Huang Cheng, former CSO of Vipshop, started a business. What exactly is HoneyGuide?

In September 2018, Huang Cheng was still talking about "Want to be a CSO? Don't lose these basics! " At that time, he was the Chief Security Officer (CSO) of Vipshop. On August 20, 2019, Shanghai Wuzhi Intelligent Technology Co., Ltd. held a press conference in Beijing. Huang Cheng, as the CEO of this startup, took the stage and released the company's first product - the intelligent risk decision-making platform HoneyGuide.

According to Qichacha, the company was established on April 10, 2019. Huang Cheng is also the legal representative. Beijing Future Security Information Technology Co., Ltd. holds 10% of the shares. As we all know, the helmsman of Future Security is the well-known industry leader Wang Yingjian (nickname: Daishen). Leifeng.com learned that Future Security is mainly responsible for the operation of Wuzhi.

Thanks to the long-standing influence of the two bosses Huang Cheng and Dai Shen in the security industry, and sandwiched between the two largest annual events of 360 and Qi'anxin, this press conference actually invited many powerful "VIP" guests from the security industry, and even a famous e-commerce security tycoon who had not been seen for a long time sat quietly in the audience. This was indeed a very interesting signal.

I think, in addition to showing support, everyone is actually very curious about what Huang Cheng has come up with.

In the view of Leiphone.com, the HoneyGuide released by Huang Cheng is not a security product in essence, but just an application of an "AI product" in the security industry.

Why do you say that?

Let's first take a look at Wuzhi's positioning of itself - "Wuzhi is a new generation technology company driven by artificial intelligence. The company focuses on the combination of artificial intelligence technology and real-world application scenarios, and has carried out exploratory practices in helping companies improve their automation levels and "reduce costs and increase efficiency". With its own advantages, the company can help companies achieve intelligent transformation and upgrading through the flexible application of AI technology. "

The intelligent risk decision-making platform HoneyGuide is an intelligent risk decision-making system that uses intelligent orchestration technology to allow users to carry out security operations like following a script. According to Huang Cheng, this system also supports customized script orchestration and system self-learning intelligent orchestration, and is composed of five core components: "AI engine, intelligent orchestration, event handling, collaborative robots, and risk governance engine."

The main features of this product are: a human-machine collaborative operations room with "natural language interaction" as the core + security scripts with intelligent arrangement and intelligent recommendation as the core. It is said that "in the future, HoneyGuide will be widely used in many fields such as government, finance, Internet, cloud platform, energy, and traditional enterprises."

Huang Cheng also said at the press conference that if one had to give a name to this product that has been first launched in the security industry, "it would be an enhanced version of SOAR (security orchestration, automation and response)."

In the subsequent communication between Leiphone.com and Huang Cheng, Huang Cheng did not exaggerate the status of HoneyGuide in enterprise security operations. He emphasized: "This is an artificial intelligence assistant customized for security personnel." Although it is an assistant, he is looking forward to HoneyGuide solving a problem: improving the response efficiency of security operations.

"The focus of the security operation center is constantly shifting to threat response. In the past, we have done a lot of work to apply artificial intelligence and machine learning to security vulnerability detection, which has greatly improved our capabilities in prevention, detection, and blocking. However, our response is still lagging behind. Because when responding, we must race against time, and there are many things in the response link that require manual operation, and people and machines cannot communicate directly. " Huang Cheng said.

This is the background of the birth of HoneyGuide.

Simply put, HoneyGuide is like an intelligent dispatcher. When users enter relevant instructions in the "war room", HoneyGuide automatically identifies and recommends related response actions. For example, if you enter "web server is attacked, IP address is: XXXXXXXXXX", HoneyGuide will recommend related actions: obtain IP location information, IP analysis, query domain name or IP address threat intelligence...

If you use Weibu Online's threat intelligence analysis, Alibaba Cloud or Tencent Cloud's services, Ahnheng's scanner, etc., when you issue a certain command, HoneyGuide may also recommend actions of related security products for you to choose.

Currently, HoneyGuide has more than 35 default applications and nearly 100 actions. But this is not surprising, because how many applications HoneyGuide can call depends entirely on the user - how many applications are used on your platform, and do all these applications need to be connected to HoneyGuide?

Huang Cheng said that these connections are very simple and "you don't need to ask for help." As long as these applications have APIs, you can manually operate the connection. If there is no API, you can write one yourself in Java or Python as long as you follow the development specifications of the HoneyGuide SDK.

In addition to the ability that developers have inherently given to HoneyGuide - the "gene" of AI transfer learning, its other capabilities depend on its cooperation with you to learn. This is the reason for the existence of the so-called "Security Incident Operations Room."

In Leifeng.com's view, HoneyGuide's security incident operations room is actually more like a QQ group. However, all the responses made by security operations analysts in this operations room are formatted by HoneyGuide and then machine-learned. When a similar situation occurs next time, HoneyGuide, the apprentice, no longer needs the help of the "master". On a night when the master is really sleepy, it will automatically respond to emergencies and take appropriate measures to deal with the problem.

A core issue is that a dragon gives birth to a dragon, a phoenix gives birth to a phoenix, and a mouse's son will dig holes. While HoneyGuide is working hard to lower the operational threshold for security operators, how strong its capabilities are will also depend on the level of the "master".

Another question is, Leifeng.com learned that soon, a company that is very popular in the government and enterprise security market will also launch a SOAR product. Will HoneyGuide's "enhanced SOAR" compete with it?

Huang admitted that existing SOARs on the market can "contribute a source, not compete" with HoneyGuide.

Due to considerations such as intellectual property protection and the requirement of special hardware support for machine learning algorithms, this product is currently sold in hardware form.

Leifeng.com learned that the current price of this product will be "less than one million yuan", but since it is an intelligent assistant for auxiliary operations, will this price be accepted by the market? We still have to wait for market feedback.

What do you think?

(Spoiler alert: Huang Cheng will come up with a new flagship product in a while, and I heard it’s quite a big deal)

▎The three major operators deny 4G speed reduction; Huawei issued a statement on the temporary general license; the new iPhone will support stylus