On May 20, US time, the RSA conference came to an end. Although the conference is over, the discussion continues. For the theme of the conference "Resilience", each manufacturer and everyone has their own interpretation.
Hillstone Network Technology New Technology Research Institute paid close attention to the RSA conference. For "Resilience", their interpretation is simple, easy to understand and down-to-earth, which is very unique to Hillstone. What is their interpretation, and what are the highlights of the conference in their eyes? Next, let’s take a look~ This week, we will also bring more
special interpretations of RSAC 2021, innovation sandbox, MITER Shield knowledge base, etc. The interpretation of hot topics will be released soon, so stay tuned~
Question 1
The theme of this year's RSAC conference is the word "Resilience". How do you think "Resilience" should be interpreted?
A: "Resilience" is mostly translated as "elasticity" in China, which is confused with the famous "elasticity" in the field of cloud computing.
These two concepts do have similarities, but they are not exactly the same. We believe that "Resilience" has richer meanings. When used in the field of information security, it can be commonly understood as "skin solid" , which includes multiple meanings such as
elasticity, resilience, recoverability and intelligence .
What is behind "Resilience" is a change in the security operation concept
. In the past, in terms of security protection, enterprises paid more attention to how to prevent network attacks from happening, which is a defensive thinking.
"Resilience" refers to how network protection can quickly monitor, respond, and recover in the face of network attacks .
"Resilience" also reflects changes in the current corporate protection environment and thinking. For example, the flexibility and shrinkage of security product deployment are also related to elasticity. Taking the well-known Kubernetes
as an example, users can deploy services in a declarative manner, and the system automatically handles scaling and abnormal events, which includes typical "elasticity" features and also reflects the meaning of "resilience". Achieving similar application effects and experiences is also what users expect from network security products and solutions.
Secondly, with the enrichment and diversification of digital assets, enterprises have different levels and priorities of protecting resources, and also emphasize the "elasticity" of security protection solutions to cope with possible changes at any time. For enterprises, security protection resources and investment are limited, and it is necessary to find the most core assets and use limited resources to achieve maximum protection. In addition, according to the current asset classification situation, the importance of enterprise assets is also showing dynamic changes, and the targets of network attacks also change accordingly. This also requires that the protection level of assets can be adjusted "elastically".
In order to cope with the ever-changing and increasingly complex security environment, at the beginning of this year, the expert team of Hillstone Networks Silicon Valley Research Institute, together with technical experts from the Product Strategy Department, Solution Department and other departments, discussed the core technical ideas that support the implementation of Hillstone's future products and solutions, and concluded The four points
of "full-quantity intelligent association" (holographic, quantified, intelligent, and collaborative) are introduced to support users' sustainable and safe operations
. Under RSA's "Resilience" idea, "intelligence" and "synergy" are also key. Intelligence is reflected in the automation of product solutions and the ability to carry out intelligent defense according to changing attack situations. Synergy refers to the overall evolution and systematic defense of the security system. Hillstone Networks will follow this idea to provide products with easier operation and maintenance and a stronger sense of technology, and create more "solid" solutions.
Question 2
This RSAC has 19 content themes and 294 specific issues. Which areas do you think deserve more attention? Why?
A: At this year's RSA conference, the most noteworthy area is undoubtedly "data security" . Among the top 10 innovation sandboxes this year
, there are 3 companies engaged in data security, accounting for the largest proportion, which can reflect the importance that the market and the industry place on data security. In fact, data security has been a hot topic of RSA in the past four to five years, and the new technologies and products that appeared at the exhibition are also more cutting-edge and more subdivided.
The reason is that as enterprises migrate to the cloud, data inevitably also migrates to the cloud. Traditional network security protection technologies are difficult to meet the protection requirements of cloud data security. Take the three data security companies in this year's innovation sandbox TOP
10 as examples. Open Raven is a cloud-native data platform, Satori focuses on monitoring and managing data usage and data access in the cloud, and Cape Privacy wants to build
a An enterprise-level SaaS platform for multi-party data collaboration and privacy protection, all three companies focus on cloud data security .
At the national level, data security is also getting more and more attention. In the protection of critical information infrastructure , data security is the first priority; in the process of marketization of data elements
, data security is the foundation of the foundation. Therefore, it can be concluded that data security will be a hot topic in the RSA conference, the global network security field, and even the whole society for a long time to come.
Question 3
The Innovation Sandbox has traditionally been the focus of RSA Conference. Combined with the business directions of the selected top ten innovative companies, in 2021, the integration of cloud technology into the platform and data security will become the focus of attention. What do you think of the current industry development status and future development trends of these two major directions?
A: In the past ten years, the general trend of cloud technology is to cloudify the enterprise environment originally located in the branch office (branch office) or headquarters (headquarter), which is reflected in software
service and environment cloudification, WAN cloudification, application development and platform development. Cloudification . Correspondingly, cloud security technology mainly solves three problems:
identity authentication, data security, and platform/development security .
From the innovation sandbox of RSAC 2021, we can see some clues. Although the 10 vendors shortlisted for the innovation sandbox this time come from different market segments, most of them are trying to
solve the related security issues brought about by the cloudification of the enterprise environment in some form . Below we comment on several relevant manufacturers:
Abnormal Security:
Many corporate offices use cloud email services, such as Office 365 and Google Email Service. These cloud electronic services already
provide protection against Spam Email and Phishing Email. Abnormal
Security's technology utilizes behavioral data and machine learning, hoping to cover the blind spots of traditional Spam/Phishing protection.
Appeal:
Apiiro provides users with complete risk visualization in the security development cycle. Apiiro's Code Risk
Platform identifies risks throughout the development process, strengthening application governance and compliance. Apiiro analyzes data throughout the development process to help businesses identify and remediate in a timely manner. Apiiro's Code
Risk Platform is especially helpful for development platforms on the cloud.
Axis Security:
Axis
focuses on cloud security solutions based on zero trust architecture. Compared with some other zero-trust architecture cloud security solutions, Axis is simpler and most secure. Axis provides the easiest and most secure way for employees to remotely access critical private applications and business-critical applications.
Open Raven:
Open Raven automatically discovers, maps, classifies, and manages cloud data assets using serverless functions and native APIs. It helps enterprises establish asset visualization and eliminate blind spots of enterprise cloud data storage.
Wiz:
Wiz designed the first cloud visibility solution for enterprise security teams, which can analyze the security risks of the entire cloud environment. It delivers actionable, graph-based analytics and a fully agentless model across clouds, containers and workloads. Wiz can scan a customer's cloud path in less than a day, compared with the 12 to 18 months it takes other vendors' systems to rely on agents to track activity.
Question 4
Zero trust is still a hot topic at the RSA conference this year. Several major manufacturers (IBM, Microsoft, Blackberry, CrowdStrike, etc.) have released zero trust-related security solutions. What are their differences and advantages? What development trends of zero trust technology are reflected?
A:
At the RSA conference in 2021, zero trust is still hot. In addition to the old faces, more and more new manufacturers bring new solutions and test the water in this field, which shows that zero trust is far from a "stock market". Many of these sessions covered cases of how to apply zero trust services/products to customer environments and the convenience and value these solutions provide to customers. The following selects the characteristic schemes, introduces them and gives an analysis of their advantages.
IBM:
IBM's Zero Trust Blueprint provides a framework for building secure applications. Basic zero trust principles such as least access privilege, never trust, always verify, and flaw assumptions are applied in the framework design process. These blueprints provide a prescriptive roadmap that guides companies in integrating business functions into a Zero Trust framework. Powered by features and guidance from real customers, these blueprints help organizations plan their Zero
Trust journey.
**Advantages:**IBM is a leader in managed security services. It not only provides security solutions, but also integrates security services. IBM can easily provide zero trust integration solutions for its large-scale customers.
Microsoft:
Microsoft provides passwordless authentication and temporary access pass functions for its Azure AD, and
extends fine-grained adaptive access control based on Azure AD Conditional Access and Identity Protection. Microsoft added auto-discovery and vulnerability management capabilities for unmanaged endpoints, network devices, and Linux devices.
Microsoft has added anomaly detection capabilities, including UEBA capabilities in machine learning-powered Azure Sentinel.
Advantages: Microsoft can use the most popular operating system to provide manufacturers with huge advantages in the terminal field in the zero trust solution. At the same time, Microsoft has also extended its capabilities to unmanaged terminals and even Linux systems.
blackberries:
As a new entrant in the ZTNA field, BlackBerry provides an AI-powered ZTNA gateway, which can be applied to SaaS and border application access scenarios. Its zero-trust gateway architecture is built with the concept of "prevention first, defense first", assuming that every user, endpoint and network may be hostile before authentication, which can help organizations reduce network access risks. The BlackBerry gateway provides ZTNA telemetry data, which is added to the cloud data lake; using Cloud
AI (an advanced AI cyber risk engine), it connects remote users and required resources through secure tunnels.
Advantages: BlackBerry is very good at enterprise endpoint management, and can reuse its rich experience in endpoint and management and extend it to ZTNA.
CrowdStrike:
When IT and security teams start a security project, it adds cost, complicates deployment and operations, and creates friction. CrowdStrike's Zero Trust approach stops breaches in real-time for any endpoint, workload, or identity, and precisely applies policies after accurately correlating attacks.
**Advantages:** Top EDR provider, very good at endpoint endpoint security assessment, detection and response. Gartner mentioned in 2019 that
the cloud is the future of network security. The digital transformation of enterprises has caused more and more users, devices, applications, services and data to be transferred outside the enterprise. ZTNA is the main security feature in the SASE solution for accessing SaaS and enterprise-owned applications. Whether it is network security, endpoint security or solution/integrator, they all want to expand their original products to ZTNA and then to SASE.
The products of different manufacturers have their own strengths. Instead of building a complete solution by themselves, a better way is to focus on their own strengths and integrate products from top suppliers in various fields. In this way, users can enjoy the best quality security services.
Question 5
The application of AI technology in the field of network security is one of the hot topics of this year's RSA. The outline of the 14th Five-Year Plan also mentioned "accelerating the innovation of artificial intelligence security technology". What do you think of the development and application of AI in future network attack and defense? What potential risks may arise in the future, such as AI hackers, how to solve them?
A:
The application of artificial intelligence in the field of network security is an irresistible trend. With the continuous popularization of network and information technology, the amount of data generated by human beings is increasing exponentially. In this case, it is an inevitable choice to use AI technology to improve the efficiency of network security tools, ensure the effect of security protection, and reduce the influence of human factors.
We have also seen that the situational awareness platform based on AI technology has achieved rapid development in recent years .
In the field of network attack and defense, AI technology can be used as a spear for hackers to attack manually, or as a shield in the hands of defenders. Take natural language, for example. Hackers use it to launch spear-phishing attacks, and vendors can use it to implement spam filtering. It is difficult for us to say which side AI will be more beneficial to. We can only say that both sides have a more convenient tool.
Regarding the potential risks brought by AI, "The Coming AI Hackers"
by Bruce Schneier, a security technology expert at Harvard University , is worth listening to. He mentioned that AI does not have the rules and value system that humans are accustomed to, and it does everything to achieve its goals. This is very worthy of our vigilance and ready countermeasures.
at last
Share a quick way to learn [Network Security], "maybe" the most comprehensive learning method:
1. Theoretical knowledge of network security (2 days)
①Understand the industry-related background, prospects, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missing scan, etc.)
Congratulations, if you learn this, you can basically work in a job related to network security, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. The salary range is 6k-15k.
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: 282G, the most complete network security data package on the entire network, for free!
Scan the QR code below and get it for free
With these foundations, if you want to study in depth, you can refer to the super-detailed learning roadmap below. Learning according to this route is enough to support you to become an excellent intermediate and senior network security engineer:
High-definition learning roadmap or XMIND file (click to download the original file)
There are also some video and document resources collected in the study, which can be taken by yourself if necessary:
supporting videos for each growth path corresponding to the section:
of course, in addition to supporting videos, various documents, books, materials & tools are also organized for you , and has helped everyone to classify.
Due to the limited space, only part of the information is displayed. If you need it, you can [scan the QR code below to get it for free]