Feita, a global network security equipment supplier (Fortinet) On 5 month 18 The Asia Pacific cooperation partners conference was held in Chengdu on June . period , Tower global security strategy officer Derek Manky Interviewed by the media and introduced to the participants the current situation and trends of network security in the Asia Pacific region , Niu Jun sorted out the more important contents as follows ：
One 、FortiGuard What is it? ？
The core of all feita products is the threat intelligence analysis cloud platform FortiGuard, This platform not only outputs intelligence to various products and equipment around the world , And share and exchange data with its partners .
FortiGuard Labs Founded on 15 Years ago , Headquartered in Ottawa, Canada . Its Threat Intelligence Analysis Center FortiGuard share 200 An engineer , When it was first established 20 Individual core team , There are still 15 Individuals have been working until now .
Manky Express , The scale of Threat Intelligence of feita is the largest in the world , Including the most probes in the world ,250 Wantai firewall , and 7000 More than 10000 mobile devices and clients , The number of threat researchers is also the largest .
Tower global security strategy officer Derek Manky
Derek Manky, Tower global security strategy officer , Cyber threat Alliance (Cyber Threat Alliance) Board members , More than ten years of advanced threat research experience . He was involved in the creation of some threat response and threat intelligence organizations （ Such as first.org） And closely linked with the global network security organizations and institutions . He designed the framework for zero day threat disclosure , Over the years committed to serving the network security industry , In the network security industry, it is known as “ The thought leader of safety landscape ”.
Here is FortiGuard Some of the numbers ：
Every minute ——
2.1 Ten thousand spam intercepts
47 Ten thousand network attacks prevent
9.5 Ten thousand malware threats removed
16 Ten thousand malicious websites block
3.2 Ten thousand botnet connections prevented
4300 Ten thousand web site classification requests
Once a week ——
4600 New spam rule update
1000 Four rules of intrusion prevention are generated
180 New definition of anti-virus
140 ten thousand URL New rating
8000 An hour of global threat research
Total data ——
230T Threat samples
1.8 Ten thousand intrusion prevention rules
5800 Application rules
2.5 100 million rating websites 78 Categories
279 Zero Day vulnerability threat
Two 、 Cyber security threats in the Asia Pacific Region （2015-2016 year Q1 Than ）
1. The annual growth rate of mobile malware is 541%
from 2.27 Ten thousand to 14.5 m .
2. The number of malware is down 10%
be based on VBS and PHP Server side malware is growing ;
Polymorphic file infectors are very common , It's hard to clean up the blackmail software .
3. Exploit growth 51%
NTP The proportion of related utilization is the highest , achieve 2775% The growth rate of ;
MSSQL The proportion of related utilization is the second , achieve 1400% The growth rate of ;
DNS Related uses are still widespread , achieve 498% The growth rate of .
4. Botnet growth 20%
Cryptowall growth 390%;
Andromedia growth 280%;
H-Worm growth 91%;
Zero-Access falling 89%.
3、 ... and 、 China's network security threat situation （2015-2016 year Q1 Than ）
1. The growth rate of malware is 591%
The region with the highest growth rate of mobile malware is China (353%);
The number from 1.89 Ten thousand grow to 8.55 ten thousand ;
Most are Android and ad malware ;
Mobile devices start DDoS The possibility of attack increases .
DDoS An important situation of attack is to launch from the mobile terminal , Because the online time and volume of mobile devices are huge now , This is a major trend in the future .
2. The growth rate of vulnerability utilization is 121%
SQL The relevant utilization has surged to 4409%;
HTTP Tunnel Application traffic growth 609%.
3. Botnet growth rate is 178%
Andromeda growth 2481%;
IMDDOS growth 105%;
Locky, H-Worm, Nitol Add as Top10.
Four 、 Threat intelligence sharing of tower
Feita and several other foreign companies set up a “ Cyber threat Alliance ”, Members of the alliance exchange data with each other . Can do every Five minutes Update the web filtering information once , Push anti-virus information every hour , And guarantee to push customized signature for a security incident within 12 hours .
meanwhile , Feita is also working with some Threat Intelligence standardization organizations , Such as OASSIS, The machine-readable standard of intelligence output used is STIX.
“ We try to push Threat Intelligence in real time , But threat intelligence is not enough , You also need to have enough technology , Put the information on the ground , Convert to security capabilities on the product . Fortinet The core node of security service capability and linkage of all products is FortiGuard Labs.”
“FortiGuard Cloud platform is the core of all our products and product functions , It provides the output of all security capabilities for security functions on all products . When threats or attacks are collected , Through automation + Artificial analysis , Push the analysis results to all the equipment in the whole world , And connected businesses , Including cloud service providers , And other threat intelligence and industry partners .”
According to the Derek Introduce , Feita is now in contact with Amazon AWS And Microsoft cloud , And will announce the cooperation with Alibaba cloud in the near future .
Safety bull review
Feita is a family in UTM（ Unified Threat Management ） For eight years in a row Gartner The Magic Quadrant is a leading security company , Its annual income (2015) exceed 10 Billion dollars , And the revenue in the first quarter of this year increased compared with the same period last year 34%, Showing a strong momentum of development .
For now , The wave of localization is not what some people thought before , It will have a huge impact on foreign security companies in the domestic market . contrary ,IBM、Palo Alto、 Feita and other foreign security companies are still making frequent moves and efforts in the Chinese market , The trend of science and technology 、 kaspersky 、 Symantec is through the shell 、 Mergers and acquisitions 、 Shares and other modes , Trying to maintain or even increase its share in the domestic security market .
For the domestic counterparts , We should welcome, not exclude, competition , Because benign competition will bring technological innovation , And stimulate the combat effectiveness and technical level of domestic manufacturers .