[Wandan safe] A contempt chain in the Internet of the Internet ~~

My journal has been launched for a long time, the [Morning Safety] column,

In the form of graphic comics, I will tell you some interesting things and news of the "Internet security circle",

Welcome everyone to submit a lot

In this issue, we have united Aoko Cloud's safe Qing Xiaobao,

Talk about a contempt chain in the online security circle. Essence Essence Don't worry, keep looking down.

The "anti -contempt" guide in the field of "host safety"

Jin Yong said: Where there are people, there are rivers and lakes

Actually, except for rivers and lakes

There are "despicable chains" in where there are people

Especially in the constant safety circle of technology

Just released a chain of contempt in the field of host safety

CWPP → EDR → EPP → anti -virus software

Let's see them one by one

How is it despised by others

Or despise others

01 anti -virus software

As the "big brother" in the security world

Falcinating software is working hard to protect the terminal from invasion of the virus

Helpless it can only identify the known virus according to the virus feature code

Can't identify and kill the virus without the virus library

This not only checks the lag

And as there are more and more virus types

The virus library is also getting larger and bloated

Unable to meet the needs of enterprises light, fast, good, and provincial

The slap in the back waves took one after another

Antivirus software can only be rejuvenated in the second line

02 Second -generation anti -virus software

From passive feature code comparison

Evolution into new virus recognition that does not require real -time updates

Such as behavioral detection

Determine whether it is a malicious program based on its behavior

This is not dependent on the active defense software of traditional feature code scanning

Known as the second -generation anti -virus software

But it is just a supplement to traditional passive defense technology

Can't cure all diseases

The most terrible is that it can only prevent virus on the PC side

Can't keep up with the pace of hacker attack path

03 EPP

If you want to protect the terminal in all aspects

Starting from the PC's anti -virus software is not enough

Because hackers can not only invade from other paths outside the terminal

Can also be invaded with other means other than virus infection

In this case, the concept of EPP is generated

EPP is also known as the third -generation anti -virus software

(Endpoint Protection Platform, endpoint protection platform)

Unlike a single antivirus software

EPP is a set of software tools and technical team operations

It combines multiple endpoint protection solutions

Can protect various types of endpoint devices

(PC, smartphone, tablet)

Can also be used through data loss protection and data encryption services

To protect the static data on the endpoint device

04 EDR

But EPP products are more powerful

Can't cope with complex and targeted attacks

The attacker can successfully bypass the defense through customized malware

Use a variety of technical means and tool combinations

Even more difficult to be recognized

Even if partial alarm is issued

The alarm of various defense tools is also independent of each other

There is nothing to do with each other

It is difficult for security personnel to use these alarms to see the full picture of the attack

In addition, EPP lacks continuous monitoring of the terminal

It is difficult for security personnel to locate the source of threats and the impact caused by threats

To solve these problems

EDR technology came into being

EDR is the next -generation anti -virus element

(Endpoint Detection and Response, endpoint detection and response platform)

Security system combined with other tools

Can continue to monitor the file activities on the endpoint

Actively detect new or unknown threats

You can quickly detect and position the problem when attacking

And track traceability after the attack

Avoid attacks again

05 CWPP

But EDR hasn't been in a few days

Just despise other terminal security products

Because EDR is very powerful in terms of endpoint protection

But in the field of host safety, you can only count as a rookie

In the cloud era, the server forms from physical machines to virtual machines and containers

There is even no server architecture change

The calculation characteristics of these servers themselves

Different from the security threats facing

Traditional terminal products can't play instantly

To this end, Gartner specifically defines a located in

Contempt at the top of the chain -CWPP

(Cloud Workload Protection Platforms)

It is a safe family bucket used to protect the workload on the cloud

For the workload on the cloud, provide multiple dimensions,

Comprehensive protection ability

Gartner divides this ability from the foundation to secondary eight categories

CWPP covers the safety needs of the entire life cycle of the workload

You can protect the server workload from the attack from attack

Regardless of the location or particle size of the workload

CWPP provides all server jobs

Visible and controllability of the load

Although the function of CWPP is enough to make it dominant

But 90%of the actual landing effect is very pulling

The main reasons include the following 3 points

1. Hanging sheep head selling dog meat, not CWPP native product

CWPP concept is released

Immediately attracted the attention of many security manufacturers

But many manufacturers are still dead EDR

Either it is unable to develop products that are truly based on the concept of CWPP

So I thought about a speculative method to replenish other safety products and make up for it.

I was changed to a product that claimed to be CWPP

But you know the actual effect. Essence Essence

Second, the sense of existence of crazy brushing, focusing on the affected business

The essence of security is to better run the business

Some security products violate this basic principle

Agent installed on the host is not only large in size

Also modify the kernel

The invasion of the server is great, and the compatibility hazards are great

If you are not careful, it will affect the business

Third, the security world is green, the function is small and shallow

CWPP products launched by some manufacturers

Although it was not modified by other products

But it was too young, just one or two years after being born

Not only is the functional module missing a lot

The depth of the existing function is not enough

Actually use the effect to imagine

So how to choose a CWPP product?

To say the CWPP product that does not pull the hoe

Qing Xiaobao believes that there should be three younger brothers, the three younger brothers of Agent, Engine, and Console

These three younger brothers can basically defend the threats in all directions

All three younger brothers are extraordinary

Agent lightweight, stable, affecting business 0 effects

The Engine engine is flexible and expanded, and the invasion is alarm in real time

Console control center can be seen in real time, user one -click operation management

、 People have their own duties and cooperate with each other

Completed the one -stop protection of the host information collection, analysis, and presentation

Based on adaptive security concept

Fine particle size, multi -angle, continuousization

Real -time dynamic analysis of threats

Automatic adaptation of changing networks and threat environments

Continue to optimize your own security defense mechanism

Let all kinds of threatening inorganic take

Now you understand this contempt chain, haha ​​~~

- END -