On December 10, 2021, the “2021 (Eleventh) Telecom and Internet Industry Cyber ​​Security Annual Conference”, a large-scale and influential annual important industry event in the field of cyber security, was held in Wuhan. Nearly 400 leaders and representatives from relevant units such as the Communications Administration of 31 provinces, autonomous regions, and municipalities, provincial communications industry associations, basic telecommunications operating companies, Internet companies, cyber security companies, and scientific research institutions attended the meeting to pay attention to cyber security. Focus on the field and hot topics, and explore new paths for the development of industry network security during the “14th Five-Year Plan” period.

At the meeting, Ruishu Information Technology Expert Guan Fujun delivered a keynote speech on “Building an Active Defense System for Application Data Security”, introducing the threats facing operators’ application data security in the data age, and showing how Ruishu Information uses “dynamic security technology” “, to help operators solve the data security risks of application systems.

In the data age, operators face five major threats to application data security

In recent years, with the increase of various application systems, operators’ information security incidents have frequently occurred. For example, illegal operations have led to the leakage of user core data, which is stolen by criminals for profit; illegally selling users’ personal information and sending spam messages; system vulnerabilities have been compromised. Extortion virus attacks have caused companies to lose up to tens of millions and so on.

As operators have accumulated and mastered a large amount of user information, production data and operation information, they will encounter various internal and external risks when applying data. Once the core application is attacked, it will affect the privacy of users, the development of the operators themselves, and the country. Security will have a huge impact.

Regarding this, Ruishu information technology expert Guan Fujun said that in the data age, the five major security threats that operators must pay attention to are: data tampering, user credential leakage, API interface abuse, ransomware, plug-ins and crawlers.

Specifically, in network communication, data transmitted in plaintext is easily hijacked or tampered with. If key data such as account numbers, passwords, transaction content, etc. are intercepted or tampered with by criminals during the transmission of user privacy data, it may cause users to suffer Harm, such as being defrauded, property loss, etc. Therefore, the operator’s application system should pay attention to the risk of data tampering during data transmission.

In terms of user credential protection, operators face the threat of hacker attacks: on the one hand, after the cookie is maliciously stolen, the attacker uses the cookie to directly obtain system operation permissions and personal information; on the other hand, the attacker uses the collected data Account and password information, batch attempts to log in to websites/APP and other applications, the legal identity of users can be obtained through database collision attacks, resulting in the disclosure of private information such as user identities, account numbers, and transactions.

At present, more and more applications provide their own data to third-party application systems through APIs. The application form of APIs has developed rapidly, and at the same time, APIs have become one of the main targets of attackers. According to Gartner’s prediction, by 2022, API abuse will be the chief culprit for enterprise application data leakage. Therefore, protecting APIs is becoming more and more important for operators.

Since 2021, ransomware attacks are still on the rise. With the emergence of models such as ransomware as a service (RaaS), the threshold for ransomware attacks has become lower and lower, and attacks on core applications have become more frequent. Traditional security solutions based on rules and characteristics can no longer effectively resist ransomware attacks, and traditional backup and disaster recovery systems are also full of helplessness in the face of ransomware. They blindly complete backup/disaster recovery tasks because they cannot determine whether the data is infected or not. It will increase the scope of infection and cause double blackmail. Therefore, ransomware attacks have become one of the major threats facing operators.

In addition, the attackers illegally obtain user privacy information through crawlers, and use plug-in programs to simulate manual access for business processing and other related business security risks, which also seriously affect the normal operation and reputation of the operator’s platform.

Dynamic security technology, Ruishu Information builds an active defense system for application data security

Increasingly rampant new types of network attacks have gradually made traditional data protection methods ineffective. So, how should operators deal with new application data security challenges?

Ruishu information technology expert Guan Fujun said that with the successive implementation of the “Data Security Law” and the “Personal Information Protection Law”, operators are facing various security threats, but they are also under tremendous pressure from regulatory compliance. According to the definition of data processing in the Data Security Law, data security involves multiple links: collection, storage, use, processing, transmission, provision, and disclosure, which have become the focus of data security.

Therefore, based on the key lifecycle nodes of data transmission, provision, disclosure, use, and storage, Ruishu Information has launched an application data security solution based on multiple security technologies to help operators build an active defense system for application data security.

Data transmission link

Ruishu Information takes the “dynamic protection” technology as the core and adopts one-time-secret technology for data obfuscation. The processing is carried out at three levels: application code obfuscation, transmission data obfuscation, and cookie obfuscation, so that the obfuscation result of the transmitted content is different every time. Improve the difficulty of attacker’s cracking and realize safe transmission.

Among them, application code obfuscation includes: Web, H5 code obfuscation, APP reinforcement, and small program reinforcement; data transmission obfuscation includes: end-to-end transmission data protection, request content confusion, and return content confusion;

Data provision link

The API dynamic security solution of Ruishu Information can realize the risk classification, rating and disposal of API from the four aspects of sensitive data interface identification, attack detection, abnormal behavior handling, and behavior auditing, so as to avoid sensitive data leakage caused by API abuse.

First, by combing API assets, the life cycle management of API assets is realized; second, the intelligent threat detection engine, which comprehensively utilizes intelligent rule matching and behavior analysis, continuously monitors and analyzes traffic behaviors, and effectively detects threats and attacks. Once the abnormal situation is determined, the intelligent engine uses a variety of threat models obtained by machine learning to determine the abnormal attack. Third, the sensitive data in API transmission is identified, and sensitive data can be desensitized or intercepted in real time to prevent sensitive data from leaking. Finally, analyze the access behavior of the API interface, establish a multi-dimensional API access baseline and API threat modeling, find malicious access behaviors, and avoid API abuse.

Data disclosure link

Ruishu Information can use technologies such as man-machine identification, behavior analysis, and on-demand interception to protect all service access channels such as Web, APP, applet, H5, WeChat, and API, and realize plug-in and data crawler protection.

Among them, human-machine identification refers to the human-machine identification of the visiting client through a one-time token, client authenticity verification, and client behavior recognition; behavior analysis refers to the use of AI technology to analyze user behavior, generate a reputation database, and establish threats. Mode; On-demand interception includes multiple interception modes, multiple acquisition fields, and full graphical configuration.

For example: Ruishu Information can verify the authenticity of the browser, verify whether it is an automated attack, check the authenticity of the action, etc., and randomly select the detection items and quantity, increase the unpredictability and difficulty of the attack, and deal with unauthorized access and unaffected Control access, database collision attacks and data crawling risks. At the same time, the “gray-scale” interception function is added to intercept on-demand according to business conditions, such as: initiating a second dynamic challenge, delayed packet return and proportional interception, etc., while protecting data security without affecting the normal operation of the business.

Data usage and storage links

Ruishu Information’s intelligent data security detection and emergency response system (referred to as River DDR) adopts rapid data detection and response technology based on innovative AI artificial intelligence, supported by a data security base, and provides data risk management, real-time intelligent detection, and threats Functions such as verification and quick recovery. With the high incidence of global ransomware attacks, companies are given the security capabilities to effectively counter hacker ransomware, prevent mass data leakage and destruction, and build a defense-in-depth system with three lines of defense before, during and after the event.

Generally speaking, Ruishu’s application data security active defense system adopts Ruishu’s core “dynamic security + AI” technology, such as granting a one-time token every time a request, legality verification and behavior recognition of the client, and realizing human Machine recognition; through customer operating environment detection to determine whether the environment is consistent, and finally through behavior analysis to see unknown threats and risks. So as to finally solve the problems of data transmission protection, API sensitive data management and control, identity information protection and data anti-climbing, data safe use and storage.

As a leading Internet application security protection company in China, Ruishu Information’s innovative “dynamic security” active protection technology has protected more than one trillion corporate customer assets and more than 500 million accounts, whether it is China’s three major operators, and the top five It is one of the largest banks, the top ten e-commerce companies, and the top three online payment companies in China who can find Ruishu information customers.

For operators, the dynamic security technology based on Ruishu Information can effectively resist various automated attacks, comprehensively improve their core application, business and data risk prevention capabilities, and build a new generation of active protection security systems for the digital age.

Link to this article：In the data age, Ruishu Information’s 5 strategies help operators build application data security lines of defense