news

on september 6, the 2024 tencent global digital ecosystem conference·digital security special session was held at the shenzhen international convention and exhibition center. with the theme of "visible security", tencent security focused on the implementation of the "security inside" concept, and explored the most valuable industry security construction methodology and shared best practices with industry users, and brought a series of product upgrades.

fang bin, vice president of tencent security, gave a keynote speech at the special session and launched the tencent cloud security "4+n" system. the "4" covers infrastructure security including data security, host security, web application firewall, and cloud firewall, and the "n" corresponds to personalized scenario solutions for different industries.

fang bin said that cloud is the core carrier of enterprise digitalization, and all industries have common needs for cloud security. tencent aims to open up its "tencent-level" security capabilities based on years of practice to help enterprise users in all walks of life more effectively build a digital security system that adapts to their own needs. "through the 4+n system and the security value assessment model we will launch later, we can help enterprises quantitatively assess the value of security construction investment, making enterprise security 'visible', 'quantifiable', and 'calculable'."

it has become a consensus to seek growth through digitalization

security construction faces new challenges

against the backdrop of a global economic downturn, different industries are generally facing a situation where competition is more intense but profits are lower. using digital means to improve quality and efficiency and seek growth has become a common way out for almost all industries. the penetration of digitalization into thousands of industries has entered deep waters, but at the same time, security, as a companion issue of industrial digitalization, has also encountered more severe challenges as the size and scale of digitalization continues to upgrade.

fang bin believes that the security threats faced by enterprises today are "visible". in the external environment, security compliance supervision will become increasingly strict, illegal attacks and attack and defense drills will be upgraded, and the intensity and destructive power of security confrontation will increase rapidly. in the internal management of enterprises, there are significant defects in security awareness, strategy, talents and tools. for example, in a survey conducted by tencent security on cso groups, 7% of respondents said that the wide variety of security tools, complex use and high initial learning costs are one of the important reasons affecting the efficiency of security work.

if an enterprise lacks a good security strategy and investment, then a security incident is only a matter of time rather than probability. "security infrastructure and digital benefits are the relationship between 1 and 0. security is the 1 in front of a string of numbers. without 1, no matter how many 0s are behind, it is invalid," fang bin said.

4+n system upgrade

comprehensively address common and individual cloud security issues

in the construction of enterprise cloud security, almost all enterprises will face some common "infrastructure security" issues, such as security compliance, batch attacks, crawlers, mining extortion and other threats; in addition, different industries will face some industry-specific security issues due to their own business forms, such as scalpers in the cultural and tourism industry, black dust in the e-commerce/retail industry, financial fraud, game plug-ins, etc.

in response to the common and individual problems mentioned above, tencent security launched the 4+n system, which solves the "infrastructure construction" problem of cloud security through the four lines of defense of data security, host security, web application firewall, and cloud firewall; through n industry security solutions such as game anti-cheating, marketing madness, loan anti-fraud, cultural and tourism anti-scalping, etc., it helps companies cope with different security needs and increase the value and efficiency of business development.

it is worth mentioning that tencent security has integrated some unique advantages in the four lines of defense, realizing the linkage between cloud security products and tencent products such as tencent cloud and wechat, and can also realize automated risk disposal based on ai capabilities, greatly improving the customer experience. at present, tencent's 4+n system has helped many companies in various industries build security capabilities that can help business growth.

in the retail industrybased on the risk control capabilities of tencent security mini program, swire coca-cola not only accurately combats black and gray industries and returns activity benefits to consumers, but also uses qr codes and mini programs as the center to provide customers with rich functions such as consumer outlet search, discount code verification, brand collaboration, and marketing data management.

in the financial industryzhongyuan consumer finance has built a full-process intelligent risk control system of "customer acquisition + credit access + loan management + post-loan management" through tianyu's exclusive risk control model, reducing the non-performing loan rate by more than 20% and increasing the model iteration efficiency by 8 times.

in the automotive industryfaw jiefang connected to tencent security’s detection and auditing tools at the code and application development levels to solve its supply chain security issues caused by hundreds of suppliers and complex supply chain management systems.

fang bin said that tencent cloud security has such capabilities based on years of security practices in its own massive business and customer service experience. at present, tencent cloud security products have helped customers intercept trillions of attacks, protect millions of host assets and tens of millions of container assets, captured more than 1 million attackers, and obtained more than 400 compliance qualifications.

at the meeting, fang bin also revealed that in the future tencent security will provide a security value assessment model to make the level of enterprise security construction more visual, and make customers' security construction investment visible, quantifiable and calculable.

in recent years, innovative technologies such as aigc have developed rapidly and have become new means for attackers to strengthen their confrontation. as defenders, enterprise security departments must also upgrade new security tools to respond to these new threats in a timely manner. at the same time, new forms of intelligent services continue to emerge, bringing new propositions to security construction. tencent security is committed to exploring new paths for security and growth with all walks of life, providing a solid foundation and strong support for industrial digitalization.