VladimirHrytsan:信息即财产!如何在数字时代保护自己?

原创
2165 天前
17562

摘 要

“这是你的数据,你拥有它,你可以去交易。”

《加油站》29期访谈实录:

-嘉宾介绍-

Vladimir Hrytsan

专业生物信息研究人员,精通最前沿的编程技术,并有多年软件开发与系统架构从业经验。

MTC Group Ltd. 的联合创始人。发明了混淆编译器Morpher,后卖给了全球最大SIM卡制造商Gemalto。

不仅仅有出色的管理能力,Vladimir Hrytsan 在他从事的每一个公司都致力于技术难题的解决方案,带领团队技术精英攻坚克难。

ROMAD的创业理念就是以创新的方法,创造主动防御系统来帮助解决当今杀毒软件行业中的多种疑难杂症。

Co-founder and CTO of ROMAD.

Formally trained in Biochemistry, with broad and up-to-date experience in system programming, large scale software development and systems architecture.

Co-founder of MTC Group Ltd. where he created Morpher, an obfuscating compiler, which was sold to the world's largest manufacturer of SIM cards, Gemalto.

Despite the management position, in each of the companies he serves, he has put forward many solutions to technical problems and led the team in technology development.

He led ROMAD team to come up with the idea of innovative antivirus engine and is driving technology development to proactively solve the long lasting issues in the industry.

Sunny:大家好,我叫Sunny,是本次499加油站的主持人,第29期在线访谈我们很荣幸的请到了Vladimir Hrytsan来当分享嘉宾,本期分享的主题是“信息即财产!如何在数字时代保护自己。”大家欢迎Vladimir先生来分享他的观点。

Hello everyone, my name is Sunny and I will be your host for this week's interview.Today's interview is the 29th edition of the 499 Blockchain Community, and we have the pleasure of inviting Mr. Vladimir Hrytsan to speak with us today. The topic of this week's interview: “Information is property! How to properly protect yourself in the digital age.”Now, let us formally welcome Mr. Vladimir Hrytsan to the center stage to share his perspectives on the topic ~ !

Hrytsan:非常感谢Sunny的介绍以及499小姐姐的热情的欢迎。我很高兴来到这分享我的观点。我是一个技术人员,但我会尽量减少技术术语。

很多人认为网络安全市场是很浅显的,我却不这样认为,这是一个巨大的市场,里面充斥着好人与坏人不断比拼的故事。恶意软件的产生源于利益驱动。 在过去二十年中,我们发现了很多针对最盈利的领域的不同恶意软件浪潮。

Thank you so much, Sunny for the warm introduction and thank you, community for the warm words. It is my pleasure being here. I am a technical guy, however I will try to be as less technical as I can.

Some people tend to think cybersecurity market is shallow. I am going to disprove this claim today. This market is huge and full of the stories of an armrace between good and bad guys.The malware strives for the profitability. We were observing different malware waves targeting the most profitable sections during the last two decades.

例如,2005 - 2009年恶意软件盯上了银行。 使用不同的复杂技术来说服最终用户将财产转给网络骗子。 银行正在增加额外的保护措施。这场战斗至少花了4-5年,银行恶意软件数量开始下降。 恶意软件作者正在寻找其他一些利润丰厚的领域。预计下一个恶意软件浪潮的目标是加密用户文档并要求赎金来解密它们。勒索软件恶意软件正在盛行。

For example, malware was hunting for the banks in 2005-2009. Different sophisticated techniques were used to convince the end users to transfer the wires to the cyber crooks. Banks were adding the additional protective measures. This battle took at least 4-5 years and the banking malware volumes started to drop. The malware authors were looking for some other lucrative sectors.The next malware wave were aiming for the encrypting the user documents and asking for a money to decrypt them back. The ransomware malware was on the rise.

传统防毒手段无能为力。勒索软件浪潮始于2010年。不是杀毒软件技术试图以某种方式废除它,而是执法机构试图阻止它。他们正在寻找可怜的用户支付的赎金。 不同国家的多个执法机构联合起来试图将这些网络骗子关进监狱。 这些行动是有效的,但它们不能很好地扩展,勒索软件浪潮仍在继续。

加密货币的出现对整个恶意软件影响很大! 现在正在发生一种新的恶意软件浪潮 - 密码输入器和密码攻击者。加密货币的分散性使恶意软件的工作变得更容易。 一旦您设法进行转移,就没有中央权限可以为您恢复转移。 一旦消失,你的钱就永远消失了。

The traditional antiviruses were powerless to do something about it. The ransomware wave started in yearly 2010. It was not the AV technology that is trying to dump it somehow, instead the law enforcement agencies were trying to stop it. They were looking going after the money being paid by the poor users. Multiple law enforcement agencies of the different countries united in an attempt to put the cyber crooks to jail. These actions were efficient, however they do not scale well and the ransomware wave is still here.

Cryptocurrencies changed a lot! A new malware wave is happening right now – the cryptostealers and cryptojackers. The decentralized nature of the cryptocurrencies makes the malwares’job easier. Once you managed to make a transfer, there is no central authority to revert it for you. Once gone, your money is gone forever.

这些恶意软件目前以电子货币用户为目标。 它可能会查找您的冷钱包文件,它可能会尝试替换您的Binance登录页面,或者它可能只是以隐藏的方式使用您的CPU来挖掘Monero。就像过去与银行的战斗一样,这股潮流刚刚到来。我个人认为它至少将持续好几年。未来还有什么对我们有用?物联网: 智能住宅,智能汽车。 想象一下,恶意软件会阻碍你的特斯拉并向你要钱。 你会付钱吗?如果同样的事情发生在人造心脏? 你还不会付钱吗?

(https://blog.avira.com/mikrotik-415-thousand-routers-affected-by-cryptominer/ 一个特洛伊木马的例子,感染家庭wifi路由器为开采Monero)

The malware is targeting the crypto users these days. It may look for your cold wallet files, it may attempt to replace your Binance login page or it may simply use your CPU in a hidden manner to mine for Monero. Like the battle with the banks in the past, this current wave has just come. I personally think it will last for another couple of years if not more. What else does the future hold for us?IoT. smart houses, smart cars. Imagine a malware blocking up your Tesla and asking for money. Would you pay? what if something like it happens with the artificial heart? Would you pay now?

(https://blog.avira.com/mikrotik-415-thousand-routers-affected-by-cryptominer/ Example of the Trojan that infects the home wifi routers to mine for Monero)

目前我们每个人都有私人电脑,iPad和智能手表。 很快就会有更多的智能小玩意儿。 人工器官,增强现实 - 每个物联网设备都可能是恶意软件的目标,市场容量巨大。Gartner预测了安全行业7.9%的复合年增长率,但我个人认为它会更多。以上就是我对安全行业的一些看法。

Currently each of us has a PC, an iPad and a smart watch. Soon more gadgets to come. Artificial organs, augmented reality – each IoT device is a likely target for the malware and the market volume is huge. Gartner promises as the CAGR of 7.9, however I personally think it is going to be much more.

Sunny:感谢Vladimir,这是一个对大家很有帮助的行业趋势分享。现在,我有一个问题要请教你:你认为市场规模和行业的痛点是什么?

Wow, Thanks, Vladimir. It's a great sharing for trend of the industry. Now I have the question for you: What do you think of the size of the market and the painpoints of the industry?

Hrytsan:市场的规模是由华尔街的巨头们决定的。 正如Cybersecurity Ventures预测的那样,从2017年到2021年,全球网络安全支出将达到1000亿美元。2015年,网络犯罪造成的损失计入3万亿美元。 预计2021年将达到6万亿美元。万亿级别的。 我甚至无法想象这些数字中有几个0。数不过来了

The size of the market was determined by the big aces from Wall Street for us already. As predicted by Cybersecurity Ventures, from 2017 to 2021, the global spending on cyber security will be $100 billion. In 2015 losses caused by the cybercrime counted for $3 trillion. It is predicted to be $6 trillion in 2021.Trillion. I cannot even imagine the numbers of nils in these numbers.

据埃森哲称,医疗行业受到恶意攻击的影响最大。 美国83%的医生都经历过恶意软件攻击。市场分析公司IDC预测,2020年网络安全的市场需求将达到1016亿美元。 因此,在这个利基市场中,每个玩家有足够的空间。因此大量资金投入到了市场。尽管市场上有很多玩家,但为什么我们每天都会听到有关恶意软件漏洞的消息?

According to Accenture, medical industry suffers most from the malicious attacks. 83% of doctors in US have experienced malicious attacks.IDC, a market analysis company predicts the market requirement of cybersecurity in 2020 will be $101.6 billion. So there is a plenty of room for the different players in this niche. So lots of money being invested. Lots of players on the market. Why do we then hear about the malware breaches on the daily basis?

WannaCry在其扩散的前四天造成了40亿美元的损失。联邦快递被NotPetya击中,造成3亿美元的损失。 韩国Bithumb受到恶意软件攻击,并损失了700万美元。 每天新发生的案例不胜枚举。重点是我们仍然没有可靠的工具来对抗恶意软件。 经典的杀毒软件无法有效地完成对抗。 他们的核心技术自1990年以来没有改变,这还不足以对抗当今的威胁。这就是Gartner在经典杀毒软件和下一代技术之间建立分水岭的原因,下一代技术旨在有效地应对当前的威胁。

WannaCry had caused the losses of $4 billion during just the first four days of its proliferation. Fedex was hit by NotPetya causing the losses of $300 million. South Korean Bithumb was hit by the malware attack and lost $7 million. There are other numerous examples that happen every day. The main point is we still do not have the reliable tools to combat the malware. The classic AVs cannot do it efficiently. They core technologies had not changed since 1990 and this is not enough to combat today's threats. This is why Gartner has put a watershed line between the classic AVs and the next generation technologies that are designed to combat current threats efficiently.

ROMAD Endpoint Defense属于下一代安防技术,已经做好准备对抗当前可怕的世界。 它简单地完成了它的设计 - 有效地抵御恶意软件。它不需要24/7更新来可靠地排除恶意软件攻击。 它不消耗系统资源。 它甚至可以在过时的硬件上运行。ROMAD Endpoint Defense不扫描文件。 它实时监控系统并在启动时阻止恶意软件。 并且不需要任何用户交互。

ROMAD Endpoint Defense belongs to the set of the next generation tools and is ready to meet the current scary world. It simply does what it is designed for – efficiently combats malware.It does not need 24/7 updates to reliably repel malware attacks. It does not consume the system resources. It can even work on an outdated hardware. ROMAD Endpoint Defense does not scan files. It instead monitors the system in real time and blocks malware when launched. And no any user interaction is required.

Sunny:总而言之,市场的规模是值得期待的,网络安全的痛点也会得到解决,现在让我们继续第二部分的分享“ROMAD的优势”。你准备好了吗?Hrytsan?

In a word, market size worth looking forward to and the solution to the painpoints is resolvable. Now Let's go on the second part of the sharing“The prominence of ROMAD.” Are you ready?

Hrytsan:让我们继续吧,就像刚才提到的的,ROMAD Endpoint防御系统是下一代防病毒技术,旨在对抗当今的威胁。问题是当用户购买防病毒软件时,他们不想花时间进行教育。 他们希望该工具可以为他们做所有事情。这是我们的情况。 ROMAD不会问你任何愚蠢的问题,也不需要任何复杂的技能来控制它。因为那都是昙花一现的解决方案。你做你一直在做的事情 - 聊天,工作和看电影。 ROMAD Endpoint Defense将关注提供给您可靠的保护。

I am! Let us continue. Like a said, ROMAD Endpoint defense is the next generation antivirus which is designed to combat today's threats. The thing is when the user buys the antivirus, they do not want to spend their time for the education. They expect the tool would do everything for them. This is our case. ROMAD will not ask you any stupid questions and will not require any sophisticated skills to control it. This is a fire-and-forget solution. You do what you are always doing with the PC - chatting, working and watching movies. ROMAD Endpoint Defense will care for your reliable protection.

我不打算说空话。 ROMAD在美国开始,b2b市场非常严格。 我们与福特等不同公司的众多首席信息安全官一起参与了鲨鱼坦克比赛。 还有Truly Sharks。我们成功赢得了2017年坦克旧金山的安全鲨鱼坦克和2016年库比蒂诺奖的安全鲨鱼坦克冠军。

I am not going to make the empty claims. ROMAD had started in USA and the b2b market is a very strict one. We were participating on the Shark Tanks with the numerous CISOs of the different companies like Ford. And there were truly sharks. We managed to win Security Shark Tank Cupertino 2016, Shark Tank San Francisco 2017.We are named as the key innovator by the MarketsandMarkets agency report.

欧洲的政府机构不会给你空洞的陈述机会。 因此,随着我们的技术获得专利(US 9372989 B2和EP 2 767 923 A3专利),我们还成功赢得了地平线2020的第一阶段投资,这是一项政府支持的巨大投资计划。因此,我们所做的陈述是有基础的。当然,我们并不是获得了所有我们想要的奖励。 希望我们能在不久的将来争取更多的荣誉。 请关注我们的更多好消息。

European beurocracy will not give you a single chance for the empty statements. So as our technology is patented (US 9372989 B2 and EP 2 767 923 A3 patents), we had also managed to win the Phase 1 of the Horizon 2020, which is a huge governmental supported investment programme. So we do have a foundation for the solid statements that we make. Of course we do not have as many rewards as I want us to. Hopefully we are fixing it in some nearest future. Watch us for more good news to come.

Sunny:关于你的下一个问题,你能和我们分享一下ROMAD与竞争对手的不同之处吗?

For your next question, can you share with us about how ROMAD differs from its competition?

Hrytsan:我认为现在是时候稍微解释一下这项技术是如何运作的。我是首席技术官,但我最初表示我不会成为技术人员。 有一种说法是:“如果一些事情你无法对你的奶奶解释清楚,那么说明你自己也不理解这些事情。”每个程序(即Word,Skype,PowerPoint)都要求操作系统执行不同的操作:移动鼠标光标,使用硬盘驱动器或将信息发送到网络。 “询问过程”是通过系统调用完成的。 没有例外。ROMAD实时拦截100%的系统调用并分析所有系统调用。找到恶意行为后,将阻止对其负责的程序。

I think it is time to a little bit explain how the technology works. I'm a CTO, however I initially promised I'm not going to be technical. There is a saying: "if you cannot explain how something works to your granny, you do not know it yourself"Every program (i.e. Word, Skype, PowerPoint) asks the operating system to do different actions: moving the mouse cursor, working with the hard disk drive or sending the information to the Internet. The “asking process” is done via the system calls. No exceptions. ROMAD intercepts 100% of the system calls in real time and analyzes all of them. When the malicious behavior is found, the program that is responsible for it is blocked.

整体观念听起来很容易; 但是,实施起来并不容易。 经过4年的深入研发,才创造出工作原型。回想一下常规流感。 我们每年冬天都会感染的疾病。 流感是一样的。 病毒外壳已经改变了。 因此,我们的免疫系统不能识别它。 如果有办法进入病毒内部,重点看病毒的DNA,战斗将随即结束。这就是经典的防病毒软件正在做的事情。 他们正在寻找外层。 ROMAD Endpoint Defense反而坚持针对恶意软件的DNA。 这就是我们计划赢得这场战斗的方式。我尽了最大的努力尽可能地通俗而直白的做出了解释。小姐姐们来判断我解释的是好还是坏吧。

It overall idea sounds easy; however, the implementation was not easy at all. It took 4 years of an intensive R&D to create the working prototype.Recall a regular flu. The disease that we catch every winter. The flu is the same. The outer layer has changed. Therefore, our immune system stops recognizing it. If there were a way to look inside, to stick to the flu’s DNA, the battle would be over finally. This is what the classic antiviruses are doing. They are looking for the outer layer. ROMAD Endpoint Defense instead sticks right to the malware’s DNA. This is how we plan to win this battle. I tried my best to be as less technical as possible. It is up to the community to judge, if the explanations were OK or not.

Sunny:你解释的非常好,你能分享一些ROMAD的技术应用场景吗?

You did it very well,Can you share some examples of application of our technology?

Hrytsan:第一个应用程序场景是抗击病毒。我们的专利技术是ROMAD终点防御系统的核心。B2C版本将通过“通过共享攻击信息进行挖矿”来推广。当我们的软件成功地抵御恶意软件攻击时,我们的用户将得到带有ROMAD的Token作为奖励。这将成就一个双赢的局面,网络安全行业获得了包含世界各地真实恶意软件案例的公共数据库,而终端用户则得到了ROMAD的Token。

The first application scenario is combating the viruses. The patented technology is at the heart of ROMAD Endpoint Defense. The B2C version will be promoted via ‘mining by sharing attack information'. Our users will be rewarded with ROMAD tokens when our software successfully repels the malware attack. This creates a win-win situation where the cyber-security industry gets the public database that contains the real malware cases all over the world and the end users are rewarded with ROMAD tokens.

第二个应用程序场景则范围更加庞大:“个性化”的广告正在统治世界,它们无孔不入,在谷歌上,在Twitter上。每个人都希望拥有尽可能多的用户数据。ROMAD允许用户根据自己的意愿去分析自己的数据,从而开创了革命性的改变。ROMAD创建了一个大型企业与普通用户进行数据交换的平台,用你自己的数据去换代币。这是你的数据,你拥有它,你可以去交易。

The second application scenario goes even beyond that. Targeted ads rule the world. Google uses it. Twitter uses it. Everybody wants to have as much user’s data as possible. ROMAD creates the revolutionary step by allowing the users to trade their own data at their own will. ROMAD creates a platform where the big enterprises meet with the regular users for the data exchange. Trade your own data for the tokens. This is your data. You own it. You trade it.

亲爱的Sunny,我已经强调了我们计划在2019年实施的两个最重要的步骤。每个步骤都将改变行业的格局。

Dear Sunny, I have underlined the two most important steps we plan to have in 2019. Each of them is going to change the landscape of the industry.

Sunny:我知道你今天在这里要发表重大声明。 这个大惊喜是什么?

I know you are here today to make a big announcement for the first time. What is this big surprise?

Hrytsan:我已经向您介绍了我们将在2019年实现的两个主要步骤。它们需要快速便捷的支付方式。 ROMAD正在创建桌面数字货币钱包以支持其自己的通证生态系统。这将是一个具有独特功能的冷钱包 - 主动防御病毒的攻击。 借助我们的专利技术,这是可以实现的。

I have described you the two major steps we are going to have in 2019. They require a fast and convenient way to pay. I have described you the two major steps we are going to have in 2019. They require a fast and convenient way to pay. ROMAD is creating the desktop cryptowallet to support its own token ecosystem.This will be a cold wallet with the unique feature – the protection from the viruses. This becomes possible with the help of our patented technology.

80%的ICO问题都是人为的。 由于恶意软件因素,70%的人为的问题正在发生。 ROMAD是一个独特的技术,它主动为其数字货币钱包提供对不同病毒家族的全面保护。创建主动防御病毒攻击的数字货币钱包很不错,但现代市场需要更多功能。 这些是我们计划推出的主要两项:BTC,ETH,XLM,XRP,LTC等的交换以及与美元和欧元的兑换。

80% of the ICO problems are human related. 70% of the human related problems are happening because of the malware factor. ROMAD is a unique player, which proactively provides a full protection from different families of viruses for its cryptowallet. Creating the virus-protected cryptowallet is nice, however the modern market wants more features. These are the main two we are planning to introduce: atomic swaps for BTC, ETH, XLM, XRP, LTC and so on and the ability to operate with USD and EUR.

Sunny:感谢您抽出时间与我们分享您的项目。 接下来,是自由提问环节,欢迎大家踊跃参与,将由Blair来主持。

Vladimir, thank you for taking your time to share your project with us thus far. Next, I'd like to open up a free form Q&A session for everyone to participate, and will pass it on to Blair to host this portion of the session.

Blair:之前个人介绍里提到,你在研究生期间学生物化学。是什么让你转行到IT领域的呀?

As mentioned in your introduction, you majored in biochemistry during graduate school. I’m curious what makes you turned your research direction into IT field?

Hrytsan:我在大学的第三门课上学习了汇编编程语言。 我在加拿大多伦多主攻生物信息学。 我们有一个旨在为人造细胞进行模拟的项目。 所以这是我从纯生物到生物信息学的第一步。随着时间的推移,我意识到比起生物我更喜欢IT。 所以对我来说IT才是我的宿命。现在,IT中发生了许多有趣的事情。 Cybersec,区块链,fintech,大数据和人工智能。 我们生活在一个非常有趣的时代。

I have learned the assembly programming language on the 3rd course at the University. I was doing bioinformatics in Canada, Toronto. We had a project aiming for doing the simulations for the artificial cell. So this was my first step from pure bio to bioinformatics. As time passed by, I realized I love IT more than bio. So it was more of an IT for me later on. Right now there are so many interesting things happening in IT. Cybersec, blockchain, fintech. Big data and artificial intelligence. We are living in a very interesting time.

Nancy:所谓恶意程序DNA就是文件hash吗?

Hrytsan:DNA是我过去从生物学中得到的概念。 DNA是你无法改变的。所以当我说“重点放在DNA”时,这意味着我坚持一些不会改变的东西。您可以轻松更改文件哈希值。 只需添加几个字节,boom,哈希就改变了。但是,您无法轻松更改行为。 回想一句话:“如果它像狗一样走路,如果它像狗一样吠叫,它就是一条狗”。因此,当我说“恶意软件的DNA”时,我实际上是指恶意软件的行为。 恶意软件无法改变的东西。 勒索软件必须加密文件。 垃圾邮件特洛伊木马必须发送垃圾邮件。 他们就是这样设计的。

DNA is from by bio past. DNA is something that you cannot change. At least easily So when I say "stick to the DNA" it means that I stick to something that you cannot change. You can easily change the file hash. Just add a couple of bytes, boom, the hash has changed. However you cannot change the behavior easily. Recall a saying: "If it walks like a dog, If it barks like a dog, It is a dog". So when I say the "malware's DNA" I effectively mean the malware behavior. Something that malware cannot change. The ransomware has to encrypt the files. The spam Trojan has to send spam. This is what they were designed for.

Sunny:那感谢Vladimir抽出时间与我们分享你对网络安全世界的所有深刻见解。我们对ROMAD的潜力和它将给我们社会带来的价值感到激动。

Thank you Vladimir for taking your time to share with us all of your insightful perspectives into the cybersecurity world. We're thrilled about the potential of your project and the value you will bring to our society.

Hrytsan:谢谢大家的参与! 我很高兴来到这里。 祝大家好运,我会想办法为大家拿到折扣!

Thank you everyone for your time! It was a pleasure for me being here. I wish everyone good luck and I will think how to please you with the special discounts!