Ruishu Information opens a new starting point for "dynamic braking" security to identify and block the batch output of information by "legal insiders" in banks

On November 5, 2016, CCTV reported that the Mianyang police cracked a major case of infringement of citizens' personal information, arrested 15 key members of the criminal gang including the bank management, seized 2.57 million pieces of citizens' bank personal information, and 2.3 million yuan of funds involved in the case, successfully destroying this black industry chain. In this case, the person directly involved in the leakage of citizens' personal information was actually a security guard inside the bank. He used his time after get off work in the evening to access the bank's internal network through a laptop computer, and used a legal business account and password purchased in advance to use a self-made small program. Without manual operation, he was able to quickly query and output the required citizens' bank collection information, ranging from hundreds to thousands of copies at a time.

In this case, the three key conditions for the criminals to succeed were: obtaining a legitimate account from black market transactions, querying and exporting data in batches using tools, and using legitimate business logic in the export process. Although enterprises have deployed a large number of traditional network security equipment and security audit systems, the above conditions and factors are almost all legal operations, and there are no abnormal feature codes, so they cannot be identified as abnormal behavior by traditional security equipment or systems. At the same time, programmatically obtaining data in small batches is also difficult to be discovered by the audit system.

This kind of online fraud behavior that uses legitimate identities to simulate legitimate operations has become increasingly prominent. It not only has a great impact on the business development and reputation of enterprises, but more seriously, the leakage of personal information, and the various fraud activities caused by the rebroadcasting and exploitation of black industries have produced even worse social impacts.

Hackers rely on bot attacks that use automated programs to attack so frequently. Bot attacks generate thousands of simulated legitimate connections. Because such attacks look completely legitimate, traditional signature codes and rule base strategies are completely unrecognizable. Therefore, many of the network security devices currently deployed will become completely ineffective when they are attacked by such attacks.

Are we really helpless in the face of hackers' ever-changing attacks? No.

So how does Ruishu Information identify and block seemingly "legitimate" threats and attacks?

Ruishu Information's first robot firewall in China uses innovative dynamic security technologies such as one-time dynamic tokens and dynamic verification to efficiently identify the characteristics of "automation and toolization", thereby achieving active prevention of such threats. Ruishu Information's dynamic security technology is completely different from traditional security technology that only relies on the matching of attack feature libraries and abnormal feature libraries to identify attacks. At the same time, it does not need to rely on attack frequency and tool categories for identification, so it is more proactive and effective.

Ma Weiyan, CSO of Ruishu Information, said: "To avoid the occurrence of the above-mentioned cases, we can effectively curb them by grasping one of the key conditions, that is, effectively identifying "instrumental" behavior! Regardless of whether the identity is legal, whether the business logic is legal, or even whether it is derived through distributed attack source IP and small batch and low-frequency queries, as long as it is "instrumental" behavior, it can be identified and blocked by Ruishu's dynamic security technology.

It is understood that Ruishu Robot Firewall has been widely used in the domestic market, and many large domestic enterprises are loyal users of Ruishu Information. The user range covers telecommunications, banks, and many industrial institutions that mainly provide network application services. In the future, Ruishu Information's dynamic security defense system will help more and more companies get out of the shadow of security threats.

"Ruishu Information has realized the huge challenges that the popularity of applications has brought to asset security." Ma Weiyan said: "Today, the asset and data security challenges faced by the application services of various banks and financial institutions are far greater than in the past. In addition to the in-depth development of application services, hacker attack methods are also evolving rapidly towards automation and toolization. More importantly, the speed of use and dissemination of these tools even far exceeds that of corporate protection products, and the cost of attack is greatly reduced. Therefore, it is absolutely impossible for enterprises to rely solely on a single protection method, but to build a 360-degree protection network and use some new security protection technologies to compete with attacks and threats. Traditional means have no way to identify threats and hidden dangers from the legal identity of the "insider", so starting from the characteristic of "automation", "dynamic braking", dynamic technology, to cope with the changes in various new tools, is an effective means to quickly respond to various emerging means of stealing secrets.