Introduction: on July 16, with “native security double speed: fully integrate infrastructure” as the theme of ali cloud native security online features, MSC to interpretation by the cloud and the ability of how to solve the safety of the digital economy era new challenges, make high-grade security as a kind of infrastructure, become the “booster” of digital business development.
The primary security online conference: yqh.aliyun.com/live/openbi…
On July 16, with the theme of “native security twice as fast: fully integrated into the infrastructure”, Ali Cloud native security online thematic activity was finished, explaining how the ability born from the cloud to solve the new security challenges in the digital economy era, let the high-level security as a kind of infrastructure, become the “booster” of digital business development.
Infrastructure is security, and primary immunization solves the essential problem
The direct change brought by the digital transformation of enterprises is the change of IT architecture and business form. In order to meet the requirements of the business on network and performance, the distributed architecture is produced, which leads to the “distribution” of the business to different physical locations, and the traditional security boundary disappears. At the same time, businesses become more flexible due to digitalization. New applications and services can be launched or iterated quickly, while security protection cannot quickly follow up.
An analysis of the evolution of cyber threats and related cyber crime activity in the second quarter of 2020 released by McAfee showed that the total number of new samples of malware increased by 11.5 percent during the tracking period, with 419 new threats emerging per minute.
According to the Balbix 2020 Enterprise Security Situation Report survey released by Freebuf, more than 40% of organizations take 24 hours or more to identify vulnerable systems, making it almost impossible for them to stop outbreaks of rapidly spreading ransomware or malware infections.
A report by Mandiant, a well-known global network security company, confirmed that the number of ransomware victims increased 422% in 2020.
In the face of more and more complex business logic and more and more advanced attack methods, the traditional fragmented “perimeter protection” security solutions are just scratching the surface in the face of new security challenges in the digital era, and cannot solve the most essential security problems.
Changes in the underlying infrastructure of the cloud have brought a whole new dimension to security.
By integrating the fragmented security capability into the natural integrated cloud infrastructure, it becomes a systematic and globally interconnected primitive immune system, reducing complex security problems into minimalist and intelligent native protection, and realizing the security of infrastructure.
In the live broadcast event, Ali Cloud intelligent security senior director Ouyang Xin released ali Cloud’s native security capability system, by fully integrating the security capability into the infrastructure, to achieve the quality of safety effect change. Take emergency response as an example. Based on global threat detection in the cloud and coordinated defense across the entire network, the average emergency response time in the cloud can be reduced to 1 hour, far less than the industry average of 24 hours, which can reduce the loss caused by threats to enterprises in absolute terms.
Ali Cloud has been promoting the cloud’s native immune system continues to “grow”, and the form of security services to provide, customers can call on demand, pay according to the amount, in order to build a security system more in line with their business needs.
Three lines of defense, primary immunity, organic warfare
Consider the body’s three lines of defense:
The first line of defense skin level protection, prevent pathogens from invading the human body, and have the effect of sterilization. The security capability of the cloud platform infrastructure itself is like the first line of defense of human body, providing the most basic security protection for enterprises on the cloud. In addition to the physical and hardware security of the lowest level, such as fire protection and power protection, firmware security, ali Cloud also provides three layers of progressive native security capabilities:
1. Three-dimensional secure computing environment on the cloud, based on trusted computing and confidential computing technology, starting with imtamable chiplevel hardware security, to ensure the security and credibility of the entire computing environment on the cloud;
2. Data is encrypted by default. All data on the cloud is encrypted on the disk by default, and the field level encryption capability is provided.
3. The whole network is continuously suspicious of dynamic authentication, which realizes instance-level network isolation through micro-isolation, and creates a zero-trust secure cloud environment through identity authentication, dynamic permission management, and network access.
Second line of defense
Phagocytic cells, which is a natural defense function gradually established in the process of human evolution, are characterized by human native, have a defense effect on a variety of pathogens.
The same is true of Ali Cloud’s cloud infrastructure, which has default security genes since its birth. At present, 50 products in 10 product lines of AliYun have 522 core security capabilities. What customers enjoy in the cloud is cloud services with security genes.
At the same time, from the cloud security products will follow, born of the ECS, cloud storage, database, network cloud products and services such as depth integration of cloud, cloud open cloud products on customer service at the moment can also choose to open higher levels of safety protection ability, will secure the ability to infinite close to the edge of customer business, such as using a CDN service, to enable Web application firewall, the edge nodes, Through frequency control, machine traffic management and other capabilities, it can resist common CC attacks and crawler brush attacks, making business speed up and security.
Third line of defense
Immune organs and immune cells build up an acquired defense against more complex pathogens after birth.
In the face of increasingly complex and intelligent security risks, AliYun combines the natural advantages of cloud infrastructure to provide customers with an overall security solution covering 61 capabilities in six core areas to help customers build a defense system of depth on the cloud.
The biggest difference with the external security is that the security capabilities generated from the cloud are deeply integrated with the cloud infrastructure, which naturally has the advantages of the cloud, such as elastic performance expansion, AUTOMATIC DEPLOYMENT based on API, flexible operation and maintenance, and unified global management and control. The rich threat intelligence and security product capabilities of the cloud are interconnected, and the whole network is coordinated for defense, which has been tested and verified by the cloud on a large scale.
The acquired native high-level security capability can solve many complex and advanced attack risks that are difficult to solve offline, and is the unique native immunity of the cloud.
The cloud is trust
The evolution of cloud native security is continuously reducing the cost of trust, making the infrastructure itself a more highly available and secure trusted computing environment.
Ali Cloud’s native security capabilities have been recognized by many authorities, and the only overall security capabilities in China have been recognized by Gartner, Forrester and IDC.
In an increasingly complex digital business era, simplicity is the best way to eliminate complexity, and security concepts and solutions are being reduced due to the emergence of the cloud. As Xiao Li, general manager of Ali Cloud Intelligent Security Division, said, we hope to provide customers with more and more simple choices in the increasingly complex.
The original link
This article is ali Cloud original content, shall not be reproduced without permission.