How can IT operation and maintenance service providers keep WannaCry out? Hengyuan Zhicheng said that security needs to be prevented

[51CTO.com original article] It has been a week since the WannaCry worm ransomware outbreak on May 12. The hacker group Shadow Brockers has dropped another bombshell, planning to sell more cyber weapons starting in June, including operating system vulnerabilities, intrusion tools, and even mobile phone attack tools. A global battle of attack and defense between cybersecurity and virus attacks has begun.

During these seven days, affected customers tried to find ways to recover, while those who were not affected prepared for the rainy day. It became a normal practice for the technical teams of security vendors to stay up all night, urgently released anti-virus tools, and updated virus databases... In fact, there is a very important link in the industry chain that many people have overlooked, that is, IT operation and maintenance service providers who deal with customers more. As the main force serving customers, how can they help customers minimize the risks brought by WannaCry this week? What measures have they taken to improve customers' IT security capabilities in a short period of time? What is the most direct reaction of customers to the WannaCry virus?

Wang Maoqing is the technical service manager of Beijing Hengyuan Zhicheng Information Service Co., Ltd. The reporter originally wanted to interview him as soon as possible, but he was busy at the client company this week and was unable to do so. Finally, he took time out of his busy schedule to accept a telephone interview with the reporter, which also allowed the reporter to understand the most real situation of IT operation and maintenance service providers and customers fighting against the WannaCry virus.

The service team started a 7-day extreme challenge

Wang Maoqing told reporters that none of Hengyuan Zhicheng's customers were infected by the WannaCry virus. He admitted that this really made everyone feel relieved. On the night of the WannaCry virus outbreak, Hengyuan Zhicheng's technical service team began to take action. They split into two groups. One group of colleagues called customers to remind them to check whether they were infected, and the other group of colleagues found the IT information table of each customer and provided customized solutions based on the different IT conditions of each customer.

[[191786]]

"Although our customers have not been infected, the risk still exists, so we need to help customers complete the distribution of desktop patches, firewall upgrades, maintenance and upgrades of back-end servers, and the closing of firewall and router ports in the shortest possible time." Wang Maoqing pointed out that in addition to technical services, Hengyuan Zhicheng also takes into account the negligence that may occur among customers at the security management level, so it has sorted out a batch of documents that can help customers conduct security training and allow employees to quickly get started with security operations and maintenance work.

From another perspective, the sudden WannaCry virus incident is also testing Hengyuan Zhicheng's service capabilities. Wang Maoqing led three engineers to take charge of virus prevention work for six large customers this week. Some customers have as many as thousands of computers to maintain. Other team members also basically follow the model of 2-3 engineers maintaining a group of customers. In the past 7 days, almost all Hengyuan Zhicheng engineers have been in the customer companies.

Safety without any water

Does the fact that no customers have been hacked mean that the IT system is secure enough? Wang Maoqing said that this is not the case.

He told reporters that through this operation and maintenance, Hengyuan Zhicheng also found many problems: many customers have already installed firewalls and anti-virus software, but the virus database is very outdated and the software version has not been updated for a long time, which makes the overall operation and maintenance very difficult. Some virus databases were updated a year ago, and some distribution servers have passed the warranty period, so they are not allowed to update the virus database.

If you think that all you need to do to deal with the WannaCry virus is to update the software, then you underestimate the difficulty of IT operation and maintenance. Wang Maoqing gave an example to the reporter: some customers need to restart their firewalls multiple times to patch them, but devices like servers are usually powered on for a long time and will not be restarted for several years. As a result, after the patch was applied, the server was overloaded with electricity for a short period of time, causing a short circuit, and the hardware needed to be repaired.

[[191787]]

"Hengyuan Zhicheng provides a comprehensive solution for the worm ransomware, including hardware, operating system, and desktop security. We also provide customers with a long-term operation and maintenance plan to assist customers in security." He believes that "compared with the 2C market, 2B enterprise-level users have higher security protection requirements and stricter service support levels. Therefore, this is also a test for IT operation and maintenance service providers. Some IT operation and maintenance service providers only provide desktop security solutions, which also compromises the overall security of customers."

The reporter also found that WannaCry actually sounded the alarm for those customers who were lucky enough to get away with it. A large part of the customers who were attacked this time were due to their indifference to security management. Some customers deployed security solutions just to meet the requirements of superior supervision, and did not really form a sense of security. Once they passed the level protection evaluation, they put antivirus and vulnerability scanning products aside and waited for the next evaluation to make repairs. Such an IT system architecture is too fragile to withstand the virus attacks launched by hackers.

Create information files for customers

Wang Maoqing believes that it is difficult for customers to prevent sudden attacks like the WannaCry virus in advance, so a lot of work is not to remedy the situation after it happens, but to do a good job of defense in advance.

"Security needs to be prevented before it happens." He said that many people previously thought that security products such as antivirus software and firewalls were not particularly important, but facts have proved that once attacked, it is these users who are attacked. Therefore, necessary security protection measures must be used. He believes that for enterprise-level customers, there must be a very standardized operation and maintenance management model to maximize the utilization of all architecture products and truly bring out the value of security.

Hengyuan Zhicheng's efforts have also won unanimous recognition from customers. Wang Maoqing revealed that in fact, as far as the role of IT operation and maintenance service providers is concerned, technical strength is not the only criterion for widening the gap. The most important thing is to compete in service capabilities and the degree of understanding of customer needs. He gave an example that the reason why Hengyuan Zhicheng served customers so promptly and efficiently this time was because Hengyuan Zhicheng sorted out a lot of customer information in the early stage, such as where a customer's computer room is located, what infrastructure is used, what type of server, what the IT environment is like, which link may have vulnerabilities, etc.

In short, Hengyuan Zhicheng tailored a set of data files for customers. He explained that because the previous data was very complete, it was very quick to locate which device of the user needed to be patched. When the customer brought a list of what they thought needed to be upgraded, they unexpectedly found that Hengyuan Zhicheng's list was more detailed and had more information than theirs. "This is a service concept and also a reflection of our professionalism. Hengyuan Zhicheng, with a responsible attitude towards customers, hopes to provide customers with more targeted IT services."

[51CTO original article, please indicate the original author and source as 51CTO.com when reprinting on partner sites]

[Editor: Zhou Xue TEL: (010) 68476606]