to protect? How to unify management? For the pipe or the boundary, we are as close as possible to the entry point of the boundary, how to detect all the network traffic within your enterprise, and so on. Is there a threat?

So in the cloud, on the one hand, how do your internal business systems or external Web sites find their vulnerabilities and how to protect against all kinds of intrusions and attacks. With your current attacks becoming more complex and more obscure, you may need to constantly collect the internal terminals of the Enterprise, the network of various information, may form a relatively large scale of data, and then focus on your internal cloud, within the system to establish a threat intelligence analysis, such a mechanism, Then some clues were found in the middle. This is from the cloud + tube + END of these three aspects to do, may be able to play a certain effect. With this 360 also have certain products including our fine weather, and the secret, and the sky, we are based on large data analysis to find out whether there are unknown threats, apt attack products, for the cloud we have protective products. Where is the new security perimeter? If the enterprise uses the public cloud service, the interior may also have the private cloud service. The terminals within your enterprise, including your wireless network, are considered, or protected, in many places.

Here you can see new, such as a PC, a network of switches, a variety of network devices, now based on such a security threat increasingly complex, such a background how do we make a more intelligent threat discovery? The general Chinese translation is called threat Intelligence, trying to find out through a variety of information who is attacking you? What assets does your business have? What path to attack along? Has your valuable information been stolen? Is there any other connection? This is actually a need to rely on a large data collection and analysis capabilities. That is, you may need to collect data on every terminal within the enterprise, including the various behaviors on the phone. All the servers within your enterprise, network devices and communication between these nodes, as well as with the external traffic flow information, can be pooled in large data, the analysis of it after mining, may find some unusual communication or abnormal file transfer, and its backtracking process. In addition to analyzing basic techniques, you have a technology that you have to rely on in terms of security for defense against vulnerabilities.

When it comes to big data, there are several differences, as mentioned in the big data age, such as not random samples, but as much data as possible. For large data, the more information or data you collect, the better, the second is not precision but mixed. You may not be able to pinpoint a reason, you don't know why, but you find a relationship, including causation, relationship. Many of our companies in the future we may need such threat intelligence Analysis Services, including the threats that you may face after you use the public cloud to migrate to the public cloud, including how to create a service center, including a secret unit, that threatens the reporting of a business or government, a large enterprise in its own private cloud system, or mixed with a public cloud. These units in some industries, or large enterprises within, we can build a large data analysis, a variety of platforms can be identified by such analysis of the situation, this is a typical example of security services.

Here are some good cases, but may not be complete, not a complete threat intelligence analysis. It's one of those parts, like some of our country's vulnerabilities, folk clouds and 360. We have a library plan to help the enterprise to collect the system there are loopholes, and recently we have done one thing, we in the library with the program outside the release of a platform, The plan is that we pay some researchers to buy the loopholes in their hands, and now we want to unite with more vendors, and we're going to spend more money to give these people more feedback. The ability to put these vulnerabilities into their own is better and easier to collect, including the ability of our vendors to fix vulnerabilities quickly. We can see that we have done a lot of testing services before, we found a wide range of build system vulnerabilities, but often they repair the response speed is slow, we hope that in this way, some software developers can realize that the concept of the so-called SRC, is the Security Response Center, Be able to find out what security problems you are doing as much as possible and fix it quickly.

In this case, the security problem is rooted in your flaws, but it is unavoidable, so there is some practice here. For example, SDL, which Microsoft advocates, must be considered in the process of Internet or it. Also, for the future of smart hardware, smart home This kind of thing, then it is difficult for us to install a PC or mobile software to protect its security. It's hard to do this on smart hardware, so much depends on how the software or the systems you're developing yourself to improve your security. How to achieve self-protection to avoid the risk of being invaded or cracked.

(Responsible editor: Mengyishan)