Ding Ke, the hottest vice president of Tencent, th

  • Detail

Ding Ke, vice president of Tencent: the combination of artificial intelligence and network security is the focus of future investment

CS 2018 conference discussion site

On August 27, the fourth Internet Security Leadership Summit was held in Beijing. With the theme of "strong security driven new digital ecosystem", this summit has attracted enterprises and experts from many popular industrial fields, such as Internet finance, smart cars, IOT, intelligent hardware, etc. Ding Ke, senior vice president of Tencent, said in his speech that in the digital economy, the users of experimental machines are replaced in ordinary experiments. Information security is not only a basic ability, but also a driving force for industrial development and normal social operation. Traditional enterprises urgently need to work in the two directions of security awareness and transformation of security concept

increasing security investment failed to effectively reduce information security risks

with the development of big data, artificial intelligence, cloud, IOT and other technologies, as well as the continuous deepening of the digital transformation process in traditional fields, network security issues are becoming more and more complex, and their importance is becoming more and more prominent

Zhong Zhong, deputy director of the Security Bureau of the Ministry of public security, said in his speech that this year the Ministry of Public Security launched a nationwide "net 2018" special action, which has uncovered more than 22000 criminal cases involving more than 30000 illegal suspect. He stressed that the Ministry of public security has strengthened the governance of Internet Security in its actions

in the past six months, several WiFi password sharing software were exposed to be suspected of invading others' WiFi networks and stealing users' personal information. For example, the Network Security Bureau of the Ministry of public security intensively interviewed relevant enterprises and proposed five guiding measures to 119 enterprises providing services in China. Zhong Zhong revealed that up to now, more than 30 enterprises have improved according to the management requirements, more than 90 enterprises have stopped relevant services, and more than 20 enterprises with serious problems have taken offline measures

however, while strengthening the remediation of traditional security issues, new security issues are also emerging

in January, coincheck, one of Japan's largest cryptocurrency exchanges, was attacked by hackers, and the digital currency with a platform value of $530million was illegally transferred. Since June, the P2P loan industry has experienced frequent incidents such as legal person running away and platform losing contact. Users' funds cannot be redeemed and their personal information is missing

According to Gartner Group's report in April, the scale of the global security industry has grown steadily, reaching US $99 billion in 2017 and is expected to grow to US $106 billion in 2018. However, the continuous increase in investment has not effectively reduced the risk of information security. According to the report of the Ponemon Institute, the total amount of cyber attacks suffered by global enterprises in 2017 increased by 15% over the previous year, and the severity increased by 23% - the severity of the damage is no longer limited to the traditional material and property losses, but will affect operations, manufacturing and even human life safety

Ding Ke believes that these phenomena are sending a message: in the era of digital economy, information security is not only a basic ability, but also a driving force for industrial development and normal social operation. "Security has become the 1 in front of all 0. Without 1, all 0 have no meaning."

the security awareness upgrading of traditional enterprises should go beyond the existing business boundaries

"I have been thinking, is our network environment getting better, or are we facing more new problems?" Ding Ke pointed out that traditional safety problems can be solved by specification, but new safety problems are often accompanied by the development of the latest technology. The faster the development of new technology, the clearer the business model, and the less safety supporting measures

therefore, he believes that the construction of a new ecosystem of digital security needs to work on two major paths: first, the upgrading of security awareness. In 2017, the research team of Tencent security Cohen laboratory was invited to provide technical support to BMW. In 13 months, 14 different security problems were found. "For traditional enterprises, security awareness upgrading should go beyond the existing business boundaries, because security issues may not appear in the original system," he said

the second is to transform the safety concept. The traditional security concept takes attack and defense as the main body. In the face of the new digital ecosystem, we should jump out of the concept of attack and defense, promote the linkage of government, enterprises and users on the basis of cooperation, jointly improve the awareness of protection, and avoid a certain link in the chain being broken, resulting in the destruction of the security protection of the entire ecosystem

Nandu learned that Tencent will set up new laboratories in addition to the existing seven laboratories in the future, and the investment focus will be divided into soft and hard PVC, which is the aspect of artificial intelligence, especially the combination with network security

Li Wei, vice president of Tencent cloud:

security weaknesses are still common in enterprises at present

"over the past decade, all the admitted papers in the world will be included in the paper collection, and the investment of enterprises in security has increased more than ten times. All kinds of security companies have spared no effort to carry out research and innovation. Why is our network world still struggling with attack and defense response?" At the main forum of the fourth Internet Security Leadership Summit (css2018), Li Wei, vice president of Tencent cloud, said in his keynote speech that more than 80% of enterprises build "the great wall of security with its doors wide open and unattended"

according to Li Wei, Tencent cloud found that problems such as random weak passwords, basic system vulnerabilities not being repaired, and ignoring the security risks of early warning are common in the process of contacting enterprise customers. Some enterprises spent millions of yuan to buy various safety equipment, but after buying it back, they put these equipment aside and didn't even connect the power supply

"almost every Internet enterprise has invested huge costs in security, but at a time when enterprise security awareness is insufficient, security personnel are in short supply, and enterprise security systems and norms are not perfect, almost more than 80% of enterprises build 'the great wall of security with open doors and unattended'." Li Wei said

he also pointed out that despite the continuous emergence of new attack methods, simple and efficient traditional attack methods such as DDoS attack and SSH brute force cracking are still widely used, and even have a growing trend. Take SSH brute force attacks as an example. In July this year, Tencent cloud intercepted more than 300million brute force attacks for customers. According to the report of Tencent security Yunding laboratory, the top three weak passwords used in attacks are admin, pass word and root, accounting for 98.7% of the attacks

under the current situation that enterprises generally have security weaknesses and the overall response ability of the industry is weak, Tencent cloud is exploring two major areas: intelligent security and cloud management end collaborative prevention and control. Li Wei introduced that Tencent AI engine has achieved remarkable results in financial anti fraud and other fields. Since January 2017, Tencent yuntianyu anti fraud system has identified a total of 40million malicious applications, avoiding the capital risk of more than 100 billion

collaborative prevention and control at the cloud management end is the security concept that Tencent has been emphasizing in the past two years. It is understood that the concept of "cloud management end" first appeared in 2010. Cloud refers to business, management refers to access, and end refers to terminal. As more and more enterprises rely on public cloud manufacturers to carry out business, attacks targeting public cloud are on the rise. Li Wei believes that after the security boundary is blurred, the security defense will be different from the previous single point defense. Enterprises need to construct full link prevention and control at the cloud management end, and find more hidden threats through information linkage and abnormal behavior association

world's top hackers:

hacking GPS has little impact on driverless cars

at the fourth Internet Security Leadership Summit on the 27th, the appearance of Charlie Miller, the world's top hacker known as the "founder of automotive hackers", excited many people. He has found many major system vulnerabilities of apple and won the championship of the world's top hacker competition pwn2own for four consecutive years in 2018. However, the most popular thing is that he once hacked into jeep's system, forcing jeep's parent company to recall 1.4 million vehicles with system vulnerabilities

today, Miller is the chief architect of cruise self driving safety under general motors. In his view, self driving cars currently have some safety advantages

According to Miller, first of all, self driving is not popular at present. It is basically used internally by automobile development companies, which sets a threshold for hackers to understand the structure of the car. Users can also pay attention to whether there are problems in the car at all times, update the system in time, and keep the car in a better state; Secondly, ordinary cars have a main controller, such as Bluetooth and WiFi, which are completely unnecessary for self driving. The chance of hacker attack naturally decreases with the reduction of external communication entering the car

"you may think that the self driving will be greatly damaged if the positioning software is tampered with, but in fact, the self driving does not rely much on GPS, but uses the internal map", Miller explained that the self driving has a very detailed map of the surrounding environment, which has many detailed annotations, so in addition to GPS, you can also locate according to the internal map. "If you change a sign or remove it from the road, you will not confuse self driving." he believes that the hacker technology for GPS will not have much impact on self driving

however, self driving also has many safety risks that are quite different from traditional cars. Miller is most concerned about long-range attacks. Based on the attributes of self driving cars, if a car can be successfully invaded, it means that all self driving cars may be broken; The other is sensor attack. He pointed out that self driving cars often have complex sensors, such as lidar. Once the sensor is tampered with, the car will make abnormal behavior, and even drive in a dangerous way

the safety protection of self driving is different from the traditional way, but there are also some common challenges. Miller believes that although self driving is still in the development stage, new safety problems often accompany the rapid development of technology. "So we need to do a good job in safety now to avoid major safety problems for self driving in the future," he said

written by: Jiang Lin, Feng Qunxing, you Yiwei, intern of Nandu, Qian Liujun, from Beijing

Copyright © 2011 JIN SHI