Cyber ​​Security Awareness Week丨Ruishu Information explains how to ensure data security?

It has been one year since the Data Security Law of the People's Republic of China (hereinafter referred to as the "Data Security Law") was officially implemented. As my country's first superior law for data security, the promulgation and implementation of the Data Security Law has for the first time elevated data security work to the highest level of national security supervision, and has driven various industries to successively issue data security standards and detailed rules.

Although data security has received attention from the entire industry, as a complex field involving multiple dimensions, enterprises still face many challenges in data security protection and governance. At the recently held "2022 National Cyber ​​Security Awareness Week", data security once again became the focus of social attention. As a professional manufacturer in the field of application security and data security, Ruishu Information has given corresponding suggestions on how enterprises can do a good job in data security.

Legal Definition of Data Security

Before the Data Security Law was introduced, terms such as "data", "database" and "data security" had already been reflected in some laws and regulations. However, what exactly is data security in the legal sense? Where is the boundary of data processing obligations?

In this regard, Article 3 of the "Data Security Law" stipulates: "Data processing, including data collection, storage, use, processing, transmission, provision, and disclosure." Specifically, a lot of things need to be done to ensure data security. It is necessary to monitor, evaluate and protect data security risks in each link such as data collection, storage, use, processing, transmission, provision, and disclosure. It also requires the use of various technical means such as authority control, data desensitization, data encryption, and audit traceability.

At present, there are many single-point security technologies or data technologies on the market that can provide services for a certain link in data processing. However, with the continuous development of the data field, these single-point technologies lack linkage and cannot cover a wide range of data processing links, making it difficult to meet national data security regulatory requirements.

How to respond to compliance requirements and establish protection strategies and technical support that are compatible with laws and regulations such as the "Data Security Law" has become the primary challenge for major companies in implementing data security.

Build an active defense system for application data security

Ruishu Information pointed out that the "Data Security Law" clearly proposed two newer data processing links - provision and disclosure. These are the use and processing links that appear more and more frequently in the process of deepening enterprise digitalization, and are also the links where data leakage risks most frequently occur in recent years.

The 2021 Data Breach Investigation Report shows that 80% of data breaches come from external sources, 61% of data breaches involve login, and 39% of data breaches are caused by Web attacks. This shows that companies face numerous data security risks when providing and disclosing data.

This is because the continuous deepening of the enterprise Internet process has led to more and more businesses being migrated to the Internet, and a large amount of application data being generated, transmitted, disclosed, and shared. At the same time, the new generation of applications are accessed through multiple business channels such as Web, H5, App, API, WeChat, and mini-programs, resulting in increased application exposure risks and chain management difficulties. Various types of database collision attacks, brute force cracking, crawler attacks, and API interface abuse have also led to an increase in the risk of enterprise data leakage.

For this reason, Ruishu Information has launched an "Application Data Security Active Defense Solution" based on a variety of security technologies based on key life cycle nodes such as data transmission, provision, and disclosure, to ensure the security of application data transmission, prevent the leakage of API sensitive data, and implement application identity information protection and malicious crawler protection.

l Data transmission link: Dynamic obfuscation technology to ensure the confidentiality and integrity of data transmission

Ruishu Information uses dynamic obfuscation technology to obfuscate application codes and cookies, effectively preventing attackers from analyzing application codes and stealing cookies to obtain identity information, thus raising the threshold for attacks. At the same time, data transmission is dynamically obfuscated to prevent attackers from intercepting data transmission messages and launching man-in-the-middle attacks, effectively ensuring the confidentiality and integrity of data transmission.

l Data provision link: API sensitive data control to prevent API sensitive data leakage

Recent large-scale data leakage incidents are all related to API interfaces, and the sensitive data control of API interfaces has become the focus of data security construction for various enterprises. Ruishu's application data security active defense system realizes API sensitive data leakage protection through automatic identification of API sensitive interfaces, sensitive data and attack detection, access behavior analysis and abnormal handling. Through automatic discovery of API assets and establishment of a security baseline for data access APIs, data security risks are identified and controlled for behaviors such as API abuse and abnormal API data acquisition that may cause bulk data leakage.

l Data disclosure: Human-machine recognition technology to achieve identity information protection and crawler attack protection

Ruishu Information can protect against plug-ins and data crawlers through all business access channels such as Web, APP, mini-programs, H5, WeChat, API, etc. through technologies such as human-machine recognition, behavior analysis, and on-demand interception.

Data shows that more than 60% of data leaks are related to accounts. With the outbreak of a large number of data leaks, the black industry social engineering database has accumulated a large amount of account and password data. Attackers write scripts to attack corporate login pages and interfaces in batches and launch database collisions and brute force attacks. Ruishu's application data security active defense system uses "human-machine recognition" technology and built-in various business threat models to see through database collisions and brute force cracking behaviors, intercept attacks in real time, and prevent further data leaks caused by account leaks.

Crawlers are one of the main threats to interactive data applications and public data applications, and are also the main cause of data leakage in various applications.

Attackers write crawler tools to crawl sensitive data in batches. Ruishu Application Data Security Active Defense Solution

The solution can identify various automated tools through human-machine recognition and programmable countermeasure technology, providing real-time and in-depth

Bots attack defense, effectively preventing crawler attacks.

Guarding the "last line of defense" for data security against ransomware

As data becomes more and more valuable to enterprises, it has become the main target of ransomware attacks. According to the "2021 Ransomware Report" released by Sophos, the average total cost of recovering losses from ransomware attacks is expected to more than double year-on-year in 2021, and the trend of cost increases will not ease in the next decade.

Undoubtedly, as ransomware attacks become more sophisticated, defense measures are facing greater challenges. Traditional security defenses generally focus on network boundaries, applications, and hosts, which are used to prevent ransomware intrusion and block the spread of ransomware. However, ransomware is highly concealed and camouflaged. Once it enters the network/host layer, attackers often lurk for a long time and only initiate ransom after obtaining higher permissions and obtaining a large amount of key data. At this time, the network/host layer is often unable to prevent ransomware attacks.

In order to defend the "last line of defense" for data security, real-time security testing and backup of key data are imperative, which is exactly the security requirement of the "Data Security Law" for the two major data processing links: storage and use.

In fact, traditional disaster recovery systems can no longer meet the security requirements in ransomware attack scenarios. Since traditional disaster recovery systems regularly back up all data, on the one hand, they cannot fully identify whether the backup data is healthy, recoverable, and complete. Once the original data is infected, the disaster recovery data will also be infected, rendering the data unusable. On the other hand, the amount of backup data is huge and the recovery cycle is long, which cannot guarantee business continuity.

Based on this, Ruisu Information launched the country's first data security detection and emergency response system (DDR), which is positioned to back up enterprise core data and quickly restore backup data. It is the "final line of defense" against data ransomware.

l Data storage: secure isolation and secure storage of backup data

Inventorying data assets and troubleshooting system risks are the first steps to ensure data security. The Ruishu DDR system first conducts a health check on enterprise data. Based on the innovative "deep file content detection" technology, it can efficiently generate reports on enterprise data integrity, data asset distribution, and authority audits, helping enterprises to fully control the status of data assets.

After backing up the company's critical data, DDR can securely isolate the backup data to prevent malware or hackers from destroying or tampering with it.

Secondly, the Ruishu DDR system has secure storage technology and anti-tampering protection function. It uses encryption technology to prevent data leakage in storage. At the same time, it can delete data upon expiration according to the set retention policy. The retention period can only be extended but not shortened.

l Data usage: backup data security detection and rapid recovery

Unlike traditional backup systems, which must convert backup formats into production data formats and require days or even weeks to recover data,

Based on the innovative "intelligent fast recovery engine", Ruishu's DDR system can automatically generate a clean disk image that can be directly mounted, no matter how large the data volume is, to achieve data recovery in minutes and minimize business interruption time.

This is because the backup data used by the Ruishu DDR system are all internal storage snapshots of the backup data, which do not require data merging, data format conversion, or data movement and copying for recovery. At the same time, without performing any operations on the backup data itself, it can also ensure that there is always a clean, uninfected data in the backup data storage for business recovery.

Even if an enterprise encounters a ransomware attack, the Ruishu DDR system, based on its pioneering "offline intelligent deep detection engine", can perform security checks on files damaged during the ransomware attack, find files infected by the ransomware virus and the time of infection, assist security managers in quickly removing the ransomware, and find clean and available data, so that the enterprise always has clean and available data for rapid recovery.

In general, the advantages of Ruishu DDR system are prevention of bulk data destruction, secure isolation of backup data, quick recovery within minutes, low interference in production environment, and automated and programmable operation and maintenance. It can effectively break through the bottleneck of traditional disaster recovery systems facing the threat of ransomware attacks, so that enterprises can be well protected in the storage and use of key data. This technology that integrates security detection and data backup is unique to Ruishu Information.

Conclusion

One year after the Data Security Law was officially implemented, policies, markets, industries, and enterprises have undergone profound changes in data security, and various emerging security technologies have also emerged. Based on years of knowledge and technical accumulation of data security, Ruishu Information has launched a series of security solutions for security risks at all stages of the data life cycle, providing enterprises with powerful "weapons" to face data security compliance and practical challenges.