Zhang Jing, CEO of Anyun Technology: Unique security solutions for the industry

With the advent of the era of big data, in the face of the explosive growth of data, data security and privacy protection issues have attracted more people's attention. At present, the legal protection of security can not catch up with the development of technology, only for the characteristics of the industry to analyze the problem, formulate security needs, and find protective countermeasures is the most reasonable and appropriate approach. Today, 51cto reporter interviewed Zhang Jing, special lecturer of the wot2016 Enterprise Security Technology Summit and CEO of Anyun Technology, and then took a look at the current situation of the security field with this expert in the security field, and how to explore the direction and how to do its unique security solutions for different industries.

Zhang Jing, CEO of Shandong Anyun Information Technology Co., Ltd

About Zhang Jing About Anyun Technology

Zhang Jing, who was exposed to network attack and defense technology knowledge during his college years in 2000, has been engaged in information security work since graduation. After eight years of working at NSFOCUS Technology, he has a comprehensive understanding of the situation of the information security industry, the development trend of information security technology, the operation of information security projects for major customers, the construction status of information security system in government and enterprise units, the management of information security technology teams, and the cultivation of talents. In 2013, he founded Anyun Technology.

Anyun Technology, which was founded with only 4 people, has now become a leading enterprise in information security technology in Shandong Province and actively expanded its business nationwide. Anyun Technology Anylab Laboratory has gathered more than ten professional security attack and defense technology researchers, and has in-depth research and achievements in the fields of information security risk assessment, penetration testing, attack forensics, software reverse, and vulnerability mining. The R&D team has also successively launched the "Thousand Machines" information security attack and defense training system and the competition system, the "Cloud Eye" security threat intelligence situation awareness system, and the "Qianxun" document big data management system.

The current situation in the field of domestic security and the direction to be tapped

In the current situation in the field of domestic security, the state attaches more and more importance to cyberspace security, the Cybersecurity Law is about to be promulgated, and more and more government and enterprise units have transformed their false needs into real needs. What used to be a large number of relationship-based security projects will be transformed into real-world technology competition. In addition, 2013-2018 is a period of great change in the domestic information security industry, the rise of the Internet model, 360, Ali, Tencent and other Internet giants intervened, and a large number of innovative Internet security companies have emerged, the traditional product development and sales of security companies have a certain degree of decline, around the innovative security technology, innovative security business model investment is becoming increasingly hot.

The competition between traditional information security vendors is like a mountain offensive and defensive war, laying down one hilltop position after another, taking the surface from point to point, controlling the theater, and deploying defense at all levels, fighting a protracted war. Now the Internet security is a naval war, the whole world is flat, even if today it still controls the entire Pacific Ocean, a battle lost, may be completely destroyed. There can be no slack in strategy and tactics, and tomorrow's fiasco will inevitably be due to today's slackness. Now Internet entrepreneurship must focus on core competitiveness, at least to achieve the top three subdivision of the industry, the complementary integration of advantageous resources is the general trend of the security industry in the future.

The direction to be tapped, the security industry and security technology development and government and enterprise unit security demands are disconnected, technology development is running too fast, government and enterprise unit security supervisors can not keep up, especially in third- and fourth-tier cities government and enterprise unit security supervisors to obtain too little security industry information, in the face of many safety products, security solutions can not be judged. Everyone has a comparative psychology, nothing more than hoping to understand which aspects of information security construction are stronger than other units, which aspects are worse than other units, and how others are doing it.

You can consider sorting out a set of standard specifications on the basis of existing compliance standards and industry best practices, and develop a security self-test website to simply and quickly evaluate the hidden dangers of security and propose targeted solutions. This is very practical for the security supervisors of many government and enterprise units.

Security solutions are available in different industries

Zhang Jing said that each industry has a corresponding security solution, such as education, medical care, finance and so on. Anyun Technology won the cncert network security emergency service support unit, joined the China Internet Security Threat Remediation Alliance, improved the security threat intelligence and emergency support team, and provided high-quality products and localized services for our customers.

Medical industry, medical business data leakage prevention solutions. This year, there have been more than 300 national medical data breaches exposed on dark clouds, patching days, and loophole boxes, including hospital leaked data, health system leaked data, disease control system leaked data, etc.; types include health records, outpatient records, examination reports, etc. Aiming at the characteristics of network business in the medical industry and the attack path of hacker intrusion data theft, Anyun Technology provides a comprehensive "Medical Business Data Leakage Prevention Solution" to ensure medical data security from early warning, monitoring, protection and traceability 360 degrees.

Education industry, cyberspace security lab solutions. The solution is not only the construction of offensive and defensive laboratories, but also includes the evaluation of students' safety quality and ability, the recommendation of courses and learning routes, the teaching of theoretical and practical courses, the safety technology competition, the summer training summer camp, the salon activities, the crowdsourcing of safety projects, the research and development of safety topics, the safety innovation and entrepreneurship competition, the safety project practice, the internship of the safety company, the recommendation of safe employment and other one-stop services.

Anyun Technology business direction and strategic planning

The current business direction is mainly divided into: first, with the "thousand machines" information security attack and defense training and competition products as the core, to provide universities and electric power, public security and other industries customer information security laboratory construction, to provide security knowledge and attack and defense competition services; the second is to use the "cloud eye" security threat intelligence situational awareness system, monitoring and discovery of government and enterprise units Internet business system and data security intelligence, to provide web site monitoring, penetration testing, security reinforcement, waf cloud defense, emergency response, forensic traceability, comprehensive risk assessment, Security integration solutions, legal support one-stop solution.

Current strategic planning: Anyun Technology hopes to focus on core competitiveness, focusing on the cultivation of information security professionals and the landing service of SAAS security cloud services.

At present, there is a gap of more than 500,000 domestic information security professionals, especially professionals in the fields of information security management, security operation and maintenance, risk control, security integration, and security development. At present, many colleges and universities focus on theoretical teaching, and information security training institutions and competitions focus on attack technology or hacking teaching, which are divorced from professionalism and comprehensive ability, and a large number of hackers are trained, but there are still very few professionals who really have the ability to improve the security system.

Combining hundreds of information security risk assessment, system construction, operation and maintenance service experience, Anyun Technology has implemented it into the training of professional security talents and community construction to achieve the standardization and large-scale replication of professional talents.

In addition, emerging saas cloud security services such as 360, Know Chuangyu, and Wuyi have a large number of security threat big data, but localization services are difficult to land and the customer experience is poor; traditional security services rely on personal experience, which is difficult to copy, and the delivery quality is uneven. Anyun Technology is committed to solving a variety of cloud security SAAS service model localization service landing, realizing the service model of computer plus human brain, improving user service experience, and creating a new channel cooperation model for SAAS cloud services.

At the end of the interview, Zhang Jing said that the theme of his speech at the Wot Security Summit focused on the cultivation of information security talents, mainly to explore the impact of personality on the career development path of information security, most of the students' personality in college is basically cultivated, and the follow-up changes are not large. There are many development directions in the information security profession, and it is important to choose the right development direction for yourself when entering the industry and the right person to choose the right person for the position when recruiting. Starting from the perspective of each person's personality, through the safety professional quality assessment, we will discuss the training strategy and selection skills of enterprise safety management talents.