“Stronger Together” is the theme of the RSA Conference this year. Under the trend that the cyber security industry not only deeply participates in international competition to ensure technological advancement, but also continues to strengthen independent innovation ability, this theme reflects the development vitality and unique confrontation characteristics of this industry and is in line with the current situation and threat landscape. Focusing on security decision-making and confrontation ability, the cyber security industry calls for cross-domain and cross-regional cooperation on technologies, products, businesses, intelligence, and laws to achieve high-quality growth.
Necessity of cooperation in security automation
The multiple security dimensions of assets, businesses and threats have brought increasing complexity and made security decisions become difficult. A security automation process, including automated asset and threat identification, vulnerability detection, policy issuance, and blocking, is absolutely a trend to improve security efficiency.
Cooperation driven by an automation process includes:
- Strengthen cooperation between security manufacturers. Gradually achieve interoperability of data and security policies on products from the same vendor and platforms across different companies within the same company; Improve the execution feasibility of the overall heterogeneous platform automation.
- Strengthen the cooperation between security manufacturers and upstream suppliers providing machines, components and software. Continuously improve security products and services, strengthen innovation capability through independent research and technology iteration, and deliver high-quality products and services fueled by a healthy cooperation ecology of the supply chain.
- Strengthen the cooperation between security manufacturers and downstream customers. Bridge the gap between businesses and security, and ensure that security requirements can be met reasonably through technical cooperation and joint product research and development.
Necessity of cooperation in threat intelligence sharing and intelligent decision-making
The rapid development of technology and products in the threat intelligence field is a typical example of the results of strengthened cooperation in the cybersecurity industry. With the continuous integration and cooperation of the global economy, trade and talents, the sharing and exchange of global threat intelligence resources is an important approach to continuously improve security monitoring capabilities and achieve precision protection. Through cross-domain cooperation, NSFOCUS Threat Intelligence (NTI) is built upon an industry-leading intelligence database, which supports the dynamic update and retrieval of all kinds of intelligence, including global 4.3 billion IPv4 mapping data, two billion+surviving IPv6 asset addresses, and the whole network website servers, and has realized the comprehensive integration of cross platforms, products, and APT scenarios.
Cybersecurity manufacturers actively embrace and continue to deepen the application of AI technology on the product side. At the same time, with the development of new technologies and products, cyber security manufacturers, cloud service providers, telecommunications operators, and data communication manufacturers are also required to strengthen the cooperation of new industrial application scenarios to improve the accuracy of intelligent decision-making. Based on the overall environment, real-time and dynamic security monitoring and adjustment of security policies are the evolution and development trends of the security framework. Zero trust and XDR (Extended Detection Response) are the hot spots in recent years. Integrating the development of SD-WAN and containerization, medium and large-scale organizations continue to migrate and upgrade from SIEM to SOAR (Security Choreography, Automation and Response). Many scenarios have been derived from the XDR. For example, on the basis of existing EDR (endpoint detection and response) and NDR (network detection and response), DDR (data detection and response) is launched by integrating data security, and CDR (cloud detection and response) is launched by integrating cloud security. In the future, it is expected that more application scenarios will emerge in the industrial Internet and the Internet of Things fields to generate stronger development momentum through cooperation.
Necessity of cooperation in cross-industry and cross-regional laws and regulatory compliance
In terms of compliance and supervision, cyber security manufacturers need to effectively cooperate with national regulators to achieve effective support around vulnerability, intelligence, emergency response and other security aspects to ensure national security, social and market economic order and the legitimate rights and interests of citizens.
Cyber security attacks may involve several geographical regions or countries where they are launched and where the results occur. Therefore, effective combat against cyber criminals relies on transnational and cross-regional cooperation. For example, through the cooperation of international law enforcement justice and security technology and product research institutions, new reconnaissance and traceability technology means can be developed to defend against cross-regional and cross-border cyber security fraud and cyber attacks.
Data security, supply chain security, and personal information protection are all compliance-related hot issues. They are also critical topics for organizations to seek cooperation for globalization strategies.