This year is the first year of the “14th Five-Year Plan”. During the “14th Five-Year Plan” period, the field of cybersecurity faces three major historical tasks: systematically reshape the national defense and national security capabilities of cyberspace; comprehensively improve the security protection level of critical information infrastructure, Effectively guarantee the digital transformation of the national economic system; fully meet the security needs of citizens’ personal information and privacy.
From the specific development trend, there will be five characteristics:
1. Simultaneous incremental construction and supplementary courses for existing capacity. Simultaneous planning, construction and operation of security protection in new and incremental scenarios of informatization, and comprehensive improvement of the security governance capabilities of exposed surfaces, vulnerabilities, patches, configurations, identity accounts and other aspects of existing systems.
2. Threat confrontation drives the upgrade of protection capabilities. On the basis of the original basic actions such as capturing response and attacking, testing and defending, comprehensively perceives and tracks cyber threat actors and threat activities, and completes the formalized operation of threat technical and tactical intelligence based on the threat framework, and drives the function of product defense capabilities. Upgrade, lead the evolution of the defense indicator system, and promote the implementation of full life cycle security operations.
3. The security defense fulcrum returns to the system security side. With the extensive encryption and cloudification of assets and the improvement of attackers’ ability to penetrate defenses, the role of traditional gateway border security has been significantly weakened, and the role of system security has become prominent. Whether it is traditional desktop endpoints, dedicated workstations, server hosts, cloud and virtualized nodes, containers, or new BYOD and IoT scenarios, it is necessary to build defense capabilities at the bottom and achieve unified management and operation.
Fourth, safety management requires deepening integration. The integration of password security and confidentiality and security is accelerating in an all-round way.
5. Cybersecurity enterprises realize their own digital transformation. Security product support capabilities and service forms and models are fully reconstructed.
Grasping major development opportunities and following the development trend will have a profound impact on the network security industry, especially the strengthening of the requirements for critical information infrastructure security protection, which will bring unprecedented industrial opportunities. The promulgation and implementation of the “Regulations on the Security Protection of Critical Information Infrastructure” (hereinafter referred to as the “Regulations”) has created systematic, in-depth and rigid security requirements from the perspective of policies and regulations, and is an important measure for the demand-side reform of network security. The Politburo meeting of the Central Committee of the Communist Party of China held on December 11, 2020 proposed: “We must rein in supply-side structural reforms while focusing on demand-side reforms.” Construction and industrial development are critical.
The “Regulations” make the issue of critical information infrastructure security no longer just a matter of security protection for the construction and operation organizations themselves. It is based on the security of critical information infrastructure and national security, social security, government and enterprise security, and human security. From these four The dimensions related to each level form the demand orientation and guidance. From the perspective of network security demand-side reform, there are both incremental and structural demands. It is an overall and multi-dimensional demand change, which will further stimulate the scale and vitality of the network security market.
In the “Regulations”, “establish and improve the network security monitoring and early warning system of key information infrastructure in this industry and this field, keep abreast of the operation status and security situation of key information infrastructure in this industry and this field, and give early warning and notification of network security threats and hidden dangers”. Critical information infrastructure conducts network security inspections and risk assessments at least once a year.” “The national cybersecurity and informatization department coordinates and coordinates relevant departments to establish a network security information sharing mechanism, and promptly summarizes, studies, shares, and publishes information on cybersecurity threats, vulnerabilities, and incidents, and promotes A series of detailed items such as “Network Security Information Sharing among Relevant Departments, Protection Work Departments, Operators, and Network Security Service Organizations” will further release the security situation of industries and fields and the construction needs of notification and early warning platform projects. Work departments, operators and other relevant parties have put forward higher requirements for systematic security protection capacity building, normalized security monitoring and detection, and analysis and evaluation from the perspective of risk consequences, which require relevant parties to respond quickly, in-depth analysis, and high-level security to threat events. The production and rule distribution of valuable threat intelligence, operators have higher requirements for the detection, analysis, hunting, and traceability of threat intelligence consumption. At the same time, this is also a higher requirement for security service agencies to provide solutions and innovative products.
From the perspective of supply-side reform, network security service agencies should have corresponding capabilities. On the one hand, they should be able to assist operators to sort out business assets, internal and external environments, and assess asset value from the perspective of cyber attack confrontation, and recognize threats by traversing the technical framework. Behavior, based on actual bearable consequences analysis and assessment of security capacity building needs, as a starting point for security planning and continuous improvement; on the other hand, it can provide unified security management and response for endpoints, deceptive defense, traffic monitoring and response, and file dynamic sandbox analysis , emergency response and threat hunting tools, as well as excellent product solutions such as security monitoring and analysis, threat hunting, and security protection in important and sensitive periods, to form effective defense coverage of all scenarios, credible scenario construction capabilities, and in-depth threat monitoring and detection capabilities. And through in-depth threat analysis and deceptive defense capability supply, customers are driven to complete the intelligent security operation transformation from threat intelligence consumption to autonomous security capability production, so as to achieve the goal of continuous optimization and improvement of comprehensive security protection capabilities.