Security itself can not only be a product, but also to combine professional services

"SaaS Pioneer" series continues to present for you, in the previous installments we have focused on sharing the domestic CRM, collaborative office and other fields of pioneer Enterprises, today we bring the domestic security field has a special impact of enterprise-safety treasure. Safety Bao is the first fully based on the SaaS model to provide users with security services, but also Kai-Fu Lee's founder of the Innovation Workshop in the only security field of investment projects.

Feng Jinghui (left)

Founder and deputy director of safety and development, Feng Jinghui is a senior development expert, a love of computers since childhood, 16 years old in China's well-known technology community NetEase as a CGI moderator, 17-year-old set up their own network studio "star-hui", 18-Year-old joined the year hit Health portal Health Long Network and as technical director.

Feng Jinghui in mobile devices, network equipment and other areas led the development of a variety of products in the Linux system, anti-virus and network security and other fields have a number of invention patents. The following is a record of the interview of the Safety Bao VP Feng Jinghui.

CSDN: First, introduce yourself, security products and the current technical team situation?

Feng Jinghui: I am the co-founder of Safety Bao, research and Development VP Feng Jinghui, 2011 and Majnoon jointly founded the security treasure, before the rising work for many years, mainly responsible for enterprise-class security product development. Safety Bao brought the revolutionary double Safety Service concept and "one-stop" security solutions, to help the site in the "0 department", "0 maintenance" situation, for users to actively intercept, including hackers infiltration, resist a variety of CC, DDoS and other network attacks. At the same time, the security of the use of integrated deployment in the National Rapid CDN system, significantly improve access speed, reduce the failure rate, so as to enhance the overall site user experience.

Safety Bao at present the team about 70 people, 70% for technical engineers, the development of language to C/c++,python,java-oriented.

CSDN: You as the Startupbattlefield Arena runner-up, at the same time two times to break into the world's top hacker competition Defcon and get excellent record, about these experiences, you want to share with you?

Feng Jinghui: In fact, to participate in TechCrunch is a chance, we are nervous to develop products, want to release as soon as possible, did not intend to publicize, and then innovation Factory to find us, to our project recommended to TechCrunch, we want to be a good learning opportunity, to try, I did not expect to be successful in more than 500 projects, and finally took the second place in the world, but also the best results of successive Chinese projects. Later in 2013, the Safe Treasure-Blue Lotus first entered the DEFCON finals, achieved 11 results, although the Chinese team has the best record, but still regret in the top ten. 2014, the security treasure-Blue Lotus team again successfully qualify for the global finals, and achieved the 5th place in the world good results. We are happy to have such a group of young people in order to constantly try to technology, especially in the field of security, it takes a long time to accumulate and explore, I hope that the security technology of our countrymen can be in the international arena better performance.

CSDN: The barriers to entrepreneurship in the field of security are high, why do you choose to start a business from the security field, what are the challenges?

Feng Jinghui: First of all, the background, we are a few founders are safe origin, I and Majnoon have been working in the rising for many years, has been in the fight against viruses and hackers, and then the security situation is changing, we found that the traditional safety protection equipment under the new threat is difficult to play its due role, On the one hand, security devices need to maintain the rules constantly, because the hacker's attack is also changing, and the general company does not have professional security personnel, they do not have the ability to maintain. On the other hand, security vendors to provide to the public is the general rules, this rule to balance the false report and false positives, it is difficult to improve the detection rate, if not combined with the user's own business and application characteristics, in the fight against hackers will become powerless.

Security itself can not just a product, but also to combine professional services, so we would like to use SaaS ideas to solve this problem, our professional security experience and products to provide users with, so that users do not need to understand the security details, as long as a simple 123 steps can be done.

But it is not easy to practice this idea, on the one hand, this new model to be accepted by everyone needs a process, many users are still accustomed to buy a box there, feel more steadfast; on the other hand, because to deal with massive amounts of data, you need to have large data processing capabilities, you can not only analyze the single security, To put the whole network of data together, so that a user has been attacked, you can use the defense methods in all users, you have a strong 0day processing capacity, in such a way, in fact, there are many to do.

CSDN: The current domestic Internet security status is probably what, domestic security defense technology and foreign gaps reflected in which aspects?

Feng Jinghui: In addition to the large Internet companies have the ability to afford their own security team, the vast majority of enterprises are still weak security, especially in some emerging areas of entrepreneurship, such as last year, internet finance is very hot, but many internet financial sites are based on third-party templates two times development. In order to quickly line up to meet business needs, many security measures have been neglected, such as the lack of basic legal checks, database isolation has not been done, social worker information is not very well protected, which gives attackers a lot of convenience, sometimes is the scanner can also sweep a lot of problems.

Such as DDoS attacks, now domestic is also very serious, especially in some high revenue industry, competition white-hot, completely to consume bandwidth of the way to attack, 10G above the attack is very common, 100G above the attack every week will appear, although the technology may still be the same as the original, but the resources are different, in addition to the domestic manufacturers , few enterprises have the power to hoard so much bandwidth, this must rely on professional protection providers to solve, it is useless to buy equipment.

In terms of defense, the gap between us and abroad is not obvious, everyone is exploring in addition to the rule system defense methods, such as Web page self-learning, are through the normal access request to learn each URL each parameter of the value characteristics, as a criterion, foreign products although early start, But this study itself to face a lot of challenges: on the one hand because the site itself is also changing, this study is not once and for all; on the other hand, the value of too tight will lead to false positives, too loose and no effect, so overall is not ideal. However, foreign countries also have some unique advantages, such as in the DDoS protection, foreign security service providers generally use BGP anycast bandwidth to decompose attacks, to ensure that each single point of processing capacity and switching are controllable. But because of the network reason, in the domestic completely cannot use this kind of solution, only relies on the single point big bandwidth to resist the attack.

CSDN: What is the difference between a SaaS based security product and a traditional security product? Where is the advantage?

Feng Jinghui: We think that the most important thing about SaaS security products is data and services, because cloud-safe solutions rely on traditional defenses at the bottom of the technology. But the point is that SaaS itself will be all customer data summary processing and analysis, can achieve global unified protection, such as a site was attacked, the attacker's IP will be recorded in a suspicious list, the next time these chickens are used, it is easy to identify directly. Security Treasure Now is the practice of the single customer found in the 0day attack quickly to form a defensive strategy to apply to other users, this is at the data level, the difference in the service level will be greater, because we have a professional security engineers, through our data analysis system to assist audit user's log, This for the ordinary site is not what they can do, so that any hackers try to invade you, we are able to find and deal with the first time, this is the traditional security products can not match.

CSDN: Safety Bao Products in the technical highlights, can you share your platform to create the process?

Feng Jinghui: We started to develop our platform in 2011, after all, to do security for many years, the defense part is some accumulation, so WAF can be put into use very early. But to be widely distributed in the Internet on each of the IDC nodes into a cloud, but also need to have a schedule, need to know which site on which node service effect is the best, this should consider the distance from the source station, distance from the user. Of course in the end we still choose from the user recently, but in order to solve the problem of source speed, we have to deal with the problem of trans-operator, the need to design a specific line two jump mechanism.

In addition, the security treasure also independently developed the filter engine, we compared the mod_security and other open source solutions, and ultimately chose to research and development, because one is the matching efficiency problem, because at the same time to support a large number of visits, single QPS will affect our input costs; second, more flexibility , through self-development, we are able to use our own rule base to maximize the need for rule merging and responding to new threats.

CSDN: What are some of the obstacles that the SaaS-based security treasures encountered during the building process?

Feng Jinghui: We've been trying to improve stability over the years, at first, because the bandwidth of a single node is not as big as it is now, and we have to serve many users at the same time, we often get full bandwidth when we are attacked, and then we increase the bandwidth of a single node and actively develop the scheduling algorithm on the other hand. To locate an attack target as early as possible when an attack occurs. Isolate the target, avoid affecting other users, and make a historical assessment of the user to calculate the risk factor for the attack, assign the high-risk business to a more defensive node, and continually revise the risk factor to achieve the dual need of speed and stability.

On the other hand, SaaS mode suffers because the source IP becomes less, lead to some users back to the source of the problem, sometimes the user installed other firewalls, and sometimes the machine room defense equipment, so we should increase the number of source IP and detection mechanism, on the other hand also actively and a variety of firewall manufacturers to establish linkage.

CSDN: The current size of users, users focus on the main areas of concern, how do you deal with?

Feng Jinghui: We currently provide security and acceleration services for nearly 400,000 sites, processing billions of requests a day, which also includes a number of solar PV tens of millions of large stations, users focus on the problem is reflected in the security protection at the same time can improve access speed, whether it can guarantee stability. In terms of access speed, we monitor our node network status every day, and if we find that there are a lot of failures and delays in the link over time, we will replace the data center and the line in time. In addition, we are also developing some acceleration features to help optimize Web sites that are not optimized for pages, including merging downloads to reduce consumption on TCP protocols, optimize page content, reduce transmission size, and so on.

CSDN: At present, domestic security manufacturers are advocating free strategy, your product how to charge, profit model how?

Feng Jinghui: We've been offering free services to most of the smaller users since the first day of the product launch because the Internet's security base is weak and we want to grow with these startups. In the actual case, we also found that once the user has formed the habit of use, as his business grows and business conditions improve, they will have the willingness to pay. Of course, our model is not only limited to this direct charge, it also includes solutions for providing private cloud for large web sites, because the data is consistent, our technology and data on the public cloud can be directly applied to the private cloud, so the effect will be good, the revenue growth of this piece we have doubled last year 10 times times.

CSDN: Can you predict the future security situation, the current DDoS attacks are rampant, the future security products will be presented what characteristics?

Feng Jinghui: Yes, now DDoS attacks are rampant, the domestic network has more than 100G of large DDoS attacks per week, and many of them are used overseas resources, which gives us a new challenge to defense, in addition to strengthening the bandwidth reserve, we are also actively working with operators, Design defense strategy together.

In addition to DDoS attacks, the data leakage threat represented by the drag library is also becoming more and more serious, it is more difficult to prevent such attacks, because the reasons for the data leakage is often more complex, not a point of the problem, many times the mismanagement caused the failure of the defense program to be dragged into the library, We will also propose further solutions to these problems in the future.

More Highlights:

"SaaS Pioneer" Phase I: 3 years to complete the transformation, staged CRM field "Speed and Passion" "SaaS Pioneer" Worktile from the collaboration, speeding up, on line one year by tens of millions of financing "SaaS pioneer" online six months broke 350,000 users, dayhr to build free hr cloud Platform " SaaS Pioneer "Love Toss, drill unpopular: Wolong Hillock is subverting the traditional customer support Service" SaaS pioneer to solve the "eat" problem, the booth CRM let the restaurant not lack guest "SaaS Pioneer" ProcessOn Visio to Cloud, 89 CTO declassified behind the story "SaaS Pioneer" Deploy it like Jingdong shopping, send cloud rely on technology to subvert traditional it delivery eco-chain
The SaaS Pioneer series, which focuses on the pioneering enterprise in the field of domestic SaaS, is dedicated to building the "periodic table" of the SaaS field, focusing on the pioneer enterprises such as collaborative office, lightweight OA, Enterprise IM, CRM, BI, Finance, SCM, HR, industry application, etc. For free coverage please download and fill out the "SaaS pioneer Application", then mail weiwei@csdn.net, receive a reply representing the successful application, and you can contact us by qq:1033683606.

For more information, please pay attention to our "SaaS Alliance" micro-credit public number, or search "saasalliance". We will accurately push the latest technologies in the SaaS domain, share entrepreneurial practices at home and abroad in the SaaS niche market, professionally report on the SaaS field start-ups, and build SaaS real-time communication platforms. You can also scan the left two-dimensional code to pay attention to us.