Who Has the Best Scanning Tools in China?
Recent “China Cybersecurity Industry Panorama” gives one assessment of China’s top scanning companies.
China has developed a robust cybersecurity industry along with the explosive growth of the country’s information and communications technology (ICT) sector in the past two decades. In 2023, revenue from information security products and services in China reached 223.2 billion RMB (US$31 billion), a year-on-year increase of 12.4%, according to data from the Chinese Ministry of Industry and Information Technology (MIIT). Meanwhile, as of June 2023, China had a total of 3984 information security products and services companies, a year-on-year growth of 22.4%. 26 of 3984 companies, less than 1 percent, were public companies.
The April 2024 edition of the annual China Cybersecurity Industry Panorama gives a glimpse at the top providers of information security products and services.
Security Bull (a.k.a AQNIU.COM)(安全牛), a well-known Chinese information security media and flagship think tank with a targeted clientele on cybersecurity decision makers, was the organizer of this 11th edition of China Cybersecurity Industry Panorama (中国网络安全行业全景图) (the Panorama). The Panorama listed China’s top providers of information security products and services in 16 primary categories with a total of 108 secondary categories. Vendors submitted products and services to the organizer according to the categories. Each vendor cannot submit more than 60 items. The organizer had a team of industry experts to evaluate the submission and chose the top vendors in each category. The requirements for products and services to be included in the Panorama are that products and services must be researched and developed independently; have been sold and delivered with real case applications in 2023 with certain market share and application representation in the corresponding categories; and data of the products and services must be accurate and verifiable. The 11th Panorama received 4941 product item submissions from 510 security vendors. Of these, 2413 product items, about 48.8% of the total product submission, from 454 vendors were selected for inclusion.
In this post, the Natto Team takes the providers of the web application scanning and monitoring sub-category, which is under the application security category, as an example to explore who the top vendors in the category are, what notable products they have, and what this means in the context of China’s cybersecurity industry. Previously, we have introduced some popular Chinese scanning tools and explored reconnaissance tools used by APT41, a Chinese state-sponsored hacking group. We believe there is a need to have a further understanding of Chinese vendors and their products in the web application scanning category as a whole and the overall scanning products and services capability. We would like to emphasize that these vendors appear to develop the products and sell them for legitimate defensive purposes, and we have no evidence of offensive uses at the time of this writing.
Vendor Overview
The Panaroma listed a total of 22 vendors in the Web Application Scanning and Monitoring category (see the chart below for details of the list). In addition to being listed in the scanning and monitoring category, all the vendors had other products which have been chosen in other categories of the Panaroma. That means the web application scanning and monitoring products and services were not the only products for the vendors. All of the 60 allowed submissions from NSFOCUS and from TOPSEC were chosen for inclusion in the Panorama.
In the following chart, the Natto Team summarizes the results of Chinese-language research in the websites of each company.
Notes:
The chart indicates whether the company has a China National Vulnerability Database of Information Security (CNNVD) Vulnerability Support Unit, or a China National Vulnerability Database (CNVD) Technical Support Unit, or a CNCERT Emergency Response Technical Support Unit. This is important because it shows they have ongoing relationships with the Chinese government.
The chart also notes which companies are public and thus more likely to provide public accounting to shareholders. The others are privately owned.
The websites do not always provide detailed and complete lists of products. For example, Natto Team research found a reference to an NSFOCUS file scanner tool D-Eyes (discussed below) that was not listed on their website .
Top Cybersecurity Companies Take the Lead
The 22 companies in the Web Application Scanning and Monitoring category make up a small percentage of China’s close to 4000 cybersecurity companies. However, these companies represent the top companies in the industry in terms of market share and revenue. Looking into companies’ market share in 2022, five companies were among the top 10 market share cybersecurity companies with VenusTech, 7.1 percent, TOPSEC, 5.5 percent, NSFOCUS, 4.2 percent, DAS Security, 3 percent; and AsianInfo, 2.7 percent, according to China Cybersecurity Industry Analysis Report 2023 published by China Cybersecurity Industry Alliance (CCIA). 7 of the 22 companies are public companies, representing 31.8 percent of the total 26 cybersecurity public companies in China in 2023.
These companies represent the most capable cybersecurity companies in China. For example, NSFOCUS, established in April 2000, released the first Chinese domestic intrusion detection system in 2005, the first domestic web-based firewall application and the first Security Benchmark Verification System in 2007. It also became the first Chinese company to pass the ISO28001 certification and achieved the largest vulnerability database in 2007. Since 2019, the largest stakeholder, CETC (China Electronics Technology Group Corporation) of NSFOCUS is a state-owned company which has resulted in more businesses from government clients. NSFOCUS claims to offer 60 services, most of which are standard across the industry for cyber security companies, such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). NSFOCUS has expanded into file scanning and honeypot tools which are much rarer services. Its file scanning tool D-Eyes in particular is typically offered by a select few security companies who specialize in malware. By providing file scanning, it allows clients to detect and report potential malware internally.
Another example is the company Topsec. Topsec, established in 1995, claims to be China’s first network security company and is well known for producing China’s first indigenous firewalls. Other than offering a range of typical information security products and services, one noteworthy service from Topsec is its “intelligence defense engine” which is an anti-malware solution.
Top Scanning Capability Means More Responsibility
Although the Panorama did not list the details of the scanning and monitoring products and services that the 22 vendors provide, the Natto Team’s research suggests most of the vendors provide web security scanners, vulnerability scanning and discovery systems and security monitoring systems. These vendors’ scanning capability has led many of them to be qualified as national-level vulnerability support units and emergency response technical support units.
China National Vulnerability Database of Information Security (CNNVD) (国家信息安全漏洞库), operated by China Information Technology Security Evaluation Center (中国信息安全测评中心) under the Ministry of State Security (MSS), is the official national database cataloguing known vulnerabilities. CNNVD vulnerability support units have three levels according to company size, technical research capability, and the number of vulnerabilities contributed. In 2024, 15 of the 22 vendors in the scanning and monitoring category are on the lists of vulnerability support units of CNNVD, including NSFOCUS, VenusTech, DAS Security, TOPSEC, China Telecom Cybersecurity Tech, and H3C in the first level; SURFilter, WebRAY, and AsianInfo Security in the second level, and Neusoft, Hillstone, Knownsec, BugBank and Bangcle in the 3rd level.
The similarly named China National Vulnerability Database (CNVD) (国家信息安全漏洞共享平台) operates under the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC). CNVD technical support units are the core members of CNVD to carry out vulnerability discovery, recording and monitoring as well as vulnerability global monitoring and emergency response. 8 of the 22 vendors in the scanning and monitoring category are CNVD technical support units, including Venustech, NSFOCUS, Topsec, Neusoft , DAS Security, Knowsec, WebRAY and CHAITIN. All of these 8 companies are also CNNVD technical support units.
Lastly, 9 of the 22 companies are members of emergency response technical support units of the National Computer network Emergency Response Technical Team (CNCERT) for 2024-2025. Among the 9 companies, Topsec, Venustech, Knownsec, Das Security and WebRAY are Grade A CNCERT emergency response technical support units (formerly known as national-level and with central-level ministries as clients), while GuanAn, CHAITIN, Bangcle, and Surfilter are Grade B (formerly known as provincial-level) support units.
Going International
Many of these companies have been expanding their footprint in the international market for years by establishing overseas subsidiaries, getting recognition from internationally known market analysis firms, and partnering with overseas companies.
NSFOCUS claims to have over 50 offices worldwide, with subsidiaries in the US, Brazil, Singapore, the United Kingdom and Japan. NSFOCUS had the largest market share for DDoS mitigation in the Asia Pacific for many years, according to Frost & Sullivan, a market research firm based in the US. In 2016 NSFOCUS International Business, a subsidiary of NSFOCUS, partnered with distributor Spectrami and MDS computers, expanding into the Middle East/North Africa region. In the same year, NSFOCUS partnered with MultiPoint, a distributing company servicing the Mediterranean, allowing NSFOCUS to expand its business in the European market, and expanded its management team by appointing a Vice President of Sales from Brazil to focus on Latin America.
Since 2012, Gartner, an American technological research and consulting firm, has listed NSFOCUS in its Gartner Magic Quadrant for Web Application Firewalls and Gartner’s Market Guide for Security Threat Intelligence Products and Services.
Venustech is another Chinese company listed on Gartner Magic Quadrant in multiple years and a market leader of industrial firewall in 2018 by Frost & Sullivan.
Knownsec stated on its website that the company’s cloud security product is used overseas in Seoul, Tokyo, South Africa, the US, and Brazil. It planned to open services in South America, Australia, and Europe.
Neusoft has established overseas subsidiaries in the US and Japan as early as in 2000 and claimed to be ranked as China’s number 1 software export company in 2022.
As competition in the domestic market grows fiercer because of China’s economic growth slowdown, it is likely more and more Chinese cybersecurity companies will seek opportunities overseas.
One last interesting note, as the Natto Team looks into companies on the Panorama list, we did not see two companies - i-SOON or Chengdu 404 which we are familiar with, so these two companies did not make it to the list. Does this mean at least 454 companies on the list are more capable than i-SOON and Chengdu 404? Is it alarming?