Company News

Cyberspace Data Governance Expert

CNCERT2018 | Bro-based threat tracking ideas and practices
  16 Aug 2018From: Surfilter

The last day of the 2018 China Internet Security Annual Conference is ongoing, and various conference activities are still in progress. After experts and scholars discussed major issues such as network security industry environment, development trends and technological innovations on the first day, let us now focus on the eight major sub-forums of the conference led by technical discussions, and listen to the results analysis and security practices shared by technical experts, from respective security areas.

This conference has eight special sub-forums—emergency response, situational awareness, network attack traceability, threat intelligence, Internet of Things, artificial intelligence, security loopholes and data security. On the morning of the 16th, at the Emergency Response sub-forum, discussions were held on how to handle network environment where security threats are rampant, to discover unknown network attacks and supplementing security protection, where Surfilter proposed new ideas for security detection, prevention and threat source protection.

Peng Junbo, Offensive and Defensive Manager at Surfilter's SURFSRC Laboratory

Peng Junbo, Offensive and Defensive Manager at Surfilter's SURFSRC Laboratory

Traditional network security products are incapable to face the current high-level and complex threats, mainly because they are still based on passive detection methods, that is, only after a threat occurs, is the emergency  forensic investigation initiated. However, the threat has already taken place. It is there, but there is no obvious warning and then it is ignored. As a matter of fact, there are still suspicious attacks. At such a time, a threat analysis mechanism must be launched to discover, analyze and trace the threat.The threat tracking mechanism needs to be based on a large number of high-quality targeted data. This is the reason why Bro, this different NIDS is introduced, because it can generate a large amount of rich network metadata through configuration, supporting subsequent analysis. To reduce the workload of security analysts, the analysis time needs to be greatly reduced by using Big Data-based correlation analysis and visualization-based analysis. This was also the direction of the “Bro-based Threat Tracking Ideas and Practice” topic introduced by Peng Junbo.