Preventing Information Breach with Alibaba Security ECO Platform
By Ran Guang (Huameng)
In recent years, large-scale personal information breaches have been rampant, and events of fraud based on leaked information have frequently appeared in the media. Alibaba with a massive user base and enormous volumes of transactions is clearly an exception. What is the secret behind its reputable security record?
With this question in mind, we had a conversation with Xuantai, a Senior Expert of the Alibaba Security Technology Platform, and he mentioned the ECO Platform repeatedly.
Xuantai, Senior Expert, Alibaba Security Technology Platform
“Our secret weapon is ECO Platform, a unique data risk prevention, and control system developed by Alibaba.”
Xuantai told us, “It is built around the data flow within the Alibaba ecosystem, providing a complete data security solution that covers the prevention, discovery, location, and disposal of data risks, and extends to more in-depth multi-dimensional risk detection and tracking. It covers the whole e-commerce ecosystem and is open to all Alibaba ecosystem partners.”
Xuantai presented a set of incredible numbers that impressed me and strengthened my belief in the power of this platform.
Currently, the ECO Platform protects tens of millions of edge devices of millions of sellers, thousands of applications of over 1,000 core service providers, and hundreds of thousands of outlets of mainstream logistics companies. It detects data access risks from more than 30 dimensions including systems, applications, and accounts.
The ECO Platform is not just a concept, it has been used by Alibaba to protect its core business from all sorts of data threats. During the 2017 Double 11 Shopping Festival, the ECO Platform ran 6.5 billion risk detection jobs to identify more than ten thousand host, access, and Trojan threats and block tens of thousands of account and host threats.
What Is the ECO Platform?
Xuantai revealed the secret weapon for us.
Consider order information as an example, after a purchase order is placed on an e-commerce platform, it goes through a complex order processing procedure. In a typical scenario, the order is input into an Enterprise Resource Planning (ERP) system that a merchant procures from a third-party developer for processing. Further, it is transmitted to a Warehouse Management System (WMS) of the merchant and then passed to the logistics system of the logistics company.
At this point, the package is printed with shipping information and eventually delivered through the network of the logistics company to the customer via courier.
“In this process, the data flow like a river, passing through each ecosystem partner’s data contact nodes. These nodes, like castles, are easy targets for attackers from the black market. ECO Platform is like a moat, protecting these castles from threats such as data theft,” said Xuantai.
The ECO Platform is actually designed based on the risks that occur along the data flow.
Firstly, it heightens the castle walls and reinforces fragile points that are susceptible to attack. This involves the defense of servers, front ends, and clients, providing services such as server intrusion prevention, application protection, client protection, and account protection.
Secondly, it installs a comprehensive video monitoring system in the castle to enable risk discovery. The ECO platform boasts of an intelligent risk control model based on big data, which is capable of risk modeling for every key part of the data flow and identifying risky access to core data.
And finally, it locates and disposes of anomalies and risks. Locating risks involves identifying the reasons for risks and their scope of influence, whereas risk disposal is about getting rid of risks. There are many ways to approach this, for instance, online automatic disposal or manual disposal, all depending on the status of the risks.
Xuantai said, “At a deeper level, the system detects global threats and anomalies, which usually involves a prediction about potential threats. All these tasks are completed by products deployed in different links.”
ECO Platform has evolved over time and has various versions, including ECO Platform for service providers, merchants, logistic, cross-border e-commerce, and general purposes, as well as editions customized for certain businesses or architectures.
ECO Platform is born out of the need for data security, especially information breach prevention. According to Xuantai, information breaches are more the result of risk rather than the risk itself. “Information breaches could happen on many occasions, for example, data theft due to server intrusion or account takeover, or insiders who sell data for money,” said Xuantai.
Security engineers at Alibaba trace the sources of information breaches and analyze every potential risk to help the Alibaba ecosystem partners defend against threats. This includes defense on the front end, vulnerability detection and fixing on the back end, and the security of operation environments, covering the underlying system, applications, devices, and accounts.
According to Xuantai, seamless coverage is necessary because any single point of failure on the link could lead to an information breach.
Birth of the ECO Platform
Xuantai also narrated the story of how the ECO Platform came into being.
Alibaba began building its information breach defense system prior to 2013 and the ECO Platform was born in 2014 along with the Ecosystem Security team.
For data security in open scenarios, there was neither existing experience to learn from nor any products that could solve these problems. Initially, it was more like playing catch-up, fixing problems after they happened. Later, the team began to explore a more systematic and intelligent way to uphold data security. Since then, there have been a lot of innovations. Eventually, it became possible to discover suspicious intrusions through the correlation analysis of traffic and host-layer behaviors.
“We also proposed to use the behavior analysis technology driven by big data to monitor and locate risks, and to provide our capabilities as Software as a Service (SaaS) to all ecosystem partners. During this process, our team filed six technology patent applications,” said Xuantai.
In early 2015, a complete product system was built by Xuantai and his team. In the middle of 2015, they performed a lightweight upgrade to the ECO Platform and upgraded the systems of ecosystem partners for better defense with a brand-new approach. Xuantai said, “We were able to equip over half of the Taobao order data links with the ECO Platform in just six months.”
Another exciting question is, how this lightweight system performs in real-world scenarios?
“There was an instant and sharp drop in the number of customer complaints, which has never rebounded since,” Xuantai said, proudly.
Built on new development ideas, the new system provides optimized and lightweight products, and establishes standards and security infrastructures for ecosystem partners. More importantly, the system can detect risks in real-time and quickly identify the source of problems.
“The system is imperceptible to users, much like a plainclothes cop. However, the moment a thief reaches out their hand, the cop appears and catches him. Moreover, this system is very lightweight and can be disassembled into individual products. Instead of buying the complete platform, users can choose its smaller components according to their needs,” Xuantai said proudly.
However, this was just the beginning. It offers end-to-end protection from service providers and sellers, to logistics. Xuantai told us that the Ecosystem Security team had been working on the governance of service providers from 2014 to 2015. This task is now almost done. 98% of Taobao sellers’ orders that go through service providers’ applications pass through the ECO Platform. It takes a very short time to connect to the ECO Platform, greatly reducing the connection costs.
Xuantai said, “In 2015, complaints against service providers dropped to a historic low thanks to the extensive adoption of ECO Platform.”
Furthermore, they had to deal with issues related to sellers. Information leaks from sellers mainly because of the following reasons.
- Customer service representatives are bribed by cybercriminals to leak data.
- Cybercriminals pretending to be job candidates are employed by sellers and steal data.
- Some sellers use their proprietary systems, which are individually deployed and weak in defense.
In 2016, Alibaba Security announced the ECO Platform for Merchants, which is free for sellers to use. “Our system has powerful risk discovery capabilities and can dispose of risks in real-time.” Xuantai said, “The risks are ranked and disposed of in different ways depending on their ranks.”
Logistics is another major challenge. “The logistics industry is vast and more complicated. It is difficult to even tell how many problems exist,” said Xuantai. And in the same year, the ECO Platform for Logistics was launched.
There are many logistic companies compared to merchants. Although only dozens of logistics brands are well-known to the public nationwide, they have massive networks and hire large numbers of people. Based on the governance experience of service providers, the Ecosystem Security team took time to develop a strategy specific to logistics, aiming to first cover express companies, especially the top ones.
“We have focused on the governance of express companies. Currently, most express companies are using the ECO Platform and have achieved great results. We will proceed to the next step and include warehousing and delivery companies,” Xuantai told us.
Make Double 11 Routine
The Ecosystem Security team was established in 2014 and Xuantai was entrusted with security responsibilities for that year’s Double 11. “The preparation of the emergency plan for Double 11 began in as early as August,” said Xuantai. “And it was a painful experience,” Xuantai added. That was when Xuantai and his team decided to “make Double 11 routine in 2 to 3 years.”
With this goal in mind and successful implementation, the Ecosystem Security team sailed through 2016 and 2017 Double 11, and even planned to get off work as usual on 2018 Double 11. “Our plan is to celebrate Double 11 by spending money as ordinary consumers.”
ECO Platform made it through 2016 Double 11 with three “zeros”: zero failures, zero degradation, and zero incidents. This was incredible considering the huge amount of orders in a single day.
ECO Platform achieved the same three “zeros” in 2017 Double 11. “Since its inception in 2014, ECO Platform has had only one P4 failure. All quality issues were taken care of in the R&D phase,” said Xuantai.
At Alibaba, P4 denotes minor failures that are not recorded. How is this level of security achieved?
Xuantai requires that developers in his team are responsible for the quality of whatever they produce. “They have done a pretty good job in ensuring the stability and performance of the system,” Xuantai said, praising his teammates.
“We were on duty this Double 11, but felt more relaxed than before,” Xuantai said candidly.