On May 23rd, 2017, the 2017 China Network Security Annual Conference was held in Qingdao, Shandong, on the theme “Fusion Promotes Development, Collaboration Jointly Builds Security”. More than 900 people from government, enterprises, industry associations, universities and research institutes, as well as representatives from CNCERT international partners, attended this conference. Chen Zhaoxiong, member of the Party Committee and Deputy Minister of the Ministry of Industry and Information Technology, Wang Shujian, Deputy Governor of Shandong Province, Huang Chengqing, Director of CNCERT/CC, Yi Xueqing, Director Secretary of the China Institute of Communications and other leaders attended the conference and delivered speeches.

As an innovative enterprise in the field of information security in China, Surfilter was invited to attend this annual conference where its vice president delivered a keynote speech titled “Challenges and Positioning of Network Situation Awareness from the Blackmail Worm Emergency”, in the Emergency Response Sub-Forum.

Conference site

In the era of cloud computing and Internet of Things, network attacks are globalized, standardized and organized. In response to network security incidents that have emerged in an endless stream, traditional security measures characterized by pre-incident and post-incident defense and handling have become increasingly powerless. With the emergence of new types of network attacks, it has become the trend of current network security protection to conduct continuous monitoring of the network operation, and when it perceives an abnormal threat, conducts real-time monitoring and emergency handling. To do this we need a situational awareness platform system that integrates monitoring, early warning, response, and handling before, during, and after the incident, and which can ensure awareness, monitoring and prevention & control of network threats.

At the conference, the monitoring and analysis of security threats represented by situational awareness became a hot topic. In the conference’s emergency response sub-forum, Zhou Yonglin, the Vice President of Surfilter, spoke about "situational awareness" that everyone was talking about, and gave a keynote speech titled "Challenges and Positioning of Network Situation Awareness from the Blackmail Worm Emergency".

1. Accurate judgment of the situation is the basis of network security work

Before analyzing situational awareness, Vice President Zhou used the WannaCry ransomware incident that broke out on May 12th as a starting point, to review the network security situation after the outbreak of the ransomware incident, and summarized the response by major security agencies during the outbreak of the incident. He drew a conclusion that the accurate evaluation of the security situation is the basis for doing a good job in network security.

Zhou Yonglin, Vice President of Surfilter, delivered a keynote speech

In his speech, Vice President Zhou explained that after the outbreak of the WannaCry ransomware incident, major security agencies and manufacturers in China released information on the virus’ development, protective tools and emergency guides, which greatly reduced the security threat of the virus to the domestic network. It is through relevant monitoring platforms that collect, monitor, research and analyze the virus transmission situation, that we can accurately evaluate and master the network security situation, so as to lay a solid protection foundation for preventing and handling the virus transmission path and resolve the security threat. Therefore, the accurate evaluation of the security situation is the basis for ensuring network security to guide the security protection work.

A full house at the conference venue

2. What is the situational awareness system?

When it came to the situational awareness system that everyone was talking about, Vice President Zhou said, “Business needs determine the form of situational awareness”. He answered that the morphological composition of the situational awareness system was based on the perspective of the business needs of the supervisory authorities and network operators and said that regardless of the form of the situational awareness system, the three fundamental aspects of the business needs are defined: goal-clearing, threat-identifying, and quick handling of threats.

Situational awareness system meets the challenges

He also said that the ability to identify threats is an essential element of situational awareness, but in the context of increasingly standardized network security work and increasingly clear management requirements, only owning the ability to identify threats is not enough. Situational awareness needs to be constructed into a platform for the whole system, which can support threat identification and support rapid handling. The most important ultimate goal is to support our commands and handling, in order to maximize network security, and this is the ultimate meaning of situational awareness.

3. Security shall not only be “visible”, but also “changeable”

At the end of his speech, Vice President Zhou said that situational awareness is a complete system that integrates monitoring, research, handling, and protection based on network security threat information. In fact, Surfilter’s network security situational awareness system is successful as it is based on Big Data and cloud computing technology, which is the concentrated expression of this security protection handling thought process.

Security shall not only be “visible”, but also “changeable”

Surfilter network security situational awareness system

Differing from traditional network protection products, Surfilter network security situational awareness system transforms passive protection into active protection. Through continuous monitoring and visual display of network security threats, it provides objective decision-making basis for network security risk analysis and future security protection measures. It makes security protection visible, controllable and predictable, while ensuring real-time, dynamic and active protection of the cyberspace.

The introduction of the network security situational awareness system can help change the “unaware” security status into an “aware” security status, and make it possible to perceive the network’s security situation and control it in advance. Surfilter’s security situational awareness system visualizes abstract network and system data, which can help users quickly grasp the network status, identify network abnormalities, intrusions, and control the development trend of network security events, and ensure network system operation security and stability.

With excellent service capabilities and standardized emergency handling procedures, Surfilter has been selected as the CNERT/CC provincial network security emergency service support unit for many years, and it has been reported that it has effectively handled emergency response of multiple network security incidents. In future, Surfilter will live up to the expectations of people from all walks of life, contribute to building a powerful country in the field of network security, support national network security construction, and defend the national network security strategy.