How much can you accomplish in one minute? You can run 400 meters on a plastic playground, complete 35 push-ups in one go, and write 12 English words, which is enough to turn a team from defeat to ......victoryIn fact, it only takes a minute to complete a typical APT hunt!
Recently, it was revealed that it took only 60 seconds from the financial staff of a financial institution inadvertently clicking on the phishing email to the security operation personnel receiving the alarm and making reasonable disposal of the assets that may be affected in the first time according to the analysis report.
It is reported that this is the first time that the system can intelligently capture APT attacks without the intervention of human experts. Behind this initiative, AI Agent, 360 Security Agent, plays a crucial role.
Put the "brain" on security operations
Looking back at the development history of cybersecurity, people have always been in the leading position in the journey towards the intelligent era, but the specific functions they undertake and the relationship between people and AI are different at different stages.
In the early stage of the application of AI technology in the field of network security, the formulation of security policies, the discovery and identification of threats and attacks, and the taking of countermeasures basically rely on network security professionals, and only a small number of security tools have basic intelligent functions. As AI technology continues to mature, especially the emergence of some AI-friendly security operation scenarios, the interaction mode between humans and AI has also developed from tool-based AI to assistant-type AI. Marked by the rise of generative AI and large models, AI agents based on large models are becoming more and more independent, and can autonomously call resources to complete tasks in specific business scenarios, in which humans mainly play the role of supervision and evaluation. It is important to note that although AI agents will take on most of the workload in the future, humans will still play a leading role in security operations.
The inevitable trend of the development of security and intelligence is that AI agents can independently think, acquire knowledge, make independent judgments, and take actions on the goal as long as they are given a goal. It can disassemble the planning steps in detail according to the given task, and rely on external feedback and expert guidance to create instructions autonomously to achieve the set goals. It is precisely because of the emergence of large models that the AI agent has accelerated from the ideal to the reality. The security model is like a smart brain for AI agents, which can better control various security tools, achieve intelligent operations, improve security capabilities, improve operational efficiency, and lower the threshold for technology application.
Data, experts, tools.
The new paradigm of security is no one to be left behind.
From the beginning of ChatGPT's birth, there have been endless debates about whether the general model will dominate the world or whether the vertical model will have more commercial landing value. According to IDC, cybersecurity is one of the industries with the greatest impact of generative AI. A vertical model of the security industry is both a necessity and a possibility.
At a time when many security vendors at home and abroad have tested the application of large models, 360 took the lead in launching AI Agent. This is not only another technological breakthrough, but also the beginning of a new paradigm of intelligent security services.
Why was 360 able to take pole position? Before answering this question, let's understand what exactly is an agent. An agent is an intelligent entity that can perceive the environment, make decisions, and perform actions. With the 360 Secure Intelligence Model as the core, the 360 Security Intelligence Twin coordinates components such as the task orchestration engine, task generation engine, supervision and evaluation engine, instruction scheduling engine, memory storage, and execution feedback, and comprehensively uses the generation capabilities and expert experience of the 360 Secure Intelligence Brain Model to flexibly and adaptively orchestrate the task scheme to realize the accurate invocation of security tools, so as to have the ability of intelligent security operation.
If you disassemble the security agent, you will find that its core components are "data, experts, and tools".
No data, no intelligence. If there is no massive, high-quality safety data, samples, features and other data corpora fed to the large model, then intelligence can only be a castle in the air and a piece of paper. One of the core advantages of 360 is that it has accumulated the world's largest security big data, the most extensive sample, and the most abundant threat behavior characteristics. By assigning these data, samples, and features to the large model for training, the "endogenous intelligence" of the 360 security agent is obtained.
The reason why many enterprises are full of loopholes and stretched thin in the process of security defense is because of the lack of professional network security talents, and in many cases, high-end talents can be encountered but not sought. Having a large number of professional security talents, and at the same time being able to solidify their rich experience and draw inferences from one another, this is the most powerful confidence for security attack and defense. With nearly 20 years of experience in attack and defense, 360's security experts have precipitated and formed a tactical map of attack and defense, which is internalized into the ability of the security model on the one hand, and stored in the memory module of the security agent on the other hand, which can continuously enhance the orchestration ability of the security agent.
If the security agent is compared to a person, then the large model is the brain, and the various security tools are the limbs. Only by flexibly commanding the brain and coordinating the operation of the limbs can the security strategy be resolutely and thoroughly implemented, and can the automated security operation get twice the result with half the effort. Over the years, 360 has continued to cultivate security vertical scenarios. 360 Security Agent can adapt, control, and collaborate with various types of security tools. At the same time, as a platform, 360 Security Intelligent Twins can also be compatible with various security tools that support ecosystem partners to better solve complex security operation problems in a systematic way.
In fact, from the first antivirus, to the proposal of security as a service, to today's release of security intelligence, 360 has been promoting the subversion of traditional network security with innovative thinking. This stems from 360's keen insight into trends, and the general trend is to be secure, Internet-oriented, service-oriented, intelligent, and operable.
When it comes to security and intelligence, 360 is strategically strategizing and steadily advancing tactically. In June 2023, 360 released the cognitive general model 360 Intelligent Brain 40, and at the same time announced that 360 Intelligent Brain has been connected to 360's product Family Bucket; In August of the same year, 360 released the first deliverable security industry model in China - 360 security model; Today, 360 has made a leap from a large security model to a security agent, which can significantly improve the security capabilities of individual products and systems as a whole.
Different from tool-based security vendors, 360 is a security platform vendor, and with the blessing of security agents, it can better play the advantages of its platform, endow the increasing number of security functions and security tools growing on this platform with intelligence, achieve better collaboration, and play a positive role in promoting and driving the construction of the security ecosystem.
Scenario-based is the breakthrough
With the help of generative AI, it is a good choice to write poems, draw and chat. But none of this seems to be critical in enterprise-level use cases. Especially in the field of cybersecurity, many users are not interested in "voice Q&A". In terms of function, there is only a single security model such as security Q&A and alarm interpretation, which is difficult to eliminate the real pain points of users. As Pan Jianfeng, Chief Scientist of 360 Group and CTO of 360 Digital Security Group, said, "The security model can only be accepted by customers if it truly solves the pain points of customers." Therefore, scenario-based generative AI is undoubtedly the most urgent task for both security vendors and industry users.
An important reason why the 360 security agent mentioned above completed the intelligent APT hunt in only one minute is that it has discovered one of the most suitable scenarios for the 360 security agent, which can bring real value to users.
Based on the principle of "small incision and large depth", 360 takes "applicability of security scenarios" as the index to construct high-value security scenarios suitable for the characteristics of large models, and promote the landing application of security agents. From a practical point of view, 360 security agents have realized scenario automation for automated threat hunting and automated security operations, that is, humans are responsible for setting goals, providing resources, and supervising results, and security agents are responsible for completing task splitting, tool selection, and progress control, etc., and then return the execution results to humans.
The improvement of security professional capabilities, as well as the ease of use and affordable cost for small and medium-sized enterprises, are the fundamental factors for 360 security intelligent twins to be able to drive directly into the industry in the future. "Digital security has evolved from the productism stage of selling single product boxes to the current capability stage with the ability to see and deal with threats as the core, and will also develop to the intelligence stage of using artificial intelligence technology to empower security tools and subvert the traditional operating model in the future. In the intellectualism stage, the biggest pain point is the lack of security operation experts above the level. The emergence of large models has opened up a new way to solve these problems, and also brought a new paradigm for digital security, that is, intelligence-security agent + security tool. Pan Jianfeng pointed out, "In the future, security agents will gradually replace humans and use various security tools to complete more and more complex tasks. This will be the direction of the entire industry. ”