"AI large models will open a new round of 'attacking strong and defensively weak', and the characteristics of large models efficiently generalizing content generation will allow hackers to launch more intensive attacks with lower thresholds and costs; Defenders need more careful logical connections and more accurate traceability. In the process of implementing new technologies, cost efficiency will undergo a more severe test cycle. ”
On September 8, Ding Ke, Vice President of Tencent Group and President of Tencent Security, delivered a keynote speech at the Tencent Global Digital Ecosystem Conference, interpreting the opportunities and security challenges brought to the industrial Internet by the AI big model, and combining the "digital security immunity" model framework and the practice of top customers, he proposed that enterprises need to re-evaluate security construction in the intelligent era.
Ding Ke, Vice President of Tencent Group and President of Tencent Security, delivered a keynote speech at the Tencent Global Digital Ecosystem Conference on Digital Security
Ding Ke said that as the industrial Internet enters the second half of "intelligence", enterprise security construction will face four challenges: the radius of enterprise security defense will be greatly increased, the response window after an attack will be further shortened, the difficulty of distinguishing between "people" and "machines" will increase, and the existing security "intelligence database" will gradually fail.
In the face of the security impact caused by AI large models, Ding Ke believes that traditional security tools, experience, and strategies will lose their effectiveness, and enterprises need to adjust security construction goals and paths around core assets in a timely manner. At the conference, Ding Ke put forward three adjustment ideas based on the joint practice of Tencent Security and a large number of enterprise customers.
First, to embrace the intelligent era, it is necessary to establish a development-driven safety construction concept. The large model will allow all walks of life to accelerate the interaction with data, and intelligence and data assetization will become the main characteristics. Enterprise security construction needs to focus on data and services to support the development strategy of enterprises in the intelligent era and align with the development goals in the next 5-10 years.
Second, establish a measurable security system and evaluate the effectiveness of security construction. In June this year, Tencent Security and IDC jointly released the "Digital Security Immunity" model framework, which abstracts the complex security system into an onion model, and establishes a security system of three levels and six modules around the company's data and business from the inside out, and is committed to providing the corporate decision-making level with a "coordinate system" for steering security, which can locate which sector the security investment and benefits are from a strategic perspective.
Third, to cope with the offensive and defensive trend in the intelligent era, enterprises need to build an intrinsic adaptive "security immunity". Security construction is dynamic, and it is necessary to build more flexible, elastic, and scalable security immunity capabilities to adapt to the rapid changes in the intelligent era. Through innovative solutions such as the big risk control model, data security governance center, and canopy bypass blocking, Tencent Security has helped enterprises build long-term sustainable security immunity in key areas such as business risk control, data security, and intelligent security operations.
Ding Ke said that as the industrial Internet enters the second half of the intelligentization driven by large models, Tencent Security is willing to work with all sectors of the industry to build a more proactive and sustainable digital security immunity ecosystem and calmly cope with security challenges in the new era.
The following is the full text of the speech:
Hello everyone, I'm Ding Ke of Tencent Security, welcome to the security session of the Tencent Digital Ecosystem Conference. The "intelligent emergence" brought by AI big models empowers new development opportunities in thousands of industries, and also brings new challenges to enterprise security construction
The first is that AI large models will open a new round of "attacking the strong and defending the weak". In the field of security, there is a natural asymmetry between the attacker and the defender. Recent year-over-year data also shows a 135% increase in social worker attacks and a 2.6-fold increase in phishing emails over the same period. The efficient generalization of content generation by large models will allow hackers to launch more intensive attacks at a lower threshold and cost.
In contrast, defense requires more careful logical correlation and more accurate traceability. In the process of implementing new technologies, cost efficiency will undergo a more severe test cycle.
Specifically, as the industrial Internet enters the second half of "intelligence", enterprise security construction will face the following four challenges.
First, the radius of enterprise security defense will increase significantly. In the era of AI large model-driven intelligence, the interaction and analysis behavior around data will become more and more common, which will further expand the exposure of enterprise risks, and the dynamic data transfer and use require more perfect protection means.
Second, the response window after an attack will be further shortened. After the cost and threshold of the attacker decrease, the frequency and density of its attacks will increase significantly, the previous offensive and defensive rhythm may be turn-based, and the defender has one day or a week to adjust the security strategy; However, with the blessing of large models, hackers will turn attack and defense into "real-time strategy" confrontation, and the response time window of enterprises will be forced to shorten to the level of hours or minutes.
Third, in enterprise security defense, it will be more difficult to distinguish between "people" and "machines". For example, recently, many music fans have grabbed tickets online, which is very difficult and causes great complaints. However, we found that many black and gray industries use AI to fake real users, so that the risk control model of the ticket company quickly fails, and even enters the undefended state in a short time. As more and more businesses move online, more advanced technologies must be applied to determine in real time which are normal users and which are malicious and invalid machine access.
Finally, entering the second half of intelligence, the existing security "intelligence database" of enterprises will gradually fail. Enterprise security construction often relies on security intelligence databases to record malicious IP and abnormal traffic characteristics that often do bad things; When hackers use generative AI to transform a large number of behavioral characteristics in real time, the traditional static intelligence database will gradually lose its protection value.
In the face of new security challenges caused by AI models, traditional security tools, experiences, and strategies will lose their effectiveness, how can enterprises adjust their security construction paths in a timely manner and evaluate the effectiveness of their own security systems? Combining the common practice of Tencent Security and a large number of enterprise customers in the past, I would like to share with you the following three thoughts:
First, to embrace the intelligent era, it is necessary to establish a development-driven safety construction concept.
The goal of enterprise security construction is always to protect the most important assets of enterprises and the fastest growing business. AI big models will accelerate data interaction in all walks of life, intelligence and data assetization will become the main features, and enterprise data and digital business will become core assets and become more and more important. Enterprise security construction needs to focus on enterprise data and business to support the development strategy of enterprises in the digital era and align with their development goals in the next 5-10 years.
In fact, in the past stage, some leading enterprises in the industry have established demonstration effects in this regard. COSCO SHIPPING is a benchmark in the logistics industry, and its development momentum in recent years has been very good, and last year's net profit exceeded the 100 billion mark. They are also ahead of the curve in security thinking, and when cooperating with Tencent Security, they clearly deployed the line of defense around core data assets and digital applications, and the two sides worked together to integrate technology and experts to escort the development of COSCO SHIPPING.
In the field of consumer finance, understanding users' financial habits and the convenience of online financial services is fundamental to survival. Since 2020, Centaline has cooperated with Tencent Security, from anti-fraud, to federated learning modeling, to intelligent decision-making platform, the two parties have jointly built a dynamic and intelligent security risk control system to support the development of online financial business with tens of millions of users.
Second, enterprises need to establish a measurable security system and evaluate the effectiveness of security construction.
After clarifying the security goals, how to establish a sound and effective security system around core assets? Just like the previous crash test to test the physical safety of the car, but in today's intelligent era, the safety assessment of the car must also consider the network security and user privacy parts.
In June this year, Tencent Security and IDC jointly released the "Digital Security Immunity" model framework, which abstracts the complex security system into an onion model, and establishes a security system of three levels and six modules around the data and business of enterprises from the inside out.
This model framework first gives the corporate decision-making level a "coordinate system" for steering safety, which can locate which sector the security input and benefits are in from a strategic perspective. According to our practice serving TOP300 customers, 50% of the enterprise security budget should be deployed in the data and business risk control layer, 20% in the intelligent security operation layer, and 30% in the perimeter security tool layer.
Based on the new model framework, we have also developed a "digital security immunity assessment tool", which is called the "personality test" of the security version by participating enterprises, which can help enterprises grasp the overall security status of the enterprise from a global perspective. A total of 60 financial, energy and industrial companies participated in the test, and we also found some common problems.
The overall score of the financial industry is first, but there are deficiencies in the segmented business risk control scenarios; Energy and industrial security tools are well deployed, but the modules around critical data and business need to be improved; After each company participates in the test, it can get a benchmark score, and can know what level they are in the industry, and what is the gap between them and the head and median of the industry.
At the same time, today's conference, we also announced the official launch of this assessment tool, and later my colleagues will introduce the detailed use process and improvement suggestions, so that enterprises in all walks of life can diagnose and solve problems on their own.
Third, to cope with the offensive and defensive trend in the intelligent era, enterprises need to build an intrinsic adaptive "security immunity".
Safety construction is dynamic, but if the external technology and security trends change, it is necessary to rebuild the security system of an entire module to match, which is unqualified from the perspective of cost and effect. By creating more flexible, elastic, and scalable security immunity capabilities, the security construction of enterprises will be more effective.
For example, in the field of business risk control, financial institutions often enrich their risk control rules by purchasing a large amount of external data, but the underlying risk control model may not change for two or three years, and the customer group characteristics change slightly before purchasing data again. With the help of Tencent Cloud's risk control model, Dongfeng Nissan Financial Leasing completed customized risk control modeling with only a small number of samples, so that the lowest model has solid risk control immunity and supports the development of financial business.
In terms of data security, many enterprises adopt the traditional solution of stacking multiple point products, which is difficult to adapt to the needs of data security governance in the current environment. Through products such as the Data Security Governance Center, Tencent Security provided a large retail enterprise with cloud-native asset management, rapid risk discovery, and transformation-free data security management and control, realizing a closed loop of data security governance.
In the field of security operations, Tencent Security has created an innovative intrusion detection solution with high adaptability and strong scalability for ABC relying on the technical advantages of big data processing and AI analysis. Through bypass deployment, the risk blocking efficiency is greatly improved under the condition of zero business impact, and the safe operation of the banking system is guaranteed to the greatest extent.
We also open up our technology atomic capabilities, hoping to integrate Tencent's leading technology into the existing security capabilities of enterprises. Tencent's secure data analysis capabilities are precipitated into a secure data lake, and through technologies such as cloud native, storage and computing separation, MPP, and column storage, enterprises can reduce their security operation and storage costs by 90% and increase their data processing scale by more than 10 times. We also cooperate with established security vendors such as Tianrongxin and Ruijie to embed Tencent-level threat intelligence capabilities in firewalls, so that access control lists can achieve accurate, intelligent and efficient defense.
As the big model drives the industrial Internet into the second half of intelligence, Tencent Security is willing to work with all sectors of the industry to build a more proactive and sustainable digital security immunity ecosystem and calmly cope with security challenges in the new era.
Thank you.
Leifeng Net