[Global Network Technology Reporter Lin Di] "Intelligence is a technology that can change many security products. For example, situational awareness requires intelligence, EDR requires intelligence, and traffic monitoring also requires intelligence." On May 25, at the 2023 CSOP Network At the Security Operation and Practical Conference, Weibu founder and CEO Xue Feng pointed out in his keynote speech on "The First Principles of Security Operations".
Xue Feng believes that the current domestic network security has undergone new changes on the attack side and demand side, and the network security model and industry have emerged with corresponding new characteristics. Network security construction and operations have gradually transitioned from infrastructure and compliance-oriented to effect-oriented. Security technologies, products and solutions are destined to become automated, cloud-based, practical and subscription-based; but no matter how the needs and models of network security change, security operations will always retain their first principles, and security practitioners must embrace new technologies, To cope with new changes, it is necessary to properly handle the three elements of network security operations such as risks, assets, and threats, and continuously explore the application of new technologies such as big data, threat intelligence, and AI large models in network security operations.
"Security in 2023 and security in 2019 are no longer the same. He elaborated that the current focus is more on discussing security operations and security practices, compared with the previous focus on security infrastructure construction and compliance. "Basic Security and compliance address basic health and safety issues, and they need to prevent attacks from occurring. However, when it comes to the operational and actual combat stages, what we need to solve is to discover threats that cannot be prevented. ”
He pointed out that because digitalization has reached a certain stage and there are more and more online assets, everyone hopes to focus more on effects, discovery, operations and actual combat.
Subsequently, he said that the industrial model of the security industry has also undergone many changes. In the past, people were used to solving security problems by purchasing software or hardware, which could take as long as three or even five years. However, we found that this may not be the best model, and there will be many problems. For example, when you buy it, it is a next-generation product, and it may become the previous-generation product after one year of purchase; you cannot change it temporarily. But under the subscription model, these problems no longer exist. Once you have made a budget, you can review it at the end of each year and replace it at any time. So this is our service concept and the concept of this safe business model of subscription. ”
In addition, Xue Feng also revealed that Weibu’s machine learning technology has been maturely used in fields such as file scanning and killing, such as detecting and killing PE files in Windows environments and ELF files in Linux environments, with a detection rate of up to 97% %-98%, while the false alarm rate is as low as 0.005% and 0.002%. At the same time, Xue Feng expressed great recognition of the application prospects of secure GPT technology, "Secure GPT technology can greatly improve the work efficiency of security analysts and security operations personnel. What we demonstrated is less than 1/10 of the security The application of GPT and large models in security is a long journey, and it has just begun."
Looking forward to the future of secure GPT, Xue Feng believes that data, intelligence and AI technology will greatly enhance the automation and practical capabilities of network security operations, helping network security operations move from "assisted driving" to the "autonomous driving" era.
Finally, he told reporters that in recent years, under the background that actual combat drills have become normalized, the security construction and operation guidance ideas of government and enterprises have changed. The industry has gradually realized that the construction of network security protection system is a long-term, continuous and systematic Engineering, therefore began to focus on establishing practical safety operation capabilities.
The above is the detailed content of Xue Feng from Weibu Online: Data + Intelligence + AI helps safe operations move towards 'autonomous driving”. For more information, please follow other related articles on the PHP Chinese website!