On October 10, Gartner, a global authoritative IT research institution, released the report "Hype Cycle for Security in China, 2022".
Among them, 360 Digital Security Group has been recommended as the sample vendor in four fields: Breach and Attack Simulation (BAS), CPS Security in Smart Cities, Situational Awareness, and Attack and Defense Teaming, becoming the only digital security enterprise selected in the four fields.
BAS
Make up for the "last mile" of security operation closed-loop
In the report, Gartner believes that BAS technology enables enterprises to better understand their security situation by automatically testing threat vectors such as external and internal, horizontal movement and data leakage. In the context of the increasingly prominent attack and defense trend, BAS can help organizations determine the possible attack path of their important assets, provide priority advice for building actual combat capabilities, and prepare for offensive and defensive linkage. This technology is regarded as the verification of security operation capability, which will effectively improve the self-inspection capability of the entire defense system and complement the "last mile" of security operation closed-loop.
Based on BAS technology, 360 has created a set of anti-attack capability evaluation system, which can extract information from the real attack scenarios seen by 360, restore the real technology and tactics, automatically and harmlessly measure and evaluate the sustainability and coverage of security defense products and the defense in depth system effectiveness built, and provide targeted improvement suggestions to help customers continuously improve their security protection level and security operation capability. Specifically as follows:
Continuous evaluation and improvement of protection capability
Comprehensively evaluate the protection capability of the system through daily AES task operation.
Improvement of safety operation capability
AES simulation attack can verify whether the newly created rules are valid; through the automatic arrangement function of AES scenarios, major offensive and defensive activities can be recapped; Threat hunting drill activities can be carried out through AES built-in scenarios.
Improvement of emergency response capability for major events
Through the timely case update of AES, the protection capability of the system can be evaluated at the first time.
Since 2019, 360 Anti attack Capability Assessment System has fully served many leading customers in the financial, energy, communications and other industries, and has been widely recognized.
CPS Security in Smart Cities
Build city level capabilities of seeing, handling, commanding and defending
As an engineering system, cyber physical systems (CPS) can interact with the physical world by coordinating sensing, computing, control, networking and analysis, and can achieve secure, real-time, reliable, resilient and adaptive performance. Gartner reported that under the promotion of "digital economy" and "new infrastructure" initiatives, it is imperative to establish a systematic security protection system, reduce the security risks of smart cities, and improve the CPS security.
360 is a national service oriented digital security enterprise. It has established a digital security capability system and methodology of "management+seeing+disposal", which has explored an innovative way to solve the "seeing" problem. With cities as the core, 360 will promote the innovative model of digital security operation center in key cities across the country, build city level capabilities of seeing, handling, commanding and defending, and improve the overall "seeing" capability of the country.
At present, 360 has successively helped more than 20 large and medium-sized cities such as Chongqing, Tianjin, Qingdao, Hebi, Suzhou, Zhengzhou, Shanghai, and Zhoukou to build digital security bases. It has shifted from individual to collaborative defense, built a long-term mechanism for urban network security and digital development, built a city digital security capability system with the brain of urban security, and formed a unified perception, discovery, response, and command system, establish an overall vision and unified strategy for city level security, realize one point discovery, overall disposal, unified command, and coordinated response, help cities perceive risks, see threats, and resist attacks, and escort cities to carry out smart city construction, develop big data industries, and implement new infrastructure strategies.
Situational awareness
Integrate to form the core competence of "management+seeing+disposal"
Gartner believes that China's situational awareness technology is a modern, centralized and developing version of the security information and event management platform. They integrate with other security tools and collect data from assets, network traffic, logs, vulnerabilities, user behaviors and threats. They can analyze and display security status based on the collected data and predict the development trend of security status.
In the face of the changing global network security threats, new attack means have become more complex and hidden. As a new generation of situational awareness technology architecture, 360XDR integrates terminal security technology, big data processing and analysis technology, AI technology, attack and defense gene library and knowledge encyclopedia, intelligent security assessment BAS technology, security operation and confrontation expert services, which can integrate multi-dimensional data such as terminal, host, traffic, assets, browser, third party security equipment, combined with industry-leading threat intelligence and automated anti attack capability assessment, systematically improve customers' global situational awareness and active defense capabilities, and integrate to form the core capabilities of "management+seeing+disposal":
"Operator" level data processing and analysis technology to meet the analysis performance requirements of super large customers;
The efficient detection response supported by XDR technology integrates network, endpoint and cloud data to accurately identify threats to each customer's environment; provide one-stop security operation platform for asset leakage management, UEBA, SOAR and security capability assessment;
It is the only domestic integrated panoramic attack and defense knowledge map to help customers continue to build a practical security operation capability;
The only integrated anti attack capability evaluation system in China comprehensively covers the defense in depth systems of terminals, networks, borders, mails and other products deployed by customers, measures the overall effectiveness and gaps, and provides suggestions for improvement;
Meet the requirements of super large enterprises for multi role, high concurrency, distributed and complex management.
Red teaming
Help improve the ability to deal with threats and respond
Network security is the confrontation between people, and the essence of confrontation is the competition between offensive and defensive capabilities. In the face of the increasing high-level network threats under the wave of digital transformation, it is necessary for government and enterprise institutions to constantly improve the level of network security defense to conduct regular Red Teaming exercises.
The Red Teaming attack and defense drill service created by 360 can continuously improve the ability of security operators to deal with threats from multiple dimensions such as security technology, security management and security operation. This service can realize continuous monitoring and analysis of active threat exploration through three unique advantages, and improve customers' ability to deal with and respond to threats:
Strong security intelligence support
Based on years of practical experience in attack and defense, the accumulation of more than 2EB massive security big data, and the mature intelligence operation and production mechanism, it outputs multi-dimensional high-quality threat intelligence such as IOC intelligence, IP intelligence, file reputation intelligence, malicious family intelligence, attack group intelligence, vulnerability intelligence, etc. to provide a localized and comprehensive threat intelligence capability. Testers can conduct targeted risk troubleshooting with the help of the latest and most comprehensive security information.
Unique red team test auxiliary platform
Based on a variety of self-developed red team testing auxiliary platforms, it can help teams find risks more quickly and deeply, and improve the efficiency and effect of penetration testing
More perfect service support system
Based on the perfect attack and defense technology support system, a complete closed loop has been formed from the basic security theory research to the second-line support of vulnerability mining, code analysis and other technologies to the security service support system that extends to all parts of the country. After the completion of security assessment and testing, professional vulnerability repair guidance, vulnerability early warning service, door-to-door report explanation and other services can be provided to make more perfect technical support and after-sales service.
Gartner's authoritative report in which 360 has been selected this time is a strong recognition and affirmation of the security capabilities of 360 Digital Security Group, and more fully verifies the leading significance of 360 deep cultivation of digital security for the development of the industry for many years.
As the leader of digital security, 360 will continue to adhere to the national development policy in the future, rely on the security concept of "management+seeing+disposal", refine the industry-leading advanced security threat confrontation practice, help countries, cities and enterprises to cope with the security challenges of the digital era with the digital security brain system, and contribute security forces to the development of China's digital economy!