Cyber Defense Magazine - Annual RSA Conference 2019 - Print Edition
Cyber Defense Magazine - Electronic Version - Annual RSA Conference 2019 - Print Edition
Cyber Defense Magazine - Electronic Version - Annual RSA Conference 2019 - Print Edition
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
360 ESG, itself, is endowed<br />
with PE sample collection<br />
capacity at tens of billions<br />
level. The capability of fulldose<br />
data collection and rapid<br />
data processing makes 360<br />
more efficient in producing<br />
threat intelligence. On the one<br />
hand, the timeliness of threat<br />
intelligence is guaranteed to<br />
the greatest extent; on the<br />
other hand, the customization<br />
capability of threat intelligence<br />
products in many subdivided<br />
fields is also supported by<br />
sufficient data.<br />
Then how can 360 ESG own<br />
such big data for security? To be<br />
more specific, it aims to provide<br />
useful and all-dimensional IP<br />
reputation for information and<br />
realize the ability to discover,<br />
evaluate and track a variety of<br />
epidemic and advanced targeted<br />
attacks by producing attack<br />
discovery logs of vast terminal<br />
samples, active defense data,<br />
file credit information and a<br />
variety of security products (such<br />
as website security, firewall,<br />
situational awareness, advanced<br />
threat discovery, etc.), and<br />
integrating the identification<br />
and portraits of associated threat<br />
sources based on huge security<br />
terminal software installation<br />
foundation in China. Meanwhile,<br />
as the basic data of machinereadable<br />
intelligence in batch<br />
production, it can realize<br />
local and popular attack IOC<br />
coverage. Besides, relying on<br />
vast threat intelligence source<br />
data like historical Passive DNS<br />
and Whois data, 360 ESG is<br />
endowed with efficient capability<br />
to discover threat, associate and<br />
attack sources.<br />
Based on threat intelligence,<br />
360 ESG also owns the firstclass<br />
ability to discover and<br />
track APT groups. According<br />
to the statistics, 38 APT groups<br />
are monitored by 360 in total,<br />
which is the supplier who<br />
published the most APT reports<br />
in China. APT groups firstly<br />
discovered and named by 360<br />
include OceanLotus, APT-C-12,<br />
APT-C-01, etc.<br />
In the year of 2018, 360 threat<br />
intelligence center published<br />
more than 20 technical reports<br />
on APT activity, which involve<br />
six independent APT groups,<br />
including two firstly revealed<br />
groups in 2018, and discovered<br />
two in the wild 0day vulnerability<br />
attack cases, thus taking the<br />
leading position together with<br />
internationally recognized<br />
suppliers.<br />
Such kind of experience<br />
accumulation and strength<br />
demonstration is attributed to<br />
360 ESG threat intelligence<br />
research and analysis team,<br />
which is formed by nearly 100<br />
experts. Specialized talents are<br />
available for all links of threat<br />
analysis, including public<br />
intelligence collection, data<br />
processing, malicious code<br />
analysis, network traffic analysis<br />
and clue mining expansion, thus<br />
providing powerful basic data<br />
and threat assessment support<br />
for improving the ability in<br />
developing security services and<br />
products of threat intelligence.<br />
Till now, 360 ESG has already<br />
published many threat<br />
intelligence products like Alpha<br />
threat analysis platform, threat<br />
intelligence platform - TIP,<br />
threat intelligence platform for<br />
regulatory industry - threat radar,<br />
advanced threat intelligence<br />
analysis services and Cloud<br />
SaaS API, and has been able to<br />
provide customized industrial<br />
solutions for different customers,<br />
thus playing a leading role in the<br />
industry in terms of the delivery<br />
success rate.<br />
In addition, core security products<br />
and services like 360 intelligent<br />
firewall, EDR, NGSOC, situational<br />
awareness, Cloud security and<br />
virtual security are integrated<br />
into the threat intelligence<br />
ability. The machine-readable<br />
intelligence can be rapidly sent<br />
to security devices, formulating<br />
a linkage defense system driven<br />
by threat intelligence. 360 ESG<br />
will make persistent efforts to<br />
demonstrate more excellent<br />
threat intelligence ability in the<br />
future.<br />
Liejun Wang is the Director of<br />
360 threat intelligence center,<br />
with a focus on malware analysis<br />
and APT tracking.<br />
18 <strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong> - <strong>Annual</strong> <strong>Print</strong> <strong>Edition</strong> <strong>2019</strong>