In the data era, Ruishu Information helps operators build a security line of defense for application data with five tips

On December 10, 2021, the "2021 (11th) Telecommunications and Internet Industry Cybersecurity Annual Conference", an important annual industry event with a large scale and strong influence in the field of cybersecurity, was held in Wuhan. Nearly 400 leaders and representatives from relevant units such as the Communications Administration Bureaus of 31 provinces, autonomous regions, and municipalities directly under the Central Government, provincial communications industry associations, basic telecommunications operators, Internet companies, cybersecurity companies, and scientific research institutions attended the meeting, focusing on key and hot topics in the field of cybersecurity and exploring new paths for the development of industry cybersecurity during the "14th Five-Year Plan" period.

[[440326]]

At the meeting, Ruishu Information Technology Expert Guan Fujun delivered a keynote speech entitled "Building an Active Defense System for Application Data Security", introduced the threats faced by operators' application data security in the data age, and demonstrated how Ruishu Information uses "dynamic security technology" to help operators solve data security risks in application systems.

In the data age, operators face five major threats to application data security

In recent years, with the increase of various application systems, information security incidents among operators have occurred frequently, such as: illegal operations leading to the leakage of user core data, which is stolen by criminals for profit; illegal sale of user personal information and sending of spam text messages; system vulnerabilities being attacked by ransomware, resulting in corporate losses of up to tens of millions, etc.

Since operators accumulate and control a large amount of user information, production data and operation information, they will encounter various internal and external risks when applying data. Once the core application is attacked, it will have a huge impact on user personal privacy, the operator's own development and even national security.

In this regard, Ruishu Information Technology Expert Guan Fujun said that in the data age, operators must pay attention to the five major security threats to application data security, namely: data tampering, user credential leakage, API interface abuse, ransomware, plug-ins and crawlers.

Guan Fujun, information technology expert at Ruishu

Specifically, in network communications, data transmitted in plain text is easily hijacked or tampered with. If key data such as account numbers, passwords, and transaction content are intercepted or tampered with by criminals during the transmission of user privacy data, it may cause harm to users, such as being defrauded or suffering property losses. Therefore, operator application systems should pay attention to the risk of data tampering during data transmission.

In terms of user credential protection, operators face the threat of being attacked by hackers: on the one hand, after cookies are maliciously stolen, attackers use cookies to directly obtain system operating permissions and personal information; on the other hand, attackers use the account and password information they have collected to try to log in to websites/APPs and other applications in batches. Through database collision attacks, they can obtain the user's legal identity, resulting in the leakage of user identity, account, transaction and other private information.

Currently, more and more applications provide their own data to third-party application systems through APIs. The application of APIs has been developing rapidly, and APIs have also become one of the targets of attackers. According to Gartner's forecast, by 2022, API abuse will become the culprit of enterprise application data leakage. Therefore, protecting APIs is becoming more and more important for operators.

Since 2021, ransomware attacks have continued to rise. With the emergence of models such as Ransomware as a Service (RaaS), the threshold for ransomware attacks has become lower and lower, and attacks on core applications have become more frequent. Traditional rule- and feature-based security solutions can no longer effectively resist ransomware attacks, and traditional backup and disaster recovery systems are also helpless in the face of ransomware. Blindly completing backup/disaster recovery tasks because they cannot determine whether the data is infected will increase the scope of infection and result in double ransomware. Therefore, ransomware attacks have also become one of the major threats facing operators.

In addition, related business security risks such as attackers illegally obtaining user privacy information through crawlers and simulating manual access to handle business through plug-in programs also seriously affect the normal operation and reputation of the operator platform.

Dynamic security technology, Ruishu Information builds an active defense system for application data security

The increasingly rampant new network attacks have made traditional data protection methods gradually ineffective. So, how should operators respond to new application data security challenges?

Guan Fujun, an information technology expert at Ruishu, said that with the implementation of the Data Security Law and the Personal Information Protection Law, operators are facing various security threats and are also under tremendous pressure from regulatory compliance. According to the definition of data processing in the Data Security Law, data security involves multiple links: collection, storage, use, processing, transmission, provision, and disclosure, which has become the focus of data security.

Therefore, Ruishu Information has launched an application data security solution based on multiple security technologies based on the key life cycle nodes of data transmission, provision, disclosure, use, and storage, helping operators build an active defense system for application data security.

Data transmission link

Ruishu Information takes "dynamic protection" technology as its core and adopts one-time-one-pad technology for data obfuscation. It processes data from three levels: application code obfuscation, transmission data obfuscation and cookie obfuscation. This makes the obfuscation results of the transmission content different each time, thereby increasing the difficulty for attackers to crack and achieving secure transmission.

Among them, application code obfuscation includes: Web, H5 code obfuscation, APP reinforcement, and mini-program reinforcement; data transmission obfuscation includes: end-to-end transmission data protection, request content obfuscation, and return content obfuscation;

Data provision

Ruishu Information's API dynamic security solution can achieve API risk classification, rating and disposal from four aspects: interface identification of sensitive data, attack detection, abnormal behavior disposal, and behavior auditing, to avoid sensitive data leakage caused by API abuse.

First, by combing API assets, the lifecycle management of API assets is achieved; second, the intelligent threat detection engine that comprehensively utilizes intelligent rule matching and behavior analysis continuously monitors and analyzes traffic behavior to effectively detect threat attacks. Once an abnormal situation is determined, the intelligent engine will use multiple threat models obtained by machine learning to determine abnormal attacks. Third, sensitive data in API transmission is identified, and sensitive data can be desensitized or intercepted in real time to prevent sensitive data leakage. Finally, the access behavior of the API interface is analyzed, and API access baselines and API threat modeling are established through multiple dimensions to detect malicious access behaviors and prevent API abuse.

Data disclosure

Ruishu Information can protect all business access channels such as Web, APP, mini-programs, H5, WeChat, API, etc. from plug-ins and data crawlers through technologies such as human-machine recognition, behavior analysis, and on-demand interception.

Among them, human-machine identification refers to the human-machine identification of accessing clients through one-time tokens, client authenticity verification, and client behavior identification; behavioral analysis refers to user behavior analysis, reputation library generation, and threat modeling through AI technology; on-demand interception includes multiple interception modes, multiple collection fields, and fully graphical configuration.

For example, Ruishu Information can verify the authenticity of the browser, verify whether it is an automated attack, check the authenticity of the action, etc., and randomly select the detection items and quantity to increase the unpredictability and difficulty of the attack, and deal with the risks of unauthorized access, uncontrolled access, database collision attacks and data crawling. At the same time, the "grayscale" interception function is added to intercept on demand according to business conditions, such as: initiating a secondary dynamic challenge, delaying the return of packets, and intercepting in proportion, etc., while protecting data security, it does not affect the normal operation of the business.

Data usage and storage

River DDR, the intelligent data security detection and emergency response system of River Information, adopts fast data detection and response technology based on innovative AI artificial intelligence, and is supported by data security foundation, providing data risk management, real-time intelligent detection, threat verification and rapid recovery functions. With the trend of high incidence of ransomware attacks around the world, it provides enterprises with the security capabilities to effectively fight back against hacker ransomware and prevent bulk data leakage and destruction, and builds a three-line defense system before, during and after the event.

In general, Ruishu's core "dynamic security + AI" technology is used in Ruishu's active defense system for application data security. For example, a one-time token is granted for each request, and the legitimacy and behavior recognition of the client are verified to achieve human-machine recognition; the consistency of the environment is determined through the detection of the customer's operating environment, and finally the unknown threats and risks are analyzed through behavior analysis. This ultimately solves the problems of data transmission protection, API sensitive data control, identity information protection and data anti-crawling, and data safe use and storage.

As a leading domestic Internet application security protection company, Ruishu Information's innovative "dynamic security" active protection technology has protected trillions of corporate customer assets and more than 500 million accounts. Ruishu Information's customers can be found in China's three major operators, the top five large banks, the top ten e-commerce companies, and the top three online payment companies in China.

For operators, the dynamic security technology based on Ruishu Information can effectively resist various types of automated attacks, comprehensively improve their core application, business and data risk prevention capabilities, and build a new generation of active protection security system for the digital age.