Aquaboutic | Focus Security Research | Vulnerability Exploit | POC


what does the north say to the summit?

Posted by melchionda at 2020-03-16

What does the North say to the summit?

Wednesday, December 23, 2015

At the winter solstice, we not only eat dumplings, but also have meetings. We talk about strategy, industry, capital and development.

For the first time, the security conference was organized with the concept of "north direction", and its content structure was also very north direction. From the top to the bottom, it is strategy > Planning > capital > management and governance > Technology > practice.

1、 Strategic Forum

Hao Yeli, vice president of national innovation and Development Strategy Research Association

The threat of cyberspace is a global challenge, but there are differences between developed and developing countries. Therefore, the first problem faced by cyberspace rules is the definition of cyberspace threats.

General Hao Yeli started with the famous interpretation of international Cyberspace Security Strategy - "four pains".

Now the network situation has evolved from turning over the wall to pushing the wall, but how to push? Can you push it?

General Hao's view on the wall is that the stability of the regime must be governed. This standard is universal, but the trend must be open.

As for how to establish a good cyberspace order, general Hao thinks:

First, we need the awakening of new civilization, second, we need to strengthen our understanding of new space, third, we need the guidance of new mechanisms, and finally, we need the demonstration of new powers.

We can't fall into the PK mode where you are more and I am less and you are more and more deadly.

The law of jungle should be transferred to rest and sharing, weather and storm; painting the land for prison, opening and sharing; self-respect, symbiosis and common prosperity; and values, respect for differences, tolerance and diversity.

Ma Bin, vice president of Tencent

In the cyberspace dialogue between China and the United States, the market value of global technology companies totaled 3 trillion US dollars, 2.2 trillion in the United States, 600 billion in China, less than the market value of an American company - Apple (700 billion)

The success of Chinese Internet companies is nothing more than moving offline to online and seizing historical opportunities.

In cyberspace, whoever has data has initiative.

Use Tencent's ability to work with more partners to create an ecosystem together.


There are five reasons for the game of International Relations: geography, science, economy, people and network.

It is suggested that enterprises or institutions should construct the strategic view of information security in five aspects: national policy, industrial ecology, operational confrontation, product equipment and technology matrix.

The strategy is not just on paper, it needs to be better implemented.

2、 Planning Forum

Zhou Zhi of China Mobile

Security system architecture of coordinated development:

1. In the process of security system construction, coordinated development is very important.

2. Design of real-time countermeasure capability (comprehensive safety perception capability; targeted safety protection capability; effective emergency response capability).

3. Practical security system model. A good model should have the following characteristics: clear technical level; clear subject of responsibility; comprehensive coverage and flexibility; establishment of platform concentration, open strategy, crowd testing and crowdsourcing mechanism, and construction of "the strongest brain".

4. Comprehensive security awareness is the core element of the new generation of security management support means.

Safety is not only a top priority project, but also a national project. Without planning, we will be scattered.

Zhou Chuang, strategic key account director of Gartner China

President Zhou introduced the characteristics of Gartner and the understanding of IT industry to the participants.

Huang Sheng, former technical director of CNPC Ruifei, a senior security practitioner who proposed the idea of "building a defense in depth system based on Tower Defense Model", shared the "ten years' thinking of information security planning".

Why is planning a lot of time empty? Because it is to be implemented, not to draw a picture. If there is a box on the picture, there will be something about it.

In terms of information security planning from the perspective of "utility", enterprise market is the market that information security enterprises must take down.

If your technology can't get into the information security plan, you can't get into the project, you can't get into the enterprise market.

The benchmarking method, which was widely used ten years ago, is no longer applicable.

Two kinds of project planning are most likely to fail. One is called "pat the head" project, and the other is to catch up with "the hottest" project.

A capability based overall architecture model may be more practical.

The estimate in the plan is to become budget, so your technology or product should enter the plan.

Zhuang engui, founder and CEO of Beijing Jing'an Yunxin Technology

Mr. Zhuang didn't talk about safety. Mr. Zhuang talked about "budgeting and implementation".

A good budget is one of the key factors for the success of the project. We should persuade, help and cooperate with Party A to make a scientific budget.

Budget implementation is the most important. With a scientific budget, poor implementation is equal to no implementation. Close cooperation between Party A and Party B is the key to budget implementation or project success.

At the right time, choose the right organization and person to do the right project.

About Auditing

Audit is an indispensable link in the whole project cycle. We must consider audit as a factor when we do a project. After audit, the project is truly completed.

To do a project, we should have the idea that we are a team working together with Party A; we should have the idea of growing up together with Party A; we should have the idea that we are doing a project for others (not Party A's project participants) in the future; we should have the idea that the project can stand the audit of Party A and Party B. Otherwise, it is not a successful project and customer loyalty will not be ideal.

At the end of the planning forum, Huang Sheng once again came to the stage to share the "planning points in woodlouse's eyes".

There is no silver bullet, no one move to solve all the technology and solutions. Therefore, we should build a defense system in depth.

In the next five years, the workload of new protection work and pit filling (to make up for the past) is almost the same, and cloud migration is a rare opportunity.

Other key points:

Using big data to realize the technology modernization of enterprise information security monitoring system;

It asset oriented vulnerability life cycle management system;

The modernization of identity management and access control system;

A unified traffic collection and processing platform with deep packet processing capability for session flow.

3、 Capital Forum

Hao Biao, chief analyst of the computer industry of Soochow securities, brings us the "investment framework of information security industry".

Hao Bi

Investment logic of information security industry:

1. Network security

In a narrow sense, information security industry can be divided into encryption, attack and defense, audit, evidence collection and control. According to IDC, the market reached 13.4 billion yuan in 2014 and 20 billion yuan in 2017. (the number of 70 billion water counted by a company has become an industry joke.).

2. Self control

High end market: cooperation and capital operation to achieve localization.

Low end market: the party and government system has nearly a trillion spaces.

Three 100 billion markets (global):

National security drives the cyberspace arms market to reach 100 billion yuan;

Cloud computing drives hundreds of billions of market in cloud network;

Mobile security starts to encrypt 100 billion spaces of mobile phones.

Competition pattern: the era of one-stop procurement is coming, and the status of independent third-party safety manufacturers is prominent.

Company development mode: attach equal importance to M & A and endogenesis, and the valuation is in line with international standards.

Zhang Ju, executive director of light speed venture capital

The investment of information security has not brought great changes to the solution of information security problems.

Wu Zhefei, partner of APU Apple Angel Fund and co-founder of blue cursor, talks about the power of capital, which makes many entrepreneurs in the security circle more attentive.

Vanke vs Baoneng

Boneng: Here I am

Vanke: don't come

Boneng: Here I am

Vanke: your money is not clean

Boneng: Here I am

Vanke: then I will suspend trading

US venture capital has invested US $2.3 billion in security start-ups, and angel investment in all areas of China is more than 10 billion.

The failure rate of angel investment in China is about 90%.

What strength can capital bring: team confidence; brand endorsement; resource docking; coaching and tempering; acceleration.

How to use the power of capital:

A) Use with care

The core is to manage yourself well, if you want to understand the likes and dislikes of capital.

B) Making Capital Partners

We are the only angel investment focused on security in China.

Fang Hua, the co-founder of the safety lab, shares some of his thoughts on "northing".

Fang Hua: a small perspective from the North

1. Strategic security becomes a new driving force;

2. Shift to risk and loss pricing;

3. Turn to information asset value pricing;

4. The subsidiary status is upgraded to parallel status.


The challenge lies in the disappearance of internal and external network boundaries; the high complexity of information flow caused by new cloud and mobile computing modes; and the complexity of attack means beyond the boundary detection capability.

In response, the software defines the boundary; the password reconstructs the boundary; forces the information flow to form the critical path method.

Small perspective of capital

Smart capital plus capital, innovation is more inclined to solve problems in a single point, and cooperation from the north to the community can promote and cultivate innovation sparks.

4、 Threat Intelligence forum of Architecture

General Kim's presence is also a universal concept of threat intelligence.

The connection of strategy and tactics -- the value of Threat Intelligence

Decoupling of product and attack defense -- the essence of Threat Intelligence

Threat Intelligence is not only technology, it is fundamentally management.

Li Chung Yang

Li Zongyang, vice president of Tianrongxin, shared that "there is no silver bullet, talking about the challenges faced by Threat Intelligence Applications".

1. action

User: unable to convert the period into action, the security product does not support the ability of analysis and confrontation.

Industry: security products and services include clear, automatic deployment, tested and verified response plans; security protection system supporting intelligence. The regulators should do the following: the attacker's portrait, tracing, eradicating and counteracting; the security analysis and security reinforcement (operation and maintenance) platform.

2. relevance

User: value is king, irrelevant information is noise, it needs to be useful and accurate.

Industry: user segmentation; vertical intelligence; the importance of the last mile.

3. timeliness

User: the first to get information, to get initiative, to win the first opportunity.

Industry: automation, North South sharing system and cooperation mechanism, common platform and the last kilometer of service.

4、 Predictability

User: it's not about auditing the past and summarizing the history, but preventing the future and treating the disease.

Industry: competent authority, eliminate organized invasion, summarize countermeasures; information sharing of multi Threat Intelligence Platform; active threat information acquisition through honeypot, etc.

Weibu online Xue Feng

He was once chief security officer of Amazon China, director of Internet Security Strategy of Microsoft China, and the first security company in China that focuses on Threat Intelligence, the founder of Weibo online. He called Xue Zong of intelligence, who brought us "Security Threat Intelligence and its basic capabilities".

60% of IT security budget will be spent on detection and response.

Although the bigger the data, the better, but not more data can solve the problem.

The core asset of a security team is its analysts.

Fan yuan, President of Anheng

Until now, the concept of SOC has not been fully realized, and there is still a lot of space.

5、 Management and Governance Forum

Moderator of sub Forum: Wan Tao, co founder of IDF Laboratory

Security is a process of constantly reducing risk. Security governance is to transform cognition into ability.

You can't say which side of the dice is the biggest, and so is the safety point.

The topic of Lin Mingfeng, technical director of Anheng information north area, is "safe management and governance mode".

Four development stages of safety management:

Basic security (1) – > compliance (2) – > it risk (3) – > business risk (4)

From 1 to 2 is driven by policies, and from 2 to 3 is based on a new understanding of its own it architecture. 3 to 4 need full competition, when security becomes the competitiveness of enterprises.

The philosophy of security management should always keep up with business development.

Sun Ying, director of information security operation of Huawei

Mr. Sun focuses on "Huawei confidential information asset identification". She believes that accurate differentiation of confidential information can improve business efficiency.

The advantage of confidential information asset protection is that it liberates a lot of non confidential information and maximizes the value of non confidential information.

The key to the identification of confidential information assets is to protect valuable information, which is not equal to the value of information protection.

Jin Bo, chief scientist of the three public security institutes, shared two new security standards for Internet services:

GA 1277-2015 (Internet interactive service security requirements)

GA 1278-2015 (basic procedures and requirements for Internet service security assessment)

The standard combines compliance requirements and security requirements, and integrates network security and content security.

The public security standard is not the standard of the Ministry of public security, but the public security standard.

6、 Data forum of Architecture

Dong Jing, founder of Scarlett

Digital commerce drives information security to change:

Data is the new center; identity is the new boundary; behavior is the new control; intelligence is the new service.

A borderless information architecture is unrealistic.

Data centric construction of business applications and security measures is the general trend; content identification and classification are the basis of data governance and security capabilities.

With the popularity of cloud and mobile, identity becomes the primary factor of security area division; the function of real-time identification of situation and risk and adaptive adjustment of authority will be popular.

User and entity behavior analysis is an effective way to detect internal and external threats; products monitoring privileged user behavior and sensitive data behavior will be popular.

Highly relevant and actionable Threat Intelligence can significantly improve defense level and reduce costs; the speed, efficiency and effect of using intelligence will become the core competitiveness of security products.

Wu Yi, an Alibaba cloud security ecology expert, brings "data driven security":

Before SOC, 70% of the time was spent in data collection and preprocessing, and only 20% of the data analysis that really generated value.

Information security also exists in Babel Tower, where everyone speaks their own "language".

CVE has been more than ten years. Lao Mei is playing a big game.

Data needs to be more efficient and useful to drive security.

Wu Yunkun, President of 360 enterprise security group

Internet companies in the early days almost barbaric data collection, now it is time to consider privacy issues.

Only by encouraging safety personnel to participate in activities other than safety and expanding their horizons, can they better understand and do a good job in safety.

7、 Technology landing Forum

Professor Yang Yixian, director of the information security center of Beijing University of Posts and telecommunications and editor in chief of the Journal of communications, has brought "general theory of security: chapter on channels and collaterals".

Generally speaking, no pain, no pain. Establish meridian chart to treat the disease.

To learn more about Professor Yang's theory, please look at this:

Liu Ziqian, CEO of China Telecom Network Security Product Operation Center

Four elements of resource acquisition: time, manpower, capital and management.

Four elements of operation organization management: process, architecture, iteration and continuity.

The presentation of value evaluation should be solid and objective.

The reason for the historical phase failure of SOC is that the technology matching at that time did not keep up.

All techniques should be flogged before use. You will find that many of them are not applicable.

Zhao Liang, Chief Strategic Officer of Lvmeng Technology

It is impossible for any enterprise or organization to have unique tactics superior to others for a long time. How to build a more efficient system in the similar environment?

From the known to the unknown; multi-dimensional confrontation space; intelligent security 2.0 cloud ground man-machine

Tian Feng, China Mobile

When it comes to planning, safety protection system, safety standard management, safety organization management and safety operation and maintenance management system, four aspects of construction are indispensable.

Safety is another big mistake. Manufacturers always care about the advanced technology, while customers need the product technology that really solves the problem.

- simple dividing line -

The first safety speech forum with the concept of "north direction" ended. Niu Jun spent a day in the conference hall, full of gains. But unfortunately, these words can only record a small part of them. Safe cow is willing to be a faithful recorder, observer and promoter in the field of safety.

Finally, I would like to thank pan, the general host of the BEIXIANG summit, for his hard and busy stay behind.


Stay in God