Leaping evolution from concept to practice! How does the cloud's native "immune system" fight organically?

阿里云开发者
中文
Introduction to On July 16, the Alibaba Cloud native security online special event with the theme of "Native Security Double Speed: Fully Integrated into Infrastructure" came to an end, explaining how cloud-born capabilities can solve new security issues in the digital economy. Challenge, let high-level security as an infrastructure, become a "booster" for the development of digital services.

Native Security Online Conference: https://yqh.aliyun.com/live/openbigdata

On July 16, the Alibaba Cloud native security online special event with the theme of "Native Security Double Speed: Fully Integrated into Infrastructure" came to an end, explaining how cloud-born capabilities can solve new security challenges in the digital economy era As an infrastructure, graded security has become a "booster" for the development of digital services.

image.png

Infrastructure is security, native immunity solves essential problems

The direct change brought about by the digital transformation of enterprises is the change of IT architecture and business form. In order to meet the requirements of the business on the network and performance, the distributed architecture has caused the business to be "distributed" to different physical locations, the traditional security boundary Disappeared; at the same time, business has become more flexible due to digitization, new applications and new services can be launched or iterated quickly, but security protection cannot quickly follow up.

An analysis report on the evolution of cyber threats and related cybercrime activities released by McAfee in the second quarter of 2020 shows that during the tracking period, the total number of new malware samples has increased by 11.5%, and 419 new threats will appear every minute.

The Balbix "2020 State of Enterprise Security State Report" research report released by Freebuf shows that more than 40% of organizations need 24 hours or more to identify vulnerable systems, which makes it almost impossible for them to prevent fast-spreading extortion or maliciousness. An outbreak of software infection.

A report by Mandiant, a world-renowned cybersecurity company, confirms this. In 2020, ransomware victim organizations increased by 422%.

In the face of increasingly complex business logic and increasingly advanced attack techniques, traditional fragmented "perimeter protection" security solutions face the new security challenges in the digital age, and cannot solve the most essential security problems.

The changes in the underlying cloud infrastructure have brought new changes to security.

Fragmented security capabilities are integrated into the natural integrated cloud infrastructure to become a systemic and globally linked native immune system, reducing complex security issues into minimalist and intelligent native protection, and realizing that infrastructure is security.

During the live event, Ouyang Xin, senior director of Alibaba Cloud Intelligent Security, released Alibaba Cloud's native security capability system, which achieved a qualitative change in security effects by fully integrating security capabilities into the infrastructure. Take emergency response as an example. Based on global threat detection on the cloud and coordinated defense of the entire network, the average emergency response time on the cloud can be shortened to 1 hour, which is far less than the industry average of 24 hours, which can reduce threats in absolute terms. Loss to the enterprise.

Alibaba Cloud has been promoting the continuous "growth" of this cloud's native immune system and providing it in the form of security services. Customers can call on demand and pay according to the amount to build a security system that is more in line with their own business needs.

Three lines of defense, original immunity and organic combat

Take the analogy with the three lines of defense of the human immune system:

first line of defense
Skin-level protection prevents pathogens from invading the human body, and has a bactericidal effect.
The security capabilities of the cloud platform infrastructure are like the first line of defense of the human body, providing the most basic security protection for cloud enterprises. After enterprises go to the cloud, in addition to not having to pay attention to the physical hardware security of the lowest level of fire protection, power protection, firmware security, etc., Alibaba Cloud also provides three layers of progressive native security capabilities:

1. A three-dimensional secure computing environment on the cloud , based on trusted computing and confidential computing technology, with non-tamperable chip-level hardware security as the starting point to ensure the security and credibility of the entire cloud computing environment;

2. Data is encrypted by default , all data on the cloud is encrypted by default, and provides field-level encryption capabilities. The master key of the cloud platform protects customer keys is rotated daily by default, making cracking impossible;

3. The entire network continues to suspect dynamic verification , realizes instance-level network isolation through micro-isolation, and creates a zero-trust secure cloud environment through identity authentication, dynamic management of permissions, and network access.

second line of defense

Phagocytes, this is a natural defense function gradually established by humans in the course of evolution. It is characterized by its own natural defenses against a variety of pathogens.

The same is true for Alibaba Cloud's cloud infrastructure. Since its birth, cloud products have a default security gene. At present, Alibaba Cloud's 10 product lines and 50 products have 522 core security capabilities. What customers can enjoy when going to the cloud is cloud services with security genes.

image.png

At the same time, security products born from the cloud will be deeply integrated with cloud product services such as ECS, cloud storage, database, cloud network, etc. Customers can choose to open a higher level of security protection at the moment they go to the cloud and open cloud product services. Bring security capabilities close to the customer’s business edge infinitely. For example, by using CDN services, you can enable Web application firewalls. At the edge nodes, through frequency control, machine traffic management and other capabilities, it can resist common CC attacks and crawling attacks, so that business acceleration and Safe and secure.

third line of defense

Immune organs and immune cells gradually build up an acquired defense function against more complex pathogens after birth.

In the face of increasingly complex and intelligent security risks, Alibaba Cloud combines the natural advantages of cloud infrastructure to provide customers with an overall security solution covering 61 capability items in six core areas, helping customers build a defense-in-depth system on the cloud.

image.png

The biggest difference from plug-in security is that cloud-born security capabilities are deeply integrated with cloud infrastructure, which naturally has the advantages of cloud, flexible performance scaling, automatic API deployment, flexible operation and maintenance, and unified global management and control; rich cloud Threat intelligence and security product capabilities are linked, the entire network is coordinated for defense, and it has undergone large-scale practice and verification in the cloud.

The acquired native high-level security capabilities can solve many complex and advanced attack risks that are difficult to solve offline, and are the unique native immunity of the cloud.

Cloud is trust

The evolution of cloud-native security is constantly reducing the cost of trust, making the infrastructure itself a more highly available, high-security trusted computing environment.

Alibaba Cloud's native security capabilities have been recognized by many authoritative organizations, and the only overall security capability in China has been fully recognized by Gartner, Forrester, and IDC.

In the increasingly complex digital business era, simplicity is the best way to eliminate complexity, and security concepts and solutions are being reduced due to the emergence of the cloud. As Xiao Li, general manager of Alibaba Cloud's Intelligent Security Division, said, we hope to provide customers with simpler and simpler choices as they become more and more complex.

Copyright Notice: content of this article is contributed spontaneously by Alibaba Cloud real-name registered users. The copyright belongs to the original author. The Alibaba Cloud Developer Community does not own the copyright, and does not assume corresponding legal responsibilities. For specific rules, please refer to the "Alibaba Cloud Developer Community User Service Agreement" and the "Alibaba Cloud Developer Community Intellectual Property Protection Guidelines". If you find suspected plagiarism in this community, fill in the infringement complaint form to report it. Once verified, the community will immediately delete the suspected infringing content.
阅读 1.1k

阿里巴巴官方技术号,关于阿里巴巴经济体的技术创新、实战经验、技术人的成长心得均呈现于此。

2.9k 声望
6.1k 粉丝
0 条评论

阿里巴巴官方技术号,关于阿里巴巴经济体的技术创新、实战经验、技术人的成长心得均呈现于此。

2.9k 声望
6.1k 粉丝
文章目录
宣传栏