I. What cloud is the cloud behind the “Double 11”?
1. Please tell us about the "behind the scenes" Alibaba Cloud and Cloud Shield that protect the squadrons of the "Double 11".
Daoge: Alibaba Cloud's vision is to provide 70% of the world's computing power, doing things in the traditional sense of cloud computing, big data, middleware and security.
Ali Yunyun is a security product and service for users. In addition to basic attack and defense security, a full-stack security solution is also available. At present, Cloud Shield has more than ten security products, covering all aspects of network security, server security, application security, and business security. Cloud Shield is growing very fast. It currently protects more than 37% of the country's websites, protecting China's Internet against 50% of daily high-traffic DDoS attacks, and truly verifies the viability of SaaS in the security industry.
2. What are the business security systems of Alibaba Cloud? What are the key protection objects?
Daoge: Alibaba Cloud's clients include large, medium and small-sized enterprises from various industries. Because it is infrastructure, I hope that cloud computing can become a public service like water, electricity and coal. When using electricity, the power plant does not actually distinguish the customer's industry, and the cloud computing should be the same, so the cloud shield is oriented to the whole industry and does not distinguish the size of the customer. However, according to the needs of customers, different customers want different service standards. This is understandable. Just like electricity, it also has ordinary residential electricity, just like industrial electricity. Just the difference in service standards, the product is still the same thing.
3. "Guardian" Ali cloud protects others, who will protect it?
Daoge: Alibaba Cloud's own security, also uses the same technology as Cloud Shield. Our technology is matured internally and then commercialized for use by customers. Therefore, the product pays special attention to the actual use effect. As for Alibaba Cloud's own security system, we attach great importance to the "Red and Blue Army" confrontation thinking, and will widely invite the industry white hat to do security testing for products. In this process, we will rely on the "visible" ability provided by situational awareness to perceive every attack test behavior, and the final result is the convergence of the number of overall security events and the number of vulnerabilities. All of these can be found in Yundun's product system, such as prophetic intelligence, situational awareness, etc. to find the corresponding products and services.
4. What are the difficulties in defending customers on the cloud?
Daoge: Cloud computing is a large-scale calculation. Any transaction can become complicated and difficult to deal with as long as it is large, but it is also an opportunity for innovation. A typical feature of large-scale computing is that "small probability events become normal." For example, a regular website may not experience a DDoS attack in a year, but on Alibaba Cloud, we defend against thousands of DDoS attacks every day. Under such an attack level, manual processing has become unrealistic. This forces us to innovate in technology, so we do the automatic guard of DDoS defense without any human involvement. Any DDoS attack can complete the entire process from detection to response to defense in less than 1 second.
II. Yundun's unique skills
1. Always mention the situational awareness of Cloud Shield. Is this a magical technology? What is the source of your big data analytics model? Based on what model is built?
Dao Ge: Situational awareness is different from traditional SIEM and has two very critical points. Now many security vendors are starting to make situational awareness, but often just changing the name of SIEM, this is a misunderstanding.
The application of situational awareness in the security industry was first proposed after I officially released the cloud shield situational awareness product at the Alibaba Security Summit in July 2015. Later, in the speech of General Secretary Xi in April 2016, it was also clear that we should pay attention to the situational awareness of cybersecurity. So Visibility of Situational Awareness is the foundation of the entire security.
Situational awareness has two important characteristics that distinguish it from other security products. The first is to rely on the original data and fully respect the original data. At present, Yundun analyzes incremental data exceeding 500T every day, and the amount of stock data is above 100P. This allows us to analyze the first-hand information from the raw data, rather than obtaining second-hand information from some third-party security devices. The most valuable information is in the original data. When our algorithm is updated, we can still calculate new value based on past raw data.
2. Cloud Shield emphasizes the full link monitoring and warning. How can I achieve this in science?
Dogo: We collect data from sensors at various latitudes, including networks, servers, databases, and also include four- and seven-layer data, as well as operational logs and system logs. Because today Cloud Shield is deployed on a full link, including scanners from the entire network, as well as traffic analysis, application layer data analysis, and Agent on the server, so we can observe different from different perspectives. phenomenon. At the same time, Alibaba Cloud also provides APIs for various latitudes. After being authorized by RAM, we can call some data provided by the cloud computing itself. Integrate all of this data to make a comprehensive diagnosis.
3. What new black technology is Cloud Shield still developing? What do you hope to achieve?
Daoge: We hope to make full use of Alibaba Cloud's powerful computing power and apply it in our security field. We know that because of the liberation of computing power, there is a great opportunity for deep learning and artificial intelligence.
For example, we are studying how to make a computer system replace all the manual work of a security expert. Including all evaluation results analysis, strategy maintenance, response, etc., can be done automatically through the machine, these work that requires advanced thinking and experience, which was done manually by experts in the past. However, we believe that it is feasible to replace it with a machine, and even at some point the machine will do better than people.
This is a very large project and we are working hard. We call this new artificial intelligence in the future "Cloud Xiaodun". I hope he will be a star employee.
III. Rely on what guards "double 11"?
1. "Double 11" is coming soon. Is it possible for science to provide basic services and guarantees for Alibaba Cloud to provide "Double 11"? Can these "Double 11" pickpockets feel it?
Daoge: Actually, security has a guarantee attribute, which is similar to operation and maintenance, so it is often impossible to do well. Just like the previous protection of the G20 summit, the “Double 11” guarantees of the past few years have been smooth in terms of safety. The challenge of “Double 11” comes from massive access requests, which makes many solutions challenging in such scenarios.
For example, in the “Double 11”, we need to collect statistics and analysis of traffic per second from the national and overseas free zones for security detection and response. This means that the cross-regional terabyte traffic analysis challenge is very large, and the stability and real-time requirements are very high. If one of them loses detection capability, it will probably put tremendous pressure on the back-end server, resulting in The "double 11" overall failure, so "double 11" is a big test.
Secondly, in the “Double 11” last year, we applied WAF technology for the first time and will continue to use it this year. That is to say, every request of “Double 11” will pass the WAF security test, which requires very strong detection capability. And a technical architecture that can be flexibly stretched. WAF supports the simultaneous delivery of more than 1 million policies, which is also the ability that has not been seen on other security devices. Because of the unique scene of "Double 11", we have made these technological breakthroughs.
Finally, perhaps consumers can feel that we exist in the process of “Double 11”, we use a “lossless current limit” technology. Because no one can predict how big the "Double 11" flood peak will be, and the server that is ready for more backends may not be enough. Therefore, in the security control, for the request exceeding the system load, a "queue mechanism" will be adopted, but This mechanism will not drop your connection, but will let you wait until it is the turn of the system to process your request. It's a bit like going to the Apple store to queue up to buy an iPhone. Everyone is not in the crowd, but in a very orderly queue.
2. In the event of an emergency, what kind of emergency response plan does Alibaba Cloud have? Especially the "double 11", what happened to everyone, can't everyone buy and buy?
Doug: We have a professional emergency response team to handle all emergencies, including product vulnerabilities, security incidents on the cloud, issues reported by external sources, and some serious cases of customer complaints. We will collect all the information extensively beforehand. There is a mechanism for the supervisor to drive all relevant teams to respond, and at the end, the observation and resumption of the effect will be carried out.
In the cloud, there are often some large security vulnerabilities that may affect hundreds of thousands of users. We can observe how some advanced threats spread and spread, and call them "security episodes" internally. In fact, if we can stop bleeding one hour in advance, we may save tens of thousands of users. Therefore, our emergency response team is racing against hackers. All emergency response, provided that it can be observed by us, is the ability of situational awareness. Therefore, the ability to "see" provided by situational awareness is our foundation.
In the “Double 11”, we have a dedicated security team that has designed dozens of plans for various security emergencies. At the same time, in the months before the “Double 11”, the drills began to be carried out to ensure that these plans were effective. In the entire "Double 11", there will be a 7*24 hour watch.
3. For everyone to buy and buy, you are also very careful. Can you give an example of the emergency events encountered in the previous "Double 11" protection, and how does the Cloud Shield team turn its backs?
Daoge: Last year's "Double 11", many scalpers came to spike promotional items. We will use threat intelligence to analyze in advance the approximate distribution of national oxen and the tools and resources they use. Before the "Double 11", we will launch a strategy to block the scalpers' tools and resources on the critical traffic of the main station to ensure normal business services. Our strategy in risk control is very frequent. It is often an algorithm that takes half an hour and needs to be replaced.
4. I heard that this year's "Double 11" joined the live broadcast business. It looks like a big cow. For such a feature, does Alibaba Cloud need to do special service guarantee?
Daoge: There are two main security issues in the live broadcast. One is that the live broadcast is interrupted by the DDoS attack, so a lot of marketing in the early stage may be done. Therefore, the DDoS plan needs to be prepared during the live broadcast. At the same time, the network quality can not be shaken, which affects the effect of the live broadcast. Second, many live broadcasts also provide the function of the barrage. Some illegal and prohibited information will appear on the barrage. In it, it has a very bad effect. Therefore, live UGC content needs to be detected. Yundun's green network products provide this detection and interception service today.
5. Trouble about how Aliyun is fixing a threat in the “Double 11”?
Daoge: Some mobile phone manufacturers of "Double 11" will engage in some big activities to kill, which will attract a large number of scalpers to buy goods and disrupt market order. Therefore, we will use the threat intelligence and some black production analysis to understand the approximate context. This is done by a dedicated intelligence team and data analysis team. In the process of the “Double 11” guarantee, we will apply this information to the WAF and intercept it in key processes. At the same time, the bad guys often change the source of the attack, the attack tool, and confront our strategy. Therefore, we must also observe the effectiveness of the strategy in real time, which is done by the support team and the data analysis team.
6. In addition to Alibaba Group's own business, what other customer business that is also on Alibaba Cloud will surge in the double 11 stage business, and is it flopped?
Daoge: Alibaba is a big ecosystem. In addition to Alibaba's own Tmall and Alipay will bring a large flow of growth, the entire "Double 11" will be the most direct to meet the pressure of the flood peak, as well as the express delivery industry and the ISV supporting the e-commerce.
Our Aliexpress is the international C2C business and the largest e-commerce company in Russia. It once messed up the entire Russian post with a promotion. Similar problems have occurred in China, which is why Alibaba Group is doing rookie logistics. We hope to help optimize the global logistics system.
At the same time, Taobao, Tmall's so many businesses, their orders in the "double 11" flood peaks may be dozens of times, which is caused by their ISV (such as CRM system, inventory management system, evaluation system, etc.) A huge pressure. Ali's poly stone pagoda puts these ISVs on the Alibaba Cloud to provide greater security. In fact, Ali's “Double 11”, 90% of the orders will eventually flow to these ISVs.
This year, Yundun will cooperate with the Jushi Tower to provide an overall guarantee for the safety of these e-commerce ISVs, ensuring the smoothness of the “Double 11”.
7. "Double 11" is coming. Do you want to talk to countless handcuffs?
Daoge: "Double 11" is a miracle of China and a miracle of the world. Behind every order of “Double 11” is the consumption of large-scale computing, which is a verification of big data application and security technology. The carnival of the gangsters has created the world's top technology feast. This is not just the success of business, but also the technology to expand its boundaries again and again. In the end, we have built the future of the world together. We exist because of you.