Ways of IT Risk Management in 2017-“the Integration of Human and Machine”

Dixon He elaborates the future trend of enterprise security services

In the early 2017, AlphaGo played fast chess on Chinese chess website. AlphaGo played against dozens of Go players in China, South Korea and Japan. With “Master” as its register, it had no defeats in 60 consecutive games. In May, AlphaGo fought against Ke Jie, the world’s No. 1 Go player-the champion. It won with an overall score of 3-0 and subsequently announced that it would no longer participate in Go competitions. Artificial intelligence is no longer far from us, and startups in this field have sprung up like mushrooms. Many people are thinking, will we have safety artificial intelligence or safety robot? Will the Artificial Intelligence era of Information Security be realized?

Xiao Man Yao Technology Conference – Global Mobile Developers Conference and artificial intelligence summit was held in Guangzhou at the 2017. During the conference, Testin chief security consultant Dixon He shared views and thinking on the future of security services. As Microsoft’s former chief information security officer and security director of Chinese region, chief security advisor of Beijing Olympic Games (2008), chief security advisor of WTO’s 6th Ministerial Conference (2005), he devoted most of his career to security. At the summit, Dixon He delivered a speech elaborated from three aspects:1. the past, the present and the future of the security field 2.the biggest security challenge the enterprises facing 3.the future security strategy

The Future of IT Security

Dixon He believes that the future direction of IT security should at least includes three dimensions: Human, Safety Artificial Intelligence and Software Security Robotic. Nowadays, many enterprises in the world are making use of artificial intelligence to realize their business strategy. In the aspect of information security, it is predicted that, in the next 2 to 4 years, the application of safe and highly-accurate protection technology will be more mature. It will use artificial intelligence. And in 3 to 5 years, the realization of safe robot cross-border layout is expected to stabilize.

The S.A.I. architecture’s three-dimensional division of labor:

  1. Relying on past experience of human, people are responsible for the design, definition and management of security matters and they will complete the follow-up monitoring and quality assurance.
  2. Safety Artificial Intelligence is responsible for learning and “activating” new experiences, so it must have self-learning and analytical skills, which is what we often refer to as machine learning. And by self-learning, building, refining and integrating, it builds up a security decision repository (SecDMKB)
  3. Software Security Robots are responsible for mission execution including real-world patrolling and onboarding. Also, in the IT infrastructures cross-border layout, they form integrations through A.I.’s APIs and Software Defined Security (SDSec) architectures. And they synchronize enterprise multi-level Information assets, and achieve intelligence and automated safety standards.

The biggest security challenge that enterprises face right now

With the rapid development of mobile Internet, the rapid popularization of smart phones, mobile Internet applications are breaking out. It brings unlimited convenience to users, at the same time it brings security risks. Security issues faced by businesses are also moving from PC security, Web security to mobile security.

Domestic authoritative data showed that in 2016 about 1 in every 10 Android devices had virus on average, device infection rate reached 10%.

Ali Mobile Virus Sample Bank added a total of 3,824,524 new virus samples in 2016. The average of 9,000 new samples per day, which is equivalent to 1 virus sample generated every 10 seconds. In the Top 18 popular industry, 98% of Top 10 apps have vulnerabilities. With total amount of 14,798 vulnerabilities on average, there are 82 of them per app. Data from international authoritative research firm Gartner shows that 80% of attacks occur at the Application Layer and 95% of security violations occur at End Point. Meanwhile, AV-Test.org points out that the new malware grows rapidly at a rate of 390,000 a day. Traditional anti-virus solutions (AVs) can no longer solve corporate security problems and challenges today. Enterprise security issues brook no delay.

At the same time, DevSecOps dimension also faces comprehensive security challenges. Most R & D teams in China lacked the application security professionals. During the test phase, the common AST tool was not found in the market. Which result in there is no way of finding all the security vulnerabilities. IDC Data shows that common AST tool used by public can only detect about 67% of the vulnerabilities and cannot detect business logic security vulnerabilities. However, the fierce competition of domestic enterprises led to that many R & D teams released new versions without completely repairing the vulnerabilities in time. Meanwhile,in the phase of operating and maintenance, attacks such as 0-Days and APT (File Based) were difficult to defend. Data is the core asset of an enterprise, and security determines the lifeblood of enterprise development. Therefore, both traditional enterprise and Internet-based enterprise should and must start to rethink their own security strategy.

The future of corporate security: the combination of human and intelligence

Dixon He believes that the security system must be a combination of people, tools and machines (learning) for right now and in the coming years. It should include deep safety testing and intelligent safety protection system. In the research and development phase, SDL security development lifecycle process must still be used. In the testing and release phase, it is impossible to monitor the business logic security vulnerability in fully automate way. Therefore, experts and tools must all be devoted into the total penetration testing towards security vulnerabilities and complete the security reinforcement. In the final operational phase, establishing a smart defense system with depth, building a complete set of safety ecosystems from multi-dimensions, are both indispensable.

The security system of the intelligent terminal must be able to withstand various types of attacks, including traditional, advanced persistent threats and 0-day attacks. Dixon He introduced S1 terminal intelligent detection and defense programs. It was strategic cooperation launched by the world’s “one-stop mobile application cloud test service leader” Testin and the United States Silicon Valley artificial intelligence security team. He further introduced that S1 helps enterprises face and deal with different levels of security challenges through three dimensions of monitoring and prevention strategies, including:

  1. Real-time cloud dynamic threat Intelligence: which blocks known malware hashes, IP addresses, network or host characteristics, etc. and therefore reduces the overall attack surface;
  2. Advanced static monitoring and prevention: a machine learning-based, deep file inspection engine that discovers known and unknown (0-day attacks) malware;
  3. Advanced dynamic monitoring and prevention: it detects attackers’ anomalous behavior of different types based on machine learning. It also prevents attacks using such as scripting automation, activity content, no documents, etc. as ways. Moreover, it helps companies achieve behavioral risk monitoring, ultimately accomplishes the 360 Full-angle dynamic monitoring, escorts for corporate security.

It is reported that the S1 terminal provides by Testin is a program of intelligent detection and prevention. It is simple to deploy and it can achieve real-time visualization forensics. It can not only monitor multi-level security threats automatically and intelligently but also withstand 0-day and advanced continuous threat attack. The protection is without affecting the performance. This solves the security issues and challenges that traditional anti-virus software (AV) can no longer handle today.

Dixon He believes that in the future, there will certainly be more and more problems and challenges turn up in the IT management of enterprises. The security defense program of present stage has been unable to meet the needs of security management. And it is difficult to achieve seamless connection with the platform. Therefore, intelligent deployment of IT security will inevitably become an integral part of the core infrastructure optimization. Enterprises must prepare for a rainy day and make a new generation of strategic layout. In these ways, they can guard their own data and information assets in the era of artificial intelligence.

About Testin

Testin (http://www.testin.net) is the global leader in One-Stop-Application cloud testing services for applications such as web, mobile web, H5, native mobile APP, Lite APP, mobile games, VR/AR, wearable, AI, smart home, smart driving, IoT and industrial APP developers to provide the necessary one-stop testing services and quality assurance. Testin is the disruptor of the traditional software testing service mode, combine AI automated real device SaaS testing, crowdsourcing testing, full stack security testing and continuous big data analysis, succeeded not only in capturing the domestic market of China but also in sett its foot of the global arena, has now continued to serve more than 800,000 developers with their 2.3+ million APPs, branding clients including most tier 1 internet entities and McDonald’s, Nestle, Starbucks, Daimler, BMW, Philips and Kabam, etc. Testin has been certified by ISO9000 , ISO27001 , ISO20000 , ISO17025, CMMI3 and CNAS, aim to help developers build confidence in their applications and ensure a good user experience. Testin has secured US$84.9 million in 3 rounds of IDG, Banyan, Haiyin, and CEL. Testin has been recognized as 2015 and 2016 Deloitte High-Tech & Growth Top 50 China, Red Herring Finalist 2014 Asia 100, 2015 Global 100 and 2017 Red Herring Global 100 Winner.

For more information on Testin please visit http://www.Testin.net
Jerry Wang
Tel: +1 (516) 277-6800
Email:  jerry@testin.io


Leave a Comment

Your email address will not be published. Required fields are marked *