Websites and mobile application services are becoming increasingly complex. Ruishu Information has opened a new starting point for "dynamic braking" safety

[[188848]]

In order to obtain huge economic benefits or even achieve certain specific interests, hacker groups often launch attacks on commercial organizations or government websites. Recently, the Information Institute of the Shanghai Academy of Social Sciences and the Security Institute of the China Academy of Information and Communications Technology released a "Blue Book of Cyberspace Security: China's Cyberspace Security Development Report (2016)". The data disclosed in the blue book is shocking: According to monitoring, in 2015, my country's government websites were hacked 21,674 times, an increase of 36.7% over 2014; my country's local government websites have become the "hardest hit areas" attacked, and the implantation of backdoors and website tampering are still serious.

Are we really helpless in the face of hackers' ever-changing attacks? No. Ruishu's robot firewall, which uses an innovative dynamic security technology architecture, can completely invalidate automated attack behaviors that simulate legitimate operations by randomly changing the original code of the web page, and can block more than 99% of illegal behaviors.

Prevent malicious "crawlers" from crawling key data

With the rapid advancement of "Internet + Government Affairs", government websites are facing increasingly complex security challenges. On the one hand, web application vulnerabilities continue to emerge in an endless stream. Traditional protection relies on constantly checking and patching vulnerabilities and updating rules, which cannot avoid the passive situation of making up for lost time and running around in a hurry. On the other hand, government services and data are constantly migrating to the Internet. In addition to the traditional "anti-tampering" and "anti-Hack" measures, the "crawler" tools widely used for data acquisition have made government websites face the dual severe challenges of business and data security. According to statistics, 40%-60% of network traffic currently comes from crawlers, and this proportion is even higher in service websites that provide public inquiries. Crawlers are having a lot of fun, but the crawled websites are overwhelmed. According to Ma Weiyan, for websites harassed by "crawlers", on the one hand, the availability of business services is greatly affected, and system downtime and network bandwidth resources are often occupied, which affects the government's ability to serve the public.

She introduced that the value brought by data has been widely recognized and has received unprecedented attention, so the security confrontation caused by the competition for data will become more intense. We can not only see the regular online data services of the government and enterprises such as recruitment resumes, human resources and social security, industrial and commercial taxation, and patent information inquiries, but also see the abnormal data application services flooding the Internet, as well as the illegal sale of data offline. Many of these data application services use crawler tools to crawl information from competitor websites and government public service websites, and provide paid services to the outside world after secondary analysis or processing. On the one hand, this increases the risk of corporate and citizen information being leaked and used and forged, and on the other hand, it will cause the deterioration of the Internet business competition environment.

Ma Weiyan mentioned, "Crawler technology is constantly developing and the means are becoming more and more advanced. Traditional anti-crawler technology has been unable to cope with it through the malicious IP source library and the crawler access frequency. Ruishu's dynamic security technology changes the traditional security protection thinking, from the identification of "automation and toolization" as the core, through dynamic encapsulation, one-time dynamic tokens, dynamic verification and other dynamic engines, effectively identify and block various new types of crawler tools, protect the company's data assets, and ensure normal business and data services."

The secret weapon to stop robots from snatching tickets

The phenomenon of using robot programs to grab tickets and resell them has always existed in various online shopping, online ticket purchases, and online games. On August 2, 2016, singer Li Yuchun's 2016 Savage Growth Tour Shenzhen Station, 200 tickets priced at 1,880 yuan and 200 tickets priced at 1,280 yuan sold out in seconds on LeTV Mall. It was found that there were a large number of scalper orders in the event orders. In order to prevent scalpers from illegally profiting from selling tickets at a higher price, LeTV Mall had to cancel all orders.

Ma Weiyan pointed out: "These robot programs are customized software designed for a certain website business, which automatically implements the website's purchase business operation process. For example, they can automatically and quickly fill in the information of each column on the web page, so that the ticket booking work can be completed in just 2-3 seconds, resulting in the strange phenomenon that popular products and concert tickets are sold out immediately after they are put on sale. The root cause of this result is the robot program, which replaces the behavior of "real people" with "robots". Due to the high relevance to the business, such problems are often solved through application development in the past, and the conventional practice is to limit and judge "non-human" behavior through the frequency and quantity of ticket purchase business operations. However, it is found that these containment measures are still not effective in preventing strong and continuous "robot" behavior, and normal purchase visits will still be affected.

The robot firewall developed by Ruishu Information adopts a dynamic security technology architecture with a new concept design. It does not rely on the robot judgment method of limiting frequency and quantity, but judges "people" and "robots" by dynamically generating tokens and dynamically verifying access behaviors. For example, it can distinguish and block when the frequency or number of ticket bookings reaches a certain threshold. This mechanism of identifying whether it is an automated operation makes the protection function independent of a specific application, and any "non-human" access behavior that simulates business logic can be identified.

"Based on actual applications in enterprises with online businesses, we found that the Ruishu Robot Firewall can block approximately 95% of business abuse robot attacks, helping to maintain the fairness of transactions and the stability of existing application servers." Ms. Ma Weiyan, Chief Strategy Officer of Ruishu Information, emphasized.

Zero patches, zero rules - outperforming zero-day vulnerabilities

The zero-day vulnerability problem is a headache for security practitioners. Initially, it was because zero-day attacks were used to target governments and important national infrastructure, and were often associated with APT. It was not something that traditional security technology, or even a single technology, could prevent. Because it involves key industries and systems, it poses great risks and harms, but it does not involve a wide range of companies. In recent years, more and more zero-day vulnerabilities have been disclosed, and the impact has increasingly spread to all walks of life, not just the security community, but has even become a problem in companies. The reason for this is the continuous spread of open source code, which is used by companies to develop business systems, shorten project cycles, and bring businesses to market as quickly as possible.

The codes in these open source components are reused by multiple devices and systems. Once a zero-day vulnerability is found in a component, the risks are often multiplied. The successive zero-day vulnerabilities of Struts S2 from last year to this year have proved this point.

The current protection measures for such vulnerabilities are mainly patching and updating component versions. Traditional WAF vendors can only effectively defend after updating their policy rules or feature libraries based on the attack characteristics of the vulnerability exploitation. In this current situation of "lagging behind the attack", it is good enough for security vendors and enterprises to be able to quickly warn and respond in time. However, when the vulnerability is discovered and announced, there are usually vulnerability exploitation tools that have already become popular and spread on the Internet. Some companies' Web applications are bound to be affected by such zero-day attacks. This post-event passive defense method is obviously powerless in the face of new threats. If enterprises use these open source components as the software base platform on a large scale, the large-scale vulnerability detection and patching work will also cause users a lot of trouble.

"The engine of the Ruishu Robot Firewall is not a quick update of the feature library and rule library after the zero-day vulnerability is disclosed. Its implementation mechanism is not the traditional one that relies on the attack features of the zero-day vulnerability to identify and block attacks, but rather it identifies and blocks attacks by identifying whether they are scripts, programs, or tools, and combining dynamic tokens and dynamic verification technologies. Therefore, assuming that the methods and tools for exploiting the vulnerability are maliciously used in the enterprise before the zero-day vulnerability is disclosed, the Ruishu Robot Firewall can effectively block the zero-day attack."

Ma Wei-yan also mentioned: "In fact, the disclosure of zero-day vulnerabilities is often accompanied by vulnerability detection techniques. The disclosure of these techniques is a double-edged sword. While detecting whether there are zero-day vulnerabilities, it is also an opportunity to exploit the vulnerabilities in large numbers. In other words, the techniques themselves are almost equal to both the attacker and the defender. For corporate security, it is a competition of who is 'faster'. Obviously, patching and setting rules will definitely lag behind the means of attack. An attack that exploits a vulnerability during the patch window period may result in the implantation of Trojans at the least, or information leakage at the worst."

In the face of zero-day vulnerabilities, although monitoring, response, and early warning based on traditional security technologies are important means to strengthen active defense, they still cannot fundamentally change the passive situation of the defender. Ruishu Information uses innovative dynamic security technology to identify and protect vulnerabilities when they are exploited, which is a true active defense against web zero-day vulnerabilities in terms of technical mechanism.

Not only zero-day vulnerabilities, but also the detection and scanning of known vulnerabilities are tool-based and automated robot behaviors. After being protected by the Ruishu robot firewall, vulnerability scanning cannot discover vulnerabilities in web applications. When corporate customers are faced with frequent and even urgent patching and complex operation and maintenance tasks, or faced with difficult situations where patching affects business systems, this way of hiding vulnerabilities and active defense against zero-day vulnerabilities will undoubtedly be very popular among enterprises.

Build a 360° protection network without blind spots

Of course, if an enterprise wants to protect the security of application website servers, it is absolutely impossible to rely solely on a single protection method. Instead, it must start by reducing website vulnerabilities itself and combine a variety of asset security equipment to build a 360° protection network with no blind spots.

More importantly, managers of enterprise IT departments should start from the hacker mindset and re-examine the vulnerabilities of application service websites in order to create a protection mechanism that can block the intrusion of malware and robot programs.

It is understood that Ruishu Robot Firewall has been widely used in the domestic market, and many large domestic enterprises are loyal users of Ruishu Information. The user range covers telecommunications, banks, and many industrial institutions that mainly provide network application services. In the future, Ruishu Information's dynamic security defense system will help more and more companies get out of the shadow of security threats.

"Ruishu Information has realized the huge challenges that the popularity of applications has brought to asset security." Ma Weiyan said that the asset security challenges faced by various application service websites today are far greater than in the past. In addition to attributing this to the continuous improvement of hacker attack methods, it is also related to the in-depth development of application services. She introduced that many emerging data application services in China use various robot programs to simulate legal operations to steal and aggregate user data from different websites, conduct secondary analysis, product recommendations and data sales services, resulting in an invisible increase in the user website load.