Put on a network security "combat clothing" to the government system

In the first half of 2022, dozens of cyber attacks on key information infrastructure against the government, energy, and industry have occurred worldwide, which has led to paralysis of the Costa Rican government computer system and many Italian government websites. Since the Russian and Ukraine War, the Internet attack has severely damaged government agencies and key infrastructures of the two countries. Its influence has even covered dozens of countries around the world. Essence

Today, with the continuous development of digitalization, with the changes in network technology and the changes in network offense and defense, the damage caused by cyber attacks has already extended from the Internet itself to the physical world, which has brought huge hugeness in people’s life and property security, social security, and even national security. threaten. As an important foundation for maintaining the normal operation of the state machine, the safety construction of the government system needs to be more effective and mature.

"Specification" government security

Chapter 31 of the "Cyber ​​Security Law" states that once the electronic government affairs are destroyed, lost function or data leakage, they may seriously endanger national security, national economy and people's livelihood, and public interests.

With the successive release of the "three laws and one example" of regulatory compliance, the continuous deepening of digital government affairs, the heavier pressure at the legal and policy level not only further improves the height of the network security, but also puts forward compliance with the construction of the network security capacity of government units. Sexual challenge.

At the same time, more and more normalized inspections and notifications of online information, public security, and competent units are increasing. The security pressure of the network environment is not the same as before.

However, most of the current government systems are still using the "device stack" security construction model. In the daily implementation of specific government affairs, this method brings a lot of disadvantages. For example, the accumulation of applications that have been developed for a long time and have not been updated for many years are accumulating. For the new type of attack method, there are not enough professional talents to analyze the security logs in real time, capture effective event information from a large number of logs, and optimize the strategic configuration of security equipment. It can only be forced to adopt the passive method of "after -after fire" to deal with safety events Essence

In addition, the equipment stacking safety construction model brings a split protection system. The equipment and equipment are fighting each other. The lack of global vision and mutual collaborative linkage strategies not only make the safety management extremely complicated, to a large extent, to a large extent Restricted the overall ability of government units to respond to threats.

The continuous international events and cybersecurity incidents during this period are conveying a very dangerous signal to us -the network space security situation is becoming more and more severe. Advanced network attacks are being put into use. It is a real national "network weapon".

In order to cope with these many challenges, government units have to build a safety operation system in person. However, the traditional security construction model requires only about one month in terms of system deployment and system debugging. The whole system of systemization will be six to nine months as soon as possible; In the later period, additional maintenance costs are needed; at the same time, traditional construction costs are extremely high, and the mastering of single technology system takes at least one month, not to mention the systemicization contains more than one system; finally, for government affairs units Such a systematic security maintenance management requires at least 12 security experts. Whether it is time, funds, or talents, huge cost investment will be generated.

Fortunately, the arrival of security custody services has brought new guarantees to the government environment.

Emerging security guarantee mode

What is a security custody service MSS (Managed Security Service)? MSS refers to MSSP (host security service provider) through the deployment of security components in the user network environment, collect the necessary security logs and alarm information, and upload it to the cloud security in the cloud security The operation center is continuously operated by the safety expert team to help users carry out in the cloud.

Specifically, in the government scenario, through the safety capacity of the safety operation center of the cloud electronic government affairs, the data is summarized, clustered, and cleaning the data; once the security incident is monitored, the security ability will pass the alarm information to the electronic government security operation Service platform; the platform will automatically generate the work order and send a issuer to safety experts at all levels according to the content of the incident. The safety operation expert group will carry out the research and judgment and response of safety events in accordance with the standardized process; Online remote response, if it cannot be handled online, will synchronize the content to local security service engineers for on -site disposal.

It can be seen that MSS is not only to help users solve security problems through systems and software. The core and essence is to integrate expert ability experience, emerging and safe technology and security product capabilities through cloud resource sharing models. The 7*24 -hour monitoring and early warning and real -time response of the government unit network eventually provided the government units with promised risk management and control guarantee.

The author also mentioned above that there are obvious shortcomings in the traditional safety construction method of stacking products, integration analysis of abnormal behaviors, response disposal of safety events, and subsequent reinforcements, which depend on the experience and ability of the safety engineers themselves, but the organization is short -term in the short term It is impossible to quickly form a mature security team. The form of MSS "service" delivery, with the effective synergy of "people" and "machine (safety equipment/safety platform)", can just make up for this part of the lack. At the same time, compared with the traditional resident service with the same "people" as the core, the budget cost of MSS costs is lower and the effect is better. Due to the unsustainable resident service, it is difficult for the resident staff to monitor and protect it 24 hours a day; not only that, the traditional resident service will be uneven due to the high liquidity of the personnel, which requires government units to spend. Time to consider and choose.

In contrast, MSS, because it can serve the characteristics of multiple users at the same time, this "shared" consumption model is equivalent to sharing operating costs together, greatly saving the investment in capital resources in the traditional field model.

The most important thing is that MSS can integrate the security information of the entire network and the entire industry, and at the same time can integrate a large number of security experts to comprehensively investigate and deal with security events. Under the mature service process, standards, and platforms, these security experts can be available. To achieve 7*24 hours of continuous online protection, bringing enough stability and effective risk control and security detection capabilities to users.

Through this light investment and one -stop solution, it can quickly and efficiently help government units and government affairs systems in digital and advanced threats to improve the current status of safety by rapid access and low -cost inputs, and satisfy multiple dimensions. Threat detection and analysis needs, fight against high -level network threats, and improve their own network security capabilities.

Put on a "combat clothing" to the government system

Comprehensive needs of government affairs scenarios and MSS characteristics, I believe that the appropriate MSSP can be selected from several aspects.

First of all, MSS providers must have rich user experience and rapid detection, analysis and defense capabilities for security risks. Secondly, MSSP must have a mature service process and guarantee capabilities to ensure quickly discovering security events and responding to safety events in a timely manner, so as to achieve 100%closed loop of major events. In addition, the service quality commitment provided by MSSP must be measured, that is, the safety effects of the final service must be clarified, including the response time and disposal efficiency of the security incident, the accuracy and real -time detection of high -level threats, etc. It can afford the verification of the majority of users.

In terms of technicality, MSSP's service capacity is required to adapt to the current rapidly changing security situation, real -time update iteration, and adapt to various new types of security risks. Once the government system is broken, it will lead to serious consequences. Therefore, whether it can keep up with the evolution of attack technology and continuously upgrade service capabilities, and to quickly detect, analyze, defense, and disposal for unknown threats, is it for government units to the government units so far to the government units so far to the government unit so far to the government unit so far to the government unit so far to the government unit so far to the government unit so far to the government unit so far up Important factor.

Finally, the most important point. Since MSS is a service, the best service experience for government security management personnel is to "reduce stress".

To put it plainly, it is best to allow government units to "custody" part of the security work that cannot be completed by their own personnel, that is, the inside of the unit no longer needs to build a safe operation system, and it can also directly obtain MSS through a one -stop deployment method. Safety capabilities, like ordinary people put on bats and take bat chariots, can instantly complete the transformation from Brucewan to Batman.

But the difference is that Batman needs to have a strong "money", and MSS only needs to "share". Investing in appropriate costs can be transformed into super heroes, threatening with the national -level network threats.

In this way, whether it is actively discovered or defensive response in a timely manner, it only needs to be handed over to the "bat battle", that is, the MSS to complete. As an important part of maintaining the operation of the country's machine, government units can liberate human and resources from the safety response from security response in the security response. Come out and invest more in serving the people and even the construction of the country.

But there is also a problem, that is, MSS must have the qualifications and ability to carry such heavy responsibilities.

The first domestic government network security operation center

At the "Digital Government Safety Custody Service Technology Forum" held on June 8, 2022, I was convinced that the service relying on the domestic government network security operation center to build a government affairs network security custody service in China. Through all -weather "human -machine co -intelligence" service model, it provides professional, persistent and effective security guarantee services for government affairs users, and can realize the "security custody" of the government network without the government network.

By pooling the resources of security experts, I am convinced that MSS allows users to enjoy the services of security experts at any time. The principle is to curing the experience of security experts into a safe operation platform. From the four factors of assets, vulnerability, threats, and incidents, the information security risk management is fully managed, and the disposal suggestions for precise monitoring and the export of professional disposal are achieved. Construct a safe operation architecture that continues (7*24 hours), active and closed -loop.

The author also learned that as early as 2018, I was convinced that the service was the first to release a security custody service for the entire industry. By serving thousands of customers accumulated security strategies and testing capabilities for advanced threats, I am convinced that MSS has now formed SLA, multiple subdivided security scenarios, and industrialized fine operations. The government network security custody service released this time is that after it succeeded in the TOB market, it moved towards a more segmented government field and a positive step. Although the development of the security market has never stopped, it takes time to take the test of the industry's barriers to always build a horse. However, if you only believe in the various development and trends of MSS at the stage, the author believes that it is worthy of recognition whether it is reputation or the prospect.

I am convinced that the service also said in an interview that at this stage, it will continue to upgrade its ability to operate its own safety operation center. Through super automation platforms, cloud intelligent robots, cloud security knowledge bases, cloud senior expert groups, etc. The goal is to further improve the comprehensive strength of serving MSS, so that it has the mission of carrying the network security protection and capacity building of government affairs systems, and has the strength of protecting the security of the government system in front of the national network threat, so that the majority of government users will reassure the security custody to give it to the security custody to give it to the security custody. Believe in service.

Safe to the future

The rapid development of the digital age means that security is already a problem that all walks of life must pay attention to. From the perspective of the state's strategic deployment of the Internet and the network wars between the international situation, security is not just the content that the industry and departments can summarize Instead, it can be extended to the concept of "community of human destiny" such as the country, culture, and inheritance. Therefore, it is not an exaggeration to "follow the security" if the social development is "surrounded by security."

From the perspective of the development trend of security products, there will be more and more clouds, AI, and automation platforms in the future. The attacking means from the criminals speculate that the next security defense must be a contest between people, and a single security system will be eliminated. Combined with these two points, in the era of offense and defense, safety products must have corresponding senior "expert services", and even this service should be the main instead of supplement.

Just responding to that sentence: safety is not achieved overnight, nor can it be solved through one or more systems. It is necessary to have products like MSS "human -machine common wisdom", and more need to reach consensus, to cultivate more security talents, and create a good sense of security. Security.

- END -