WO2021070216A1 - Vulnerability management equipment, vulnerability management method, and program - Google Patents

Vulnerability management equipment, vulnerability management method, and program Download PDF

Info

Publication number
WO2021070216A1
WO2021070216A1 PCT/JP2019/039457 JP2019039457W WO2021070216A1 WO 2021070216 A1 WO2021070216 A1 WO 2021070216A1 JP 2019039457 W JP2019039457 W JP 2019039457W WO 2021070216 A1 WO2021070216 A1 WO 2021070216A1
Authority
WO
WIPO (PCT)
Prior art keywords
vulnerability
information
configuration information
unit
evaluation
Prior art date
Application number
PCT/JP2019/039457
Other languages
French (fr)
Japanese (ja)
Inventor
朋治 中村
哲也 出村
齋藤 直樹
Original Assignee
株式会社Pfu
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Pfu filed Critical 株式会社Pfu
Priority to PCT/JP2019/039457 priority Critical patent/WO2021070216A1/en
Priority to JP2021550949A priority patent/JP7198991B2/en
Publication of WO2021070216A1 publication Critical patent/WO2021070216A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a vulnerability management device, a vulnerability management method, and a program.
  • Patent Document 1 in an information processing method for processing input information input to an information processing apparatus having a control unit, the control unit acquires danger increase / decrease information, and the danger acquired by the control unit. Whether or not the value based on the input information by the control unit exceeds the first threshold range by correcting the first threshold range stored in the storage unit or the second threshold range stored in the storage unit based on the sex increase / decrease information. When the control unit determines that the first threshold range is exceeded, the control unit determines whether the number of times the determination is exceeded or the time exceeded exceeds the second threshold range, and the control unit determines that the second threshold range is exceeded. An information processing method for outputting abnormal information when it is determined that the threshold range is exceeded is disclosed.
  • Patent Document 2 information on a cyber attack detected with respect to a device targeted for a cyber attack is acquired, and an image showing the earth and an image showing the device arranged around the image showing the earth are described.
  • Image information that is placed between the surface of the image showing the earth and the image showing the device, and includes an image showing the level of the cyber attack detected with respect to the device based on the acquired information on the cyber attack.
  • a display method is disclosed, wherein a computer executes a process of generating the generated image information and outputting the generated image information.
  • Non-Patent Document 3 discloses software that integrates proactive prevention and post-response, realizes simple and quick incident response, and integrates and manages the cycle of detection, investigation, and response.
  • the purpose is to provide a vulnerability management device that can visually grasp and manage the risk level of a vulnerability.
  • the vulnerability management device includes a configuration information acquisition unit that acquires configuration information of a device connected to a predetermined network, an information collection unit that collects vulnerability information indicating applicable security measures, and the above. It has an evaluation unit that evaluates the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition unit and the vulnerability information collected by the information collection unit.
  • it further has a display unit that displays the vulnerability of each device with a symbol having a size corresponding to the evaluation result by the evaluation unit.
  • the information collecting unit collects information on an applicable patch or update program and information on an updatable virus definition file as the vulnerability information
  • the configuration information acquisition unit is a device for each device.
  • the identification information for identifying the patch or update program applied to the device and the information regarding the update of the virus definition file in each device are acquired as the configuration information.
  • the display unit displays a list of evaluation results by the evaluation unit for a plurality of devices connected to the default network.
  • the evaluation unit has an evaluation value calculated based on whether or not an applicable patch or update program has been applied to the device, and whether or not the updateable virus definition file has been updated on the device.
  • the evaluation value of each device is calculated by adding up the evaluation value calculated based on the above, and the display unit switches and displays the evaluation value before and after the total for each device.
  • the display unit superimposes a symbol having a size corresponding to the evaluation result of each device on the floor diagram in which each device is arranged or the network configuration diagram in which each device is connected. To display.
  • the display unit displays the evaluation results of the devices connected to the network in different display modes depending on whether or not the network is connected to the Internet.
  • a plurality of warning lights arranged around the place where the equipment is installed, and a warning installed around the equipment when the evaluation result by the evaluation unit for any of the equipments meets the predetermined conditions. It further has a detection unit for turning on the light.
  • the vulnerability management method includes a configuration information acquisition step for acquiring the configuration information of a device connected to a predetermined network, an information collection step for collecting vulnerability information indicating applicable security measures, and the above. It has an evaluation step for evaluating the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition step and the vulnerability information collected by the information collection step.
  • the program according to the present invention includes a configuration information acquisition step for acquiring configuration information of a device connected to a predetermined network, an information collection step for collecting vulnerability information indicating applicable security measures, and the configuration information acquisition. Based on the configuration information acquired by the step and the vulnerability information collected by the information gathering step, the computer is made to execute an evaluation step for evaluating the vulnerability of each device connected to the network.
  • FIG. 1 It is a figure which illustrates the whole structure of the vulnerability management system 1. It is a figure which illustrates the hardware configuration of the vulnerability management apparatus 5. It is a figure which illustrates the functional structure of the vulnerability management apparatus 5.
  • (A) is a diagram illustrating the vulnerability information stored in the vulnerability information DB 600
  • (b) is a diagram illustrating the configuration information stored in the configuration information DB 610
  • (c) is a diagram illustrating the configuration information stored in the configuration information DB 610.
  • S10 the vulnerability visualization process
  • (A) exemplifies the display method of the evaluation value of the vulnerability origin
  • (b) exemplifies the display method of the evaluation value of the terminal origin
  • (c) exemplifies the display method of the evaluation value of the user origin.
  • (A) is an evaluation value map exemplifying a totaling mode in which the evaluation values for each user terminal 3 are totaled and displayed
  • (b) is a "circle" for the number of vulnerabilities and the evaluation value for each user terminal 3.
  • It is an evaluation value map which exemplifies the detailed mode which displays by the number and size of. It is a figure which illustrates the visualization of the evaluation value of the user terminal 3 between a company, a floor, and a department.
  • FIG. 1 is a diagram illustrating the overall configuration of the vulnerability management system 1.
  • the vulnerability management system 1 includes a plurality of user terminals 3a, user terminals 3b, user terminals 3c, user terminals 3d, vulnerability management device 5, and warning light 7, via a network 9. Are connected to each other.
  • the user terminal 3a, the user terminal 3b, the user terminal 3c, and the user terminal 3d are collectively referred to as the user terminal 3.
  • the user terminal 3 is an example of the device according to the present invention.
  • the user terminal 3 is a computer terminal or a network device operated by the user, and is a target device for vulnerability management by the vulnerability management device 5.
  • the user terminal 3 is a business server, a business PC, a router, or an IoT device.
  • the vulnerability management device 5 is a computer terminal, and manages and displays the vulnerabilities of each user terminal 3.
  • the vulnerability in the present invention refers to an information security defect caused by a program defect or a design error, and includes a risk due to unpatching and a risk due to a virus.
  • the patch means a patch, an update program, and a virus definition file.
  • the vulnerability management device 5 represents the influence of the vulnerability of the user terminal 3 connected to the network 9 based on the vulnerability information acquired from the external website and the configuration information of the user terminal 3.
  • the evaluation value is quantified, and the symbol corresponding to the evaluation value of the vulnerability is displayed.
  • the warning light 7 is a rotating light that is arranged around the installation location of the user terminal 3 and informs the surroundings of the vulnerability.
  • FIG. 2 is a diagram illustrating a hardware configuration of the vulnerability management device 5.
  • the vulnerability management device 5 includes a CPU 200, a memory 202, an HDD 204, a network interface 206 (network IF206), a display device 208, and an input device 210, and these configurations include a bus 212. They are connected to each other via.
  • the CPU 200 is, for example, a central arithmetic unit.
  • the memory 202 is, for example, a volatile memory and functions as a main storage device.
  • the HDD 204 is, for example, a hard disk drive device, and is a computer program (for example, the vulnerability management program 50 in FIG. 3) and other data files (for example, the vulnerability information database 600 in FIG.
  • the information database 610) is stored.
  • the network IF206 is an interface for wired or wireless communication, and realizes communication in the internal network 9, for example.
  • the display device 208 is, for example, a liquid crystal display.
  • the input device 210 is, for example, a keyboard and a mouse.
  • FIG. 3 is a diagram illustrating the functional configuration of the vulnerability management device 5.
  • the vulnerability management program 50 is installed in the vulnerability management device 5 of this example, and the vulnerability information database 600 (vulnerability information DB 600) and the configuration information database 610 (configuration information) are installed. DB610) is configured.
  • the vulnerability management program 50 includes a configuration information acquisition unit 500, a vulnerability information collection unit 502, a search unit 504, an evaluation unit 506, a display unit 508, and a detection unit 510.
  • a part or all of the vulnerability management program 50 may be realized by hardware such as an ASIC, or may be realized by borrowing a part of the functions of the OS (Operating System).
  • the configuration information acquisition unit 500 acquires the configuration information of the user terminal 3 connected to the network 9. Specifically, the configuration information acquisition unit 500 configures identification information for identifying a patch or update program applied to each user terminal 3 and information related to updating a virus definition file in each user terminal 3. Get as information. More specifically, the configuration information acquisition unit 500 acquires the latest OS (VL) information, user information, installed software information, and patch application status of the user terminal 3 connected to the network 9. It is stored in the configuration information DB 610. For example, the configuration information acquisition unit 500 acquires OS information, user information, and patch application status from the business server and business PC, acquires a communication path from network 9, acquires setting information from a router, and is an IoT device. Obtain Bluetooth Version, Sensor Version, Firmware Version, and Wifi Level from. When the user terminal 3 is a PC or an IoT device, the configuration information acquisition unit 500 acquires configuration information by using the API of the OS.
  • Vulnerability information collection unit 502 collects vulnerability information indicating applicable information security measures. Specifically, the vulnerability information collection unit 502 collects information on applicable patches or updates and information on updatable virus definition files as vulnerability information. More specifically, the vulnerability information collection unit 502 constantly monitors an external website that publishes vulnerability information, and when new vulnerability information is posted, collects new vulnerability information. It is stored in the vulnerability information DB 600. More specifically, the vulnerability information collection unit 502 collects software, the degree of risk, and the presence or absence of patches as vulnerability information from an external website. External websites refer to, for example, JVN (vulnerability information), IPA, ESET, Trend Micro, SOURCENEXT (virus information), Microsoft (patch information), and McAfee (definition information) sites.
  • JVN vulnerability information
  • IPA IPA
  • ESET Trend Micro
  • SOURCENEXT virus information
  • Microsoft patch information
  • McAfee definition information
  • Vulnerability information collection unit 502 acquires vulnerability information by analyzing the contents of APIs and Web pages published on these websites.
  • the risk level of the vulnerability that can be obtained from an external website is the standardized value CVSSv2 or CVSSv3.
  • the vulnerability information collecting unit 502 is an example of the information collecting unit according to the present invention.
  • the search unit 504 searches for the user terminal 3 that is the target of the new vulnerability information. Specifically, the search unit 504 searches the configuration information DB 610 for the user terminal 3 that needs to be dealt with based on the vulnerability information collected by the vulnerability information collecting unit 502.
  • the display unit 508 is a symbol having a size corresponding to the evaluation result by the evaluation unit 506, and displays the vulnerabilities of each of the user terminals 3. Specifically, the display unit 508 displays a symbol having a size corresponding to the evaluation value calculated by the evaluation unit 506 in association with the user terminal 3. Also, The display unit 508 displays a list of evaluation results by the evaluation unit 506 for a plurality of user terminals 3 connected to the network 9. Further, the display unit 508 switches and displays the evaluation values before and after the summation for each user terminal 3. Specifically, the display unit 508 switches between a total mode for displaying the total evaluation value for each user terminal 3 and a detailed mode for displaying the evaluation value in the user terminal 3 separately.
  • the display unit 508 has a size corresponding to the evaluation result of each user terminal 3 with respect to the floor diagram in which each user terminal 3 is arranged or the network configuration diagram to which each user terminal 3 is connected.
  • the symbols are superimposed and displayed. Specifically, the display unit 508 superimposes the user terminal 3 having the evaluation value calculated by the evaluation unit 506 on the layout diagram or the floor diagram of the user terminal 3 to generate an evaluation value map. Further, the display unit 508 displays the evaluation result of the user terminal 3 connected to the network in a different display mode depending on whether or not the network is connected to the Internet.
  • the detection unit 510 turns on the warning light installed around the user terminal 3.
  • FIG. 4A is a diagram illustrating vulnerability information stored in the vulnerability information DB 600
  • FIG. 4B is a diagram illustrating configuration information stored in the configuration information DB610
  • FIG. 4C is a diagram illustrating the configuration information stored in the configuration information DB610.
  • the vulnerability information DB 600 includes a vulnerability ID that identifies the vulnerability, the target software that the vulnerability affects, and the degree of risk that quantifies the risk of the vulnerability.
  • the patch name corresponding to the vulnerability is stored. As illustrated in FIG.
  • the configuration information DB 610 contains a terminal ID that identifies the user terminal 3, OS information of the user terminal 3, user identification information of the user terminal 3, and a patch application status. It is stored. As illustrated in FIG. 4C, the configuration information DB 610 further stores the terminal ID that identifies the user terminal 3, the software of the user terminal 3, and the patch application status as software configuration information. To.
  • FIG. 5 is a flowchart illustrating the vulnerability visualization process (S10) by the vulnerability management device 5.
  • the vulnerability information collecting unit 502 constantly monitors an external website that discloses the vulnerability information.
  • step 105 when the vulnerability information collection unit 502 detects that new vulnerability information has been posted on an external website, it proceeds to S110 and does not detect new vulnerability information. Then, move to S100 and continue monitoring.
  • step 110 the vulnerability information collecting unit 502 collects the newly posted vulnerability information. Specifically, the vulnerability information collection unit 502 collects the target software, the degree of risk, and the presence / absence of patches of the newly posted vulnerability information, and stores them in the vulnerability information DB 600.
  • the vulnerability information collecting unit 502 notifies the search unit 504 of the collected vulnerability information.
  • the configuration information acquisition unit 500 acquires the latest configuration information of the user terminal 3 connected to the network 9. Specifically, the configuration information acquisition unit 500 acquires the OS information, user information, installed software information, and patch application status of the user terminal 3 and stores them in the configuration information DB 610.
  • step 120 the search unit 504 searches the configuration information stored in the configuration information DB 610 for whether or not the user terminal 3 corresponding to the vulnerability information notified by the vulnerability information collection unit 502 exists. ..
  • step 125 when the corresponding user terminal 3 exists as a result of the search by the search unit 504, the vulnerability visualization process (S10) shifts to S130, and when the corresponding user terminal 3 does not exist. , S100.
  • step 130 the evaluation unit 506 calculates an evaluation value based on the application status of the patch of the user terminal 3 corresponding to the new vulnerability information and the vulnerability remaining in the user terminal 3.
  • step 135 the display unit 508 displays the evaluation value calculated by the evaluation unit 506 on the vulnerability management device 5. Further, the display unit 508 displays the evaluation value of the user terminal 3 on the vulnerability management device 5 with a symbol (for example, the size of a “circle”) corresponding to the evaluation value.
  • FIG. 6 is a diagram illustrating a method of displaying the evaluation value.
  • FIG. 6A exemplifies a method of displaying an evaluation value of a vulnerability origin
  • FIG. 6B exemplifies a method of displaying an evaluation value of a terminal origin
  • FIG. 6C exemplifies a method of displaying an evaluation value of a user origin. Is illustrated.
  • the display unit 508 displays the evaluation value from the vulnerability origin, the terminal origin, and the user origin.
  • FIG. 6A in the method of displaying the starting point of a vulnerability, a list of terminals affected by a certain vulnerability and an evaluation value is displayed.
  • the evaluation value of the user terminal 3 for each vulnerability can be displayed in a list by using the target software of the vulnerability information as a key.
  • the evaluation values for each terminal are displayed in a list using the terminal ID of the configuration information as a key.
  • the risk indicating the risk of not applying the patch, the risk indicating the risk of the virus, and the evaluation value which is the total of these are displayed by numerical values and symbols. Further, at the terminal starting point, by setting the importance of the user terminal 3, it is possible to change the notification method to the user when the vulnerability is not addressed.
  • a mailing list can be set for notifications that are not vulnerable to the user terminal 3, which has a high degree of importance.
  • the vulnerability can be dealt with systematically.
  • a user's responsible terminal is obtained by acquiring a list of terminals operated by the same user based on the configuration information and calculating an evaluation value for each terminal. List the evaluation values of.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • FIG. 7A is an evaluation value map exemplifying a totaling mode in which evaluation values for each terminal are totaled and displayed
  • FIG. 7B is a number of “circles” for the number of vulnerabilities and evaluation values for each terminal. It is an evaluation value map which exemplifies the detailed mode which displays by the size.
  • the display unit 508 calculates evaluation values for all user terminals 3 and generates an evaluation value map by combining the evaluation values with the layout of the user terminals 3. As illustrated in FIG. 7A, the display unit 508 displays the evaluation value for each user terminal 3 in the size of one symbol “circle” in the total mode. As illustrated in FIG.
  • the display unit 508 displays the number of vulnerabilities and the evaluation value for each user terminal 3 by the number and size of “circles”. Further, the user can display the information of the user terminal origin and the information of the vulnerability origin by selecting the user terminal 3 on the evaluation value map.
  • the evaluation value map can immediately identify the physical position of the user terminal 3 having a high evaluation value of vulnerability.
  • the content of the vulnerability can be understood, and the necessary countermeasures can be specified.
  • FIG. 8 is a diagram illustrating visualization of the evaluation value of the user terminal 3 between companies, floors, and departments.
  • the display unit 508 represents the relevance on the network based on the amount of communication between the user terminals 3.
  • the thickness of the line in the figure is proportional to the amount of communication.
  • the security administrator can view the evaluation value map on the "floor” of the "4F” by selecting “4F” of "company-wide” in FIG. 8, and further select “B” of the "floor”. This makes it possible to browse the evaluation value map in the "department” corresponding to "B". Displaying the traffic volume and the evaluation value of the vulnerability together makes it possible to identify the range affected by the vulnerability.
  • the display unit 508 makes it possible to distinguish the closed environment, which is generally not patchable and always tends to have a high risk, by displaying the closed environment in different colors.
  • the evaluation value is calculated based on the vulnerability information collected from the external website and the configuration information of the user terminal 3, and the calculated evaluation value is used as a symbol. Represent.
  • the security administrator can intuitively grasp the danger.
  • an evaluation value display method it is possible to display based on different starting points, so that it is possible to grasp the danger from multiple aspects.
  • the range of impact of the vulnerability can be visually grasped, and the priority of response to the vulnerability can be set. It will be possible.
  • Vulnerability management system 3 ... User terminal 5 ... Vulnerability management device 7 ... Warning light 9 ... Network 50 ... Vulnerability management program 500 ... Configuration information acquisition unit 502 . Vulnerability information collection unit 504 ... Search unit 506 ... Evaluation unit 508 ... Display unit 510 ... Detection unit 600 ... Vulnerability information database 610 ... Configuration information database

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

Vulnerability management equipment 5 comprises: a configuration information acquisition unit 500 which acquires configuration information about devices connected to a prescribed network; a vulnerability information collection unit 502 which collects vulnerability information indicating applicable security measures; and an assessment unit 506 which assesses the vulnerability of each device connected to the network, on the basis of the configuration information acquired by the configuration information acquisition unit 500 and the vulnerability information collected by the vulnerability information collection unit 502. The vulnerability management equipment 5 further comprises a display unit 508 which indicates the vulnerability of each device using symbols that have sizes corresponding to the results of the assessment by the assessment unit 506.

Description

脆弱性管理装置、脆弱性管理方法、及びプログラムVulnerability management equipment, vulnerability management methods, and programs
 本発明は、脆弱性管理装置、脆弱性管理方法、及びプログラムに関する。 The present invention relates to a vulnerability management device, a vulnerability management method, and a program.
 例えば、特許文献1には、制御部を有する情報処理装置に入力された入力情報を処理する情報処理方法において、前記制御部により、危険性の増減情報を取得し、前記制御部により取得した危険性の増減情報に基づき、記憶部に記憶した第1閾範囲または記憶部に記憶した第2閾範囲を補正し、前記制御部により入力情報に基づく値が前記第1閾範囲を越えるか否か判断し、前記制御部により前記第1閾範囲を越えると判断した場合に、越えると判断した回数または越えた時間が前記第2閾範囲を越えるか否か判断し、前記制御部により前記第2閾範囲を越えると判断した場合に、異常情報を出力する情報処理方法が開示されている。 For example, in Patent Document 1, in an information processing method for processing input information input to an information processing apparatus having a control unit, the control unit acquires danger increase / decrease information, and the danger acquired by the control unit. Whether or not the value based on the input information by the control unit exceeds the first threshold range by correcting the first threshold range stored in the storage unit or the second threshold range stored in the storage unit based on the sex increase / decrease information. When the control unit determines that the first threshold range is exceeded, the control unit determines whether the number of times the determination is exceeded or the time exceeded exceeds the second threshold range, and the control unit determines that the second threshold range is exceeded. An information processing method for outputting abnormal information when it is determined that the threshold range is exceeded is disclosed.
 また、特許文献2には、サイバー攻撃の対象となる装置に関して検知されたサイバー攻撃の情報を取得し、地球を示す画像と、該地球を示す画像の周囲に配置された前記装置を示す画像と、前記地球を示す画像の表面と前記装置を示す画像との間に配置され、前記取得した前記サイバー攻撃の情報に基づき、前記装置に関して検知されたサイバー攻撃のレベルを示す画像とを含む画像情報を生成し、該生成された画像情報を出力する処理をコンピュータが実行することを特徴とする表示方法が開示されている。 Further, in Patent Document 2, information on a cyber attack detected with respect to a device targeted for a cyber attack is acquired, and an image showing the earth and an image showing the device arranged around the image showing the earth are described. , Image information that is placed between the surface of the image showing the earth and the image showing the device, and includes an image showing the level of the cyber attack detected with respect to the device based on the acquired information on the cyber attack. A display method is disclosed, wherein a computer executes a process of generating the generated image information and outputting the generated image information.
 また、非特許文献3には、事前予防と事後対処とを統合し、簡単で迅速なインシデント対応の実現し、検知、調査、対応のサイクルを統合管理するソフトウェアが開示されている。 In addition, Non-Patent Document 3 discloses software that integrates proactive prevention and post-response, realizes simple and quick incident response, and integrates and manages the cycle of detection, investigation, and response.
特許5691539Patent 5691539 特開2015-216549JP 2015-216549
 脆弱性の危険度を、視覚的に把握及び管理することができる脆弱性管理装置を提供することを目的とする。 The purpose is to provide a vulnerability management device that can visually grasp and manage the risk level of a vulnerability.
 本発明に係る脆弱性管理装置は、所定のネットワークに接続している機器の構成情報を取得する構成情報取得部と、適用可能なセキュリティ対策を示す脆弱性情報を収集する情報収集部と、前記構成情報取得部により取得された構成情報と、前記情報収集部により収集された脆弱性情報とに基づいて、前記ネットワークに接続している機器それぞれの脆弱性を評価する評価部とを有する。 The vulnerability management device according to the present invention includes a configuration information acquisition unit that acquires configuration information of a device connected to a predetermined network, an information collection unit that collects vulnerability information indicating applicable security measures, and the above. It has an evaluation unit that evaluates the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition unit and the vulnerability information collected by the information collection unit.
 好適には、前記評価部による評価結果に対応する大きさのシンボルで、機器それぞれの脆弱性を表示する表示部をさらに有する。 Preferably, it further has a display unit that displays the vulnerability of each device with a symbol having a size corresponding to the evaluation result by the evaluation unit.
 好適には、前記情報収集部は、適用可能な修正プログラム又は更新プログラムに関する情報と、更新可能なウイルス定義ファイルに関する情報とを前記脆弱性情報として収集し、前記構成情報取得部は、それぞれの機器に適用されている修正プログラム又は更新プログラムを識別する識別情報と、それぞれの機器におけるウイルス定義ファイルの更新に関する情報とを前記構成情報として取得する。 Preferably, the information collecting unit collects information on an applicable patch or update program and information on an updatable virus definition file as the vulnerability information, and the configuration information acquisition unit is a device for each device. The identification information for identifying the patch or update program applied to the device and the information regarding the update of the virus definition file in each device are acquired as the configuration information.
 好適には、前記表示部は、既定のネットワークに接続している複数の機器について、前記評価部による評価結果を一覧表示する。 Preferably, the display unit displays a list of evaluation results by the evaluation unit for a plurality of devices connected to the default network.
 好適には、前記評価部は、適用可能な修正プログラム又は更新プログラムが機器に適用されているか否かに基づいて算出される評価値と、更新可能なウイルス定義ファイルが機器で更新されているか否かに基づいて算出される評価値とを合算して、各機器の評価値を算出し、前記表示部は、それぞれの機器について、合算前後の評価値を切り替えて表示する。 Preferably, the evaluation unit has an evaluation value calculated based on whether or not an applicable patch or update program has been applied to the device, and whether or not the updateable virus definition file has been updated on the device. The evaluation value of each device is calculated by adding up the evaluation value calculated based on the above, and the display unit switches and displays the evaluation value before and after the total for each device.
 好適には、前記表示部は、それぞれの機器が配置されたフロア図、又は、それぞれの機器が接続されたネットワーク構成図に対して、各機器の評価結果に対応する大きさのシンボルを重ね合わせて表示する。 Preferably, the display unit superimposes a symbol having a size corresponding to the evaluation result of each device on the floor diagram in which each device is arranged or the network configuration diagram in which each device is connected. To display.
 好適には、前記表示部は、ネットワークに接続している機器の評価結果を、このネットワークがインターネットに接続しているか否かに応じて異なる表示態様で表示する。 Preferably, the display unit displays the evaluation results of the devices connected to the network in different display modes depending on whether or not the network is connected to the Internet.
 好適には、機器の設置場所の周囲に配置された複数の警告灯と、いずれかの機器について前記評価部による評価結果が既定の条件に合致した場合に、この機器の周囲に設置された警告灯を点灯させる検知部とをさらに有する。 Preferably, a plurality of warning lights arranged around the place where the equipment is installed, and a warning installed around the equipment when the evaluation result by the evaluation unit for any of the equipments meets the predetermined conditions. It further has a detection unit for turning on the light.
 本発明に係る脆弱性管理方法は、所定のネットワークに接続している機器の構成情報を取得する構成情報取得ステップと、適用可能なセキュリティ対策を示す脆弱性情報を収集する情報収集ステップと、前記構成情報取得ステップにより取得された構成情報と、前記情報収集ステップにより収集された脆弱性情報とに基づいて、前記ネットワークに接続している機器それぞれの脆弱性を評価する評価ステップとを有する。 The vulnerability management method according to the present invention includes a configuration information acquisition step for acquiring the configuration information of a device connected to a predetermined network, an information collection step for collecting vulnerability information indicating applicable security measures, and the above. It has an evaluation step for evaluating the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition step and the vulnerability information collected by the information collection step.
 本発明に係るプログラムは、所定のネットワークに接続している機器の構成情報を取得する構成情報取得ステップと、適用可能なセキュリティ対策を示す脆弱性情報を収集する情報収集ステップと、前記構成情報取得ステップにより取得された構成情報と、前記情報収集ステップにより収集された脆弱性情報とに基づいて、前記ネットワークに接続している機器それぞれの脆弱性を評価する評価ステップとをコンピュータに実行させる。 The program according to the present invention includes a configuration information acquisition step for acquiring configuration information of a device connected to a predetermined network, an information collection step for collecting vulnerability information indicating applicable security measures, and the configuration information acquisition. Based on the configuration information acquired by the step and the vulnerability information collected by the information gathering step, the computer is made to execute an evaluation step for evaluating the vulnerability of each device connected to the network.
 脆弱性の危険度を、視覚的に把握及び管理することができる。 It is possible to visually grasp and manage the risk of vulnerability.
脆弱性管理システム1の全体構成を例示する図である。It is a figure which illustrates the whole structure of the vulnerability management system 1. 脆弱性管理装置5のハードウェア構成を例示する図である。It is a figure which illustrates the hardware configuration of the vulnerability management apparatus 5. 脆弱性管理装置5の機能構成を例示する図である。It is a figure which illustrates the functional structure of the vulnerability management apparatus 5. (a)は、脆弱性情報DB600に格納される脆弱性情報を例示する図であり、(b)は、構成情報DB610に格納される構成情報を例示する図であり、(c)は、構成情報DB610に格納されるソフトウェアの構成情報を例示する図である。(A) is a diagram illustrating the vulnerability information stored in the vulnerability information DB 600, (b) is a diagram illustrating the configuration information stored in the configuration information DB 610, and (c) is a diagram illustrating the configuration information stored in the configuration information DB 610. It is a figure which illustrates the configuration information of the software stored in the information DB 610. 脆弱性管理装置5による脆弱性可視化処理(S10)を説明するフローチャートである。It is a flowchart explaining the vulnerability visualization process (S10) by the vulnerability management apparatus 5. (a)は、脆弱性起点の評価値の表示方法を例示し、(b)は、端末起点の評価値の表示方法を例示し、(c)は、ユーザ起点の評価値の表示方法を例示する。(A) exemplifies the display method of the evaluation value of the vulnerability origin, (b) exemplifies the display method of the evaluation value of the terminal origin, and (c) exemplifies the display method of the evaluation value of the user origin. To do. (a)は、ユーザ端末3毎の評価値を合算して表示する合算モードを例示する評価値マップであり、(b)は、ユーザ端末3毎の脆弱性の数と評価値を「丸」の数と大きさで表示する詳細モードを例示する評価値マップである。(A) is an evaluation value map exemplifying a totaling mode in which the evaluation values for each user terminal 3 are totaled and displayed, and (b) is a "circle" for the number of vulnerabilities and the evaluation value for each user terminal 3. It is an evaluation value map which exemplifies the detailed mode which displays by the number and size of. 会社、フロア、及び部署間におけるユーザ端末3の評価値の可視化を例示する図である。It is a figure which illustrates the visualization of the evaluation value of the user terminal 3 between a company, a floor, and a department.
 以下、本発明の実施形態を、図面を参照して説明する。
 図1は、脆弱性管理システム1の全体構成を例示する図である。
 図1に例示するように、脆弱性管理システム1は、複数のユーザ端末3a、ユーザ端末3b、ユーザ端末3c、ユーザ端末3d、脆弱性管理装置5、及び警告灯7を含み、ネットワーク9を介して互いに接続している。ユーザ端末3a、ユーザ端末3b、ユーザ端末3c、及びユーザ端末3dをユーザ端末3と総称する。ユーザ端末3は、本発明に係る機器の一例である。
 ユーザ端末3は、ユーザが操作するコンピュータ端末、又はネットワーク機器であり、脆弱性管理装置5による脆弱性管理の対象機器である。具体的には、ユーザ端末3は、業務サーバ、業務PC、ルータ、又はIoT機器である。
 脆弱性管理装置5は、コンピュータ端末であり、各ユーザ端末3の脆弱性を管理、及び表示する。本発明における脆弱性とは、プログラムの不具合や設計上のミスが原因となって発生した情報セキュリティ上の欠陥をいい、パッチの未適用による危険性と、ウイルスによる危険性とを含む。ここで、パッチとは、修正プログラム、更新プログラム、及びウイルス定義ファイルをいう。具体的には、脆弱性管理装置5は、外部のWebサイトから取得した脆弱性情報と、ユーザ端末3の構成情報とに基づいて、ネットワーク9に接続するユーザ端末3の脆弱性による影響を表す評価値を数値化、及び脆弱性の評価値の数値に応じたシンボルを表示する。
 警告灯7は、ユーザ端末3の設置場所の周囲に配置された、脆弱性を周囲に知らせる回転灯である。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram illustrating the overall configuration of the vulnerability management system 1.
As illustrated in FIG. 1, the vulnerability management system 1 includes a plurality of user terminals 3a, user terminals 3b, user terminals 3c, user terminals 3d, vulnerability management device 5, and warning light 7, via a network 9. Are connected to each other. The user terminal 3a, the user terminal 3b, the user terminal 3c, and the user terminal 3d are collectively referred to as the user terminal 3. The user terminal 3 is an example of the device according to the present invention.
The user terminal 3 is a computer terminal or a network device operated by the user, and is a target device for vulnerability management by the vulnerability management device 5. Specifically, the user terminal 3 is a business server, a business PC, a router, or an IoT device.
The vulnerability management device 5 is a computer terminal, and manages and displays the vulnerabilities of each user terminal 3. The vulnerability in the present invention refers to an information security defect caused by a program defect or a design error, and includes a risk due to unpatching and a risk due to a virus. Here, the patch means a patch, an update program, and a virus definition file. Specifically, the vulnerability management device 5 represents the influence of the vulnerability of the user terminal 3 connected to the network 9 based on the vulnerability information acquired from the external website and the configuration information of the user terminal 3. The evaluation value is quantified, and the symbol corresponding to the evaluation value of the vulnerability is displayed.
The warning light 7 is a rotating light that is arranged around the installation location of the user terminal 3 and informs the surroundings of the vulnerability.
 図2は、脆弱性管理装置5のハードウェア構成を例示する図である。
 図2に例示するように、脆弱性管理装置5は、CPU200、メモリ202、HDD204、ネットワークインタフェース206(ネットワークIF206)、表示装置208、及び、入力装置210を有し、これらの構成はバス212を介して互いに接続している。
 CPU200は、例えば、中央演算装置である。
 メモリ202は、例えば、揮発性メモリであり、主記憶装置として機能する。
 HDD204は、例えば、ハードディスクドライブ装置であり、不揮発性の記録装置としてコンピュータプログラム(例えば、図3の脆弱性管理プログラム50)やその他のデータファイル(例えば、図3の脆弱性情報データベース600、及び構成情報データベース610)を格納する。
 ネットワークIF206は、有線又は無線で通信するためのインタフェースであり、例えば、内部ネットワーク9における通信を実現する。
 表示装置208は、例えば、液晶ディスプレイである。
 入力装置210は、例えば、キーボード及びマウスである。 FIG. 2 is a diagram illustrating a hardware configuration of the vulnerability management device 5.
As illustrated in FIG. 2, the vulnerability management device 5 includes a CPU 200, a memory 202, an HDD 204, a network interface 206 (network IF206), a display device 208, and an input device 210, and these configurations include a bus 212. They are connected to each other via.
The CPU 200 is, for example, a central arithmetic unit.
The memory 202 is, for example, a volatile memory and functions as a main storage device.
The HDD 204 is, for example, a hard disk drive device, and is a computer program (for example, the vulnerability management program 50 in FIG. 3) and other data files (for example, the vulnerability information database 600 in FIG. 3) and a configuration as a non-volatile recording device. The information database 610) is stored.
The network IF206 is an interface for wired or wireless communication, and realizes communication in the internal network 9, for example.
The display device 208 is, for example, a liquid crystal display.
The input device 210 is, for example, a keyboard and a mouse.
 図3は、脆弱性管理装置5の機能構成を例示する図である。
 図3に例示するように、本例の脆弱性管理装置5には、脆弱性管理プログラム50がインストールされると共に、脆弱性情報データベース600(脆弱性情報DB600)、及び構成情報データベース610(構成情報DB610)が構成される。
 脆弱性管理プログラム50は、構成情報取得部500、脆弱性情報収集部502、検索部504、評価部506、表示部508、及び検知部510を有する。
 なお、脆弱性管理プログラム50の一部又は全部は、ASICなどのハードウェアにより実現されてもよく、また、OS(Operating System)の機能を一部借用して実現されてもよい。
 脆弱性管理プログラム50において、構成情報取得部500は、ネットワーク9に接続しているユーザ端末3の構成情報を取得する。具体的には、構成情報取得部500は、それぞれのユーザ端末3に適用されている修正プログラム又は更新プログラムを識別する識別情報と、それぞれのユーザ端末3におけるウイルス定義ファイルの更新に関する情報とを構成情報として取得する。より具体的には、構成情報取得部500は、ネットワーク9に接続しているユーザ端末3の最新のOS(VL)情報、ユーザ情報、インストールしているソフトウェア情報、パッチの適用状況を取得し、構成情報DB610に格納する。例えば、構成情報取得部500は、業務サーバ、及び業務PCからOS情報、ユーザ情報、及びパッチの適用状況を取得し、ネットワーク9から通信経路を取得し、ルータから設定情報を取得し、IoT機器からBluetooth Version、Sensor Version、Firmware Version、及びWifi Levelを取得する。構成情報取得部500は、ユーザ端末3がPC又はIoT機器である場合に、OSのAPIの使用により構成情報を取得する。 FIG. 3 is a diagram illustrating the functional configuration of the vulnerability management device 5.
As illustrated in FIG. 3, the vulnerability management program 50 is installed in the vulnerability management device 5 of this example, and the vulnerability information database 600 (vulnerability information DB 600) and the configuration information database 610 (configuration information) are installed. DB610) is configured.
The vulnerability management program 50 includes a configuration information acquisition unit 500, a vulnerability information collection unit 502, a search unit 504, an evaluation unit 506, a display unit 508, and a detection unit 510.
A part or all of the vulnerability management program 50 may be realized by hardware such as an ASIC, or may be realized by borrowing a part of the functions of the OS (Operating System).
In the vulnerability management program 50, the configuration information acquisition unit 500 acquires the configuration information of the user terminal 3 connected to the network 9. Specifically, the configuration information acquisition unit 500 configures identification information for identifying a patch or update program applied to each user terminal 3 and information related to updating a virus definition file in each user terminal 3. Get as information. More specifically, the configuration information acquisition unit 500 acquires the latest OS (VL) information, user information, installed software information, and patch application status of the user terminal 3 connected to the network 9. It is stored in the configuration information DB 610. For example, the configuration information acquisition unit 500 acquires OS information, user information, and patch application status from the business server and business PC, acquires a communication path from network 9, acquires setting information from a router, and is an IoT device. Obtain Bluetooth Version, Sensor Version, Firmware Version, and Wifi Level from. When the user terminal 3 is a PC or an IoT device, the configuration information acquisition unit 500 acquires configuration information by using the API of the OS.
 脆弱性情報収集部502は、適用可能な情報セキュリティ対策を示す脆弱性情報を収集する。具体的には、脆弱性情報収集部502は、適用可能な修正プログラム又は更新プログラムに関する情報と、更新可能なウイルス定義ファイルに関する情報とを脆弱性情報として収集する。より具体的には、脆弱性情報収集部502は、脆弱性情報を公開する外部のWebサイトを常時監視し、新たな脆弱性情報が掲載された場合に、新たな脆弱性情報を収集し、脆弱性情報DB600に格納する。さらに具体的には、脆弱性情報収集部502は、外部のWebサイトから、脆弱性情報として、ソフトウェア、危険度、及びパッチの有無を収集する。外部のWebサイトとは、例えば、JVN(脆弱性情報)、IPA、ESET、トレンドマイクロ、ソースネクスト(ウイルス情報)、マイクロソフト(パッチ情報)、McAfee(定義情報)のサイトをいう。脆弱性情報収集部502は、これらのWebサイトで公開されているAPI、及びWebページの記載内容を解析することにより、脆弱性情報を取得する。外部のWebサイトから取得できる脆弱性の危険度は、標準化された値CVSSv2、又はCVSSv3である。なお、脆弱性情報収集部502は、本発明に係る情報収集部の一例である。
 検索部504は、脆弱性情報収集部502により新たな脆弱性情報が追加された場合に、新たな脆弱性情報の対象となるユーザ端末3を検索する。具体的には、検索部504は、脆弱性情報収集部502により収集された脆弱性情報に基づいて、対処が必要となるユーザ端末3を構成情報DB610から検索する。 Vulnerability information collection unit 502 collects vulnerability information indicating applicable information security measures. Specifically, the vulnerability information collection unit 502 collects information on applicable patches or updates and information on updatable virus definition files as vulnerability information. More specifically, the vulnerability information collection unit 502 constantly monitors an external website that publishes vulnerability information, and when new vulnerability information is posted, collects new vulnerability information. It is stored in the vulnerability information DB 600. More specifically, the vulnerability information collection unit 502 collects software, the degree of risk, and the presence or absence of patches as vulnerability information from an external website. External websites refer to, for example, JVN (vulnerability information), IPA, ESET, Trend Micro, SOURCENEXT (virus information), Microsoft (patch information), and McAfee (definition information) sites. Vulnerability information collection unit 502 acquires vulnerability information by analyzing the contents of APIs and Web pages published on these websites. The risk level of the vulnerability that can be obtained from an external website is the standardized value CVSSv2 or CVSSv3. The vulnerability information collecting unit 502 is an example of the information collecting unit according to the present invention.
When new vulnerability information is added by the vulnerability information collecting unit 502, the search unit 504 searches for the user terminal 3 that is the target of the new vulnerability information. Specifically, the search unit 504 searches the configuration information DB 610 for the user terminal 3 that needs to be dealt with based on the vulnerability information collected by the vulnerability information collecting unit 502.
 評価部506は、構成情報取得部500により取得された構成情報と、脆弱性情報収集部502により収集された脆弱性情報とに基づいて、ネットワーク9に接続しているユーザ端末3それぞれの脆弱性を評価する。具体的には、評価部506は、検索部504により検索された対象となるユーザ端末3のパッチの適用状況、及び、ユーザ端末3に残存する脆弱性に基づいて、評価値を算出する。より具体的には、評価部506は、適用可能な修正プログラム又は更新プログラムがユーザ端末3に適用されているか否かに基づいて算出される評価値と、更新可能なウイルス定義ファイルがユーザ端末3で更新されているか否かに基づいて算出される評価値とを合算して、各ユーザ端末3の評価値を算出する。評価値は、評価値=Σ(脆弱性i(プログラムの欠陥i)の危険度×パッチの適用有無(0 or 1))+Σ(ウイルスjの危険度×定義ファイルの適用有無(0 or 1))により算出される。 The evaluation unit 506 is vulnerable to each of the user terminals 3 connected to the network 9 based on the configuration information acquired by the configuration information acquisition unit 500 and the vulnerability information collected by the vulnerability information collection unit 502. To evaluate. Specifically, the evaluation unit 506 calculates the evaluation value based on the application status of the patch of the target user terminal 3 searched by the search unit 504 and the vulnerability remaining in the user terminal 3. More specifically, in the evaluation unit 506, the evaluation value calculated based on whether or not the applicable patch or update program is applied to the user terminal 3 and the updateable virus definition file are provided in the user terminal 3. The evaluation value of each user terminal 3 is calculated by adding up the evaluation value calculated based on whether or not it is updated in. The evaluation value is evaluation value = Σ (risk of vulnerability i (program defect i) x patch application (0 or 1)) + Σ (virus j risk x definition file application (0 or 1)) ) Is calculated.
 表示部508は、評価部506による評価結果に対応する大きさのシンボルで、ユーザ端末3それぞれの脆弱性を表示する。具体的には、表示部508は、評価部506により算出された評価値に応じた大きさのシンボルをユーザ端末3と関連付けて表示する。また、
表示部508は、ネットワーク9に接続している複数のユーザ端末3について、評価部506による評価結果を一覧表示する。
 さらに、表示部508は、それぞれのユーザ端末3について、合算前後の評価値を切り替えて表示する。具体的には、表示部508は、ユーザ端末3毎に合算した評価値を表示する合算モードと、ユーザ端末3内の評価値を分けて表示する詳細モードとを切り替えて表示する。
 そして、表示部508は、それぞれのユーザ端末3が配置されたフロア図、又は、それぞれのユーザ端末3が接続されたネットワーク構成図に対して、各ユーザ端末3の評価結果に対応する大きさのシンボルを重ね合わせて表示する。具体的には、表示部508は、評価部506により算出された評価値を有するユーザ端末3を、ユーザ端末3の配置図、又はフロア図に重ねて評価値マップを生成する。さらに、表示部508は、ネットワークに接続しているユーザ端末3の評価結果を、このネットワークがインターネットに接続しているか否かに応じて異なる表示態様で表示する。
 検知部510は、いずれかのユーザ端末3について評価部506による評価結果が既定の条件に合致した場合に、このユーザ端末3の周囲に設置された警告灯を点灯させる。 The display unit 508 is a symbol having a size corresponding to the evaluation result by the evaluation unit 506, and displays the vulnerabilities of each of the user terminals 3. Specifically, the display unit 508 displays a symbol having a size corresponding to the evaluation value calculated by the evaluation unit 506 in association with the user terminal 3. Also,
The display unit 508 displays a list of evaluation results by the evaluation unit 506 for a plurality of user terminals 3 connected to the network 9.
Further, the display unit 508 switches and displays the evaluation values before and after the summation for each user terminal 3. Specifically, the display unit 508 switches between a total mode for displaying the total evaluation value for each user terminal 3 and a detailed mode for displaying the evaluation value in the user terminal 3 separately.
Then, the display unit 508 has a size corresponding to the evaluation result of each user terminal 3 with respect to the floor diagram in which each user terminal 3 is arranged or the network configuration diagram to which each user terminal 3 is connected. The symbols are superimposed and displayed. Specifically, the display unit 508 superimposes the user terminal 3 having the evaluation value calculated by the evaluation unit 506 on the layout diagram or the floor diagram of the user terminal 3 to generate an evaluation value map. Further, the display unit 508 displays the evaluation result of the user terminal 3 connected to the network in a different display mode depending on whether or not the network is connected to the Internet.
When the evaluation result by the evaluation unit 506 for any of the user terminals 3 meets the predetermined conditions, the detection unit 510 turns on the warning light installed around the user terminal 3.
 ここで、脆弱性情報DB600、及び構成情報DB610について説明する。
 図4(a)は、脆弱性情報DB600に格納される脆弱性情報を例示する図であり、(b)は、構成情報DB610に格納される構成情報を例示する図であり、(c)は、構成情報DB610に格納されるソフトウェアの構成情報を例示する図である。
 図4(a)に例示するように、脆弱性情報DB600には、脆弱性を識別する脆弱性IDと、脆弱性が影響する対象ソフトウェアと、脆弱性の危険性を数値化した危険度と、脆弱性に対応するパッチ名とが格納される。
 図4(b)に例示するように、構成情報DB610には、ユーザ端末3を識別する端末IDと、ユーザ端末3のOS情報と、ユーザ端末3のユーザ識別情報と、パッチの適用状況とが格納される。
 図4(c)に例示するように、構成情報DB610には、さらに、ソフトウェアの構成情報として、ユーザ端末3を識別する端末IDと、ユーザ端末3のソフトウェアと、パッチの適用状況とが格納される。 Here, the vulnerability information DB 600 and the configuration information DB 610 will be described.
FIG. 4A is a diagram illustrating vulnerability information stored in the vulnerability information DB 600, FIG. 4B is a diagram illustrating configuration information stored in the configuration information DB610, and FIG. 4C is a diagram illustrating the configuration information stored in the configuration information DB610. , Is a diagram illustrating the configuration information of software stored in the configuration information DB 610.
As illustrated in FIG. 4A, the vulnerability information DB 600 includes a vulnerability ID that identifies the vulnerability, the target software that the vulnerability affects, and the degree of risk that quantifies the risk of the vulnerability. The patch name corresponding to the vulnerability is stored.
As illustrated in FIG. 4B, the configuration information DB 610 contains a terminal ID that identifies the user terminal 3, OS information of the user terminal 3, user identification information of the user terminal 3, and a patch application status. It is stored.
As illustrated in FIG. 4C, the configuration information DB 610 further stores the terminal ID that identifies the user terminal 3, the software of the user terminal 3, and the patch application status as software configuration information. To.
 図5は、脆弱性管理装置5による脆弱性可視化処理(S10)を説明するフローチャートである。
 図5に例示するように、ステップ100(S100)において、脆弱性情報収集部502は、脆弱性情報を公開している外部のWebサイトを常時監視する。
 ステップ105(S105)において、脆弱性情報収集部502は、外部のWebサイトに新たな脆弱性情報が掲載されたことを検知した場合に、S110へ移行し、新たな脆弱性情報を検知しない場合に、S100へ移行し、監視を続ける。
 ステップ110(S110)において、脆弱性情報収集部502は、新たに掲載された脆弱性情報を収集する。具体的には、脆弱性情報収集部502は、新たに掲載された脆弱性情報の対象ソフトウェア、危険度、及びパッチの有無を収集し、脆弱性情報DB600に格納する。さらに、脆弱性情報収集部502は、収集した脆弱性情報を検索部504に通知する。
 ステップ115(S115)において、構成情報取得部500は、ネットワーク9に接続するユーザ端末3の最新の構成情報を取得する。具体的には、構成情報取得部500は、ユーザ端末3のOS情報、ユーザ情報、インストールしているソフトウェア情報、及びパッチの適用状況を取得し、構成情報DB610に格納する。 FIG. 5 is a flowchart illustrating the vulnerability visualization process (S10) by the vulnerability management device 5.
As illustrated in FIG. 5, in step 100 (S100), the vulnerability information collecting unit 502 constantly monitors an external website that discloses the vulnerability information.
In step 105 (S105), when the vulnerability information collection unit 502 detects that new vulnerability information has been posted on an external website, it proceeds to S110 and does not detect new vulnerability information. Then, move to S100 and continue monitoring.
In step 110 (S110), the vulnerability information collecting unit 502 collects the newly posted vulnerability information. Specifically, the vulnerability information collection unit 502 collects the target software, the degree of risk, and the presence / absence of patches of the newly posted vulnerability information, and stores them in the vulnerability information DB 600. Further, the vulnerability information collecting unit 502 notifies the search unit 504 of the collected vulnerability information.
In step 115 (S115), the configuration information acquisition unit 500 acquires the latest configuration information of the user terminal 3 connected to the network 9. Specifically, the configuration information acquisition unit 500 acquires the OS information, user information, installed software information, and patch application status of the user terminal 3 and stores them in the configuration information DB 610.
 ステップ120(S120)において、検索部504は、脆弱性情報収集部502により通知された脆弱性情報に該当するユーザ端末3が存在するか否かを構成情報DB610に格納される構成情報から検索する。
 ステップ125(S125)において、検索部504による検索の結果、該当するユーザ端末3が存在する場合に、脆弱性可視化処理(S10)は、S130へ移行し、該当するユーザ端末3が存在しない場合に、S100へ移行する。
 ステップ130(S130)において、評価部506は、新たな脆弱性情報に該当するユーザ端末3のパッチの適用状況、及び、ユーザ端末3に残存する脆弱性に基づいて、評価値を算出する。
 ステップ135(S135)において、表示部508は、評価部506により算出された評価値を、脆弱性管理装置5に表示する。また、表示部508は、ユーザ端末3の評価値を、評価値に応じたシンボル(例えば、「丸」の大きさ)で、脆弱性管理装置5に表示する。 In step 120 (S120), the search unit 504 searches the configuration information stored in the configuration information DB 610 for whether or not the user terminal 3 corresponding to the vulnerability information notified by the vulnerability information collection unit 502 exists. ..
In step 125 (S125), when the corresponding user terminal 3 exists as a result of the search by the search unit 504, the vulnerability visualization process (S10) shifts to S130, and when the corresponding user terminal 3 does not exist. , S100.
In step 130 (S130), the evaluation unit 506 calculates an evaluation value based on the application status of the patch of the user terminal 3 corresponding to the new vulnerability information and the vulnerability remaining in the user terminal 3.
In step 135 (S135), the display unit 508 displays the evaluation value calculated by the evaluation unit 506 on the vulnerability management device 5. Further, the display unit 508 displays the evaluation value of the user terminal 3 on the vulnerability management device 5 with a symbol (for example, the size of a “circle”) corresponding to the evaluation value.
 図6は、評価値の表示方法を例示する図である。図6(a)は、脆弱性起点の評価値の表示方法を例示し、(b)は、端末起点の評価値の表示方法を例示し、(c)は、ユーザ起点の評価値の表示方法を例示する。
 表示部508は、評価値を、脆弱性起点、端末起点、及びユーザ起点で表示する。図6(a)に例示するように、脆弱性起点の表示方法では、ある脆弱性が影響する端末と評価値とを一覧表示する。また、脆弱性起点の表示方法では、脆弱性情報の対象ソフトウェアをキーに、脆弱性毎のユーザ端末3の評価値を一覧表示できる。
 図6(b)に例示するように、端末起点の表示方法では、構成情報の端末IDをキーに端末毎の評価値を一覧表示する。端末起点の表示方法では、パッチの未適用の危険性を示す危険度、ウイルスの危険性を示す危険度、及びこれらの合計である評価値を、数値とシンボルとにより表示する。
 また、端末起点では、ユーザ端末3の重要度を設定することにより、脆弱性未対応時のユーザへの通知方法を変更可能である。具体的には、重要度の高いユーザ端末3に対する脆弱性未対応の通知について、メーリングリストが設定できる。予め設定されたメーリングリストを使用した連絡をすることにより、組織的に、脆弱性に対処することができる。これにより、ユーザ端末3の停止時の業務影響が大きいファイルサーバ、またはコンパイラ等の脆弱性に、即時対応が可能である。 FIG. 6 is a diagram illustrating a method of displaying the evaluation value. FIG. 6A exemplifies a method of displaying an evaluation value of a vulnerability origin, FIG. 6B exemplifies a method of displaying an evaluation value of a terminal origin, and FIG. 6C exemplifies a method of displaying an evaluation value of a user origin. Is illustrated.
The display unit 508 displays the evaluation value from the vulnerability origin, the terminal origin, and the user origin. As illustrated in FIG. 6A, in the method of displaying the starting point of a vulnerability, a list of terminals affected by a certain vulnerability and an evaluation value is displayed. Further, in the method of displaying the starting point of the vulnerability, the evaluation value of the user terminal 3 for each vulnerability can be displayed in a list by using the target software of the vulnerability information as a key.
As illustrated in FIG. 6B, in the terminal starting point display method, the evaluation values for each terminal are displayed in a list using the terminal ID of the configuration information as a key. In the terminal-based display method, the risk indicating the risk of not applying the patch, the risk indicating the risk of the virus, and the evaluation value which is the total of these are displayed by numerical values and symbols.
Further, at the terminal starting point, by setting the importance of the user terminal 3, it is possible to change the notification method to the user when the vulnerability is not addressed. Specifically, a mailing list can be set for notifications that are not vulnerable to the user terminal 3, which has a high degree of importance. By contacting using a preset mailing list, the vulnerability can be dealt with systematically. As a result, it is possible to immediately respond to the vulnerabilities of the file server, compiler, etc., which have a large business impact when the user terminal 3 is stopped.
 図6(c)に例示するように、ユーザ起点の表示方法では、構成情報に基づいて、同一ユーザが操作する端末一覧を取得し、端末毎に評価値を算出することにより、ユーザの担当端末の評価値を一覧表示する。また、脆弱性管理装置5は、ユーザの対処が滞る場合に、事前に設定されたユーザの所属のメーリングリストへ通知する。これにより、ユーザだけでなく、組織として脆弱性に対する対処を行うことができ、組織全体のセキュリティ意識向上の啓蒙に繋げることができる。
 各起点の表示により、緊急対策を要する脆弱性発生した場合に、影響を受ける端末全てを特定し、対策が完了するまで監視することができる。また、ユーザ単位でユーザ端末3の評価値を表示することにより、脆弱性に対する意識の低いユーザを特定できる。さらに、ユーザの部署情報を定義しておくことにより、部署単位での分析も可能である。 As illustrated in FIG. 6C, in the user-origin display method, a user's responsible terminal is obtained by acquiring a list of terminals operated by the same user based on the configuration information and calculating an evaluation value for each terminal. List the evaluation values of. In addition, the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed. As a result, not only the user but also the organization can deal with the vulnerabilities, which can lead to enlightenment of raising the security awareness of the entire organization.
By displaying each starting point, when a vulnerability that requires urgent countermeasures occurs, all affected terminals can be identified and monitored until the countermeasures are completed. Further, by displaying the evaluation value of the user terminal 3 for each user, it is possible to identify a user who is less conscious of the vulnerability. Furthermore, by defining the user's department information, it is possible to analyze by department.
 図7(a)は、端末毎の評価値を合算して表示する合算モードを例示する評価値マップであり、(b)は、端末毎の脆弱性の数と評価値を「丸」の数と大きさで表示する詳細モードを例示する評価値マップである。
 表示部508は、全ユーザ端末3に対して評価値を算出し、ユーザ端末3の配置図と合わせることにより、評価値マップを生成する。図7(a)に例示するように、表示部508は、合算モードでは、ユーザ端末3毎の評価値を一つのシンボルである「丸」の大きさで表示する。図7(b)に例示するように、表示部508は、詳細モードでは、ユーザ端末3毎の脆弱性の数と評価値とを、「丸」の数と大きさとにより表示する。さらに、ユーザは、評価値マップ上のユーザ端末3を選択することにより、ユーザ端末起点の情報を表示、及び脆弱性起点の情報を表示可能である。
 評価値マップにより、脆弱性の評価値が高いユーザ端末3の物理的な位置が即座に特定できる。また、詳細モードから脆弱性起点の情報を参照することにより、脆弱性の内容が分かるため、必要な対処が特定できる。 FIG. 7A is an evaluation value map exemplifying a totaling mode in which evaluation values for each terminal are totaled and displayed, and FIG. 7B is a number of “circles” for the number of vulnerabilities and evaluation values for each terminal. It is an evaluation value map which exemplifies the detailed mode which displays by the size.
The display unit 508 calculates evaluation values for all user terminals 3 and generates an evaluation value map by combining the evaluation values with the layout of the user terminals 3. As illustrated in FIG. 7A, the display unit 508 displays the evaluation value for each user terminal 3 in the size of one symbol “circle” in the total mode. As illustrated in FIG. 7B, in the detailed mode, the display unit 508 displays the number of vulnerabilities and the evaluation value for each user terminal 3 by the number and size of “circles”. Further, the user can display the information of the user terminal origin and the information of the vulnerability origin by selecting the user terminal 3 on the evaluation value map.
The evaluation value map can immediately identify the physical position of the user terminal 3 having a high evaluation value of vulnerability. In addition, by referring to the information on the origin of the vulnerability from the detailed mode, the content of the vulnerability can be understood, and the necessary countermeasures can be specified.
 図8は、会社、フロア、及び部署間におけるユーザ端末3の評価値の可視化を例示する図である。
 図8に例示するように、表示部508は、ユーザ端末3間の通信量に基づいて、ネットワーク上の関連性を表す。図中の線の太さは通信量に比例する。セキュリティ管理者は、図8の「全社」の「4F」を選択することにより、「4F」の「フロア」における評価値マップを閲覧可能となり、さらに、「フロア」の「B」を選択することにより、「B」に相当する「部署」における評価値マップを閲覧可能となる。通信量と、脆弱性の評価値とを併せて表示することは、脆弱性により影響を受ける範囲を特定することを可能にする。また、集計単位を定義しておくことにより、フロア間、部署間等の脆弱性の影響を可視化することができる。さらに、表示部508は、クローズド環境を色分けして表示することにより、一般的にパッチの適用ができない、常に危険度の高い傾向のあるクローズド環境を見分けることを可能にする。 FIG. 8 is a diagram illustrating visualization of the evaluation value of the user terminal 3 between companies, floors, and departments.
As illustrated in FIG. 8, the display unit 508 represents the relevance on the network based on the amount of communication between the user terminals 3. The thickness of the line in the figure is proportional to the amount of communication. The security administrator can view the evaluation value map on the "floor" of the "4F" by selecting "4F" of "company-wide" in FIG. 8, and further select "B" of the "floor". This makes it possible to browse the evaluation value map in the "department" corresponding to "B". Displaying the traffic volume and the evaluation value of the vulnerability together makes it possible to identify the range affected by the vulnerability. In addition, by defining the aggregation unit, it is possible to visualize the impact of vulnerabilities between floors and departments. Further, the display unit 508 makes it possible to distinguish the closed environment, which is generally not patchable and always tends to have a high risk, by displaying the closed environment in different colors.
 以上説明したように、脆弱性管理装置5によれば、外部のWebサイトから収集した脆弱性情報とユーザ端末3の構成情報とに基づいて、評価値を算出し、算出した評価値をシンボルで表す。評価値をシンボルの大きさで表示することにより、セキュリティ管理者は、直感的に危険性を把握することができる。また、評価値の表示方法として、異なる起点に基づいた表示が可能であるため、多面的に危険性を捉えることが可能である。さらに、ユーザ端末間のネットワーク上の関連性に合わせて評価値のシンボルを表示することにより、脆弱性による影響範囲を視覚的に把握することができ、脆弱性の対応の優先順位を定めることが可能になる。 As described above, according to the vulnerability management device 5, the evaluation value is calculated based on the vulnerability information collected from the external website and the configuration information of the user terminal 3, and the calculated evaluation value is used as a symbol. Represent. By displaying the evaluation value in the size of the symbol, the security administrator can intuitively grasp the danger. In addition, as an evaluation value display method, it is possible to display based on different starting points, so that it is possible to grasp the danger from multiple aspects. Furthermore, by displaying the evaluation value symbol according to the relationship between the user terminals on the network, the range of impact of the vulnerability can be visually grasped, and the priority of response to the vulnerability can be set. It will be possible.
 1…脆弱性管理システム
 3…ユーザ端末
 5…脆弱性管理装置
 7…警告灯
 9…ネットワーク
 50…脆弱性管理プログラム
 500…構成情報取得部
 502…脆弱性情報収集部
 504…検索部
 506…評価部
 508…表示部
 510…検知部
 600…脆弱性情報データベース
 610…構成情報データベース 1 ... Vulnerability management system 3 ... User terminal 5 ... Vulnerability management device 7 ... Warning light 9 ... Network 50 ... Vulnerability management program 500 ... Configuration information acquisition unit 502 ... Vulnerability information collection unit 504 ... Search unit 506 ... Evaluation unit 508 ... Display unit 510 ... Detection unit 600 ... Vulnerability information database 610 ... Configuration information database

Claims (10)

  1.  所定のネットワークに接続している機器の構成情報を取得する構成情報取得部と、
     適用可能なセキュリティ対策を示す脆弱性情報を収集する情報収集部と、
     前記構成情報取得部により取得された構成情報と、前記情報収集部により収集された脆弱性情報とに基づいて、前記ネットワークに接続している機器それぞれの脆弱性を評価する評価部と
     を有する脆弱性管理装置。     A configuration information acquisition unit that acquires configuration information of devices connected to a predetermined network,
    An information gathering department that collects vulnerability information that indicates applicable security measures,
    Vulnerability with an evaluation unit that evaluates the vulnerabilities of each device connected to the network based on the configuration information acquired by the configuration information acquisition unit and the vulnerability information collected by the information collection unit. Sex management device.
  2.  前記評価部による評価結果に対応する大きさのシンボルで、機器それぞれの脆弱性を表示する表示部
     をさらに有する請求項1に記載の脆弱性管理装置。     The vulnerability management device according to claim 1, further comprising a display unit that displays the vulnerabilities of each device with a symbol having a size corresponding to the evaluation result by the evaluation unit.
  3.  前記情報収集部は、適用可能な修正プログラム又は更新プログラムに関する情報と、更新可能なウイルス定義ファイルに関する情報とを前記脆弱性情報として収集し、
     前記構成情報取得部は、それぞれの機器に適用されている修正プログラム又は更新プログラムを識別する識別情報と、それぞれの機器におけるウイルス定義ファイルの更新に関する情報とを前記構成情報として取得する
     請求項1に記載の脆弱性管理装置。     The information gathering unit collects information on applicable patches or updates and information on updatable virus definition files as the vulnerability information.
    According to claim 1, the configuration information acquisition unit acquires identification information for identifying a patch or update program applied to each device and information on updating a virus definition file in each device as the configuration information. Vulnerability management device described.
  4.  前記表示部は、既定のネットワークに接続している複数の機器について、前記評価部による評価結果を一覧表示する
     請求項3に記載の脆弱性管理装置。     The vulnerability management device according to claim 3, wherein the display unit displays a list of evaluation results by the evaluation unit for a plurality of devices connected to a default network.
  5.  前記評価部は、適用可能な修正プログラム又は更新プログラムが機器に適用されているか否かに基づいて算出される評価値と、更新可能なウイルス定義ファイルが機器で更新されているか否かに基づいて算出される評価値とを合算して、各機器の評価値を算出し、
     前記表示部は、それぞれの機器について、合算前後の評価値を切り替えて表示する
     請求項3に記載の脆弱性管理装置。     The evaluation unit is based on an evaluation value calculated based on whether or not an applicable patch or update program is applied to the device, and whether or not the updateable virus definition file is updated on the device. Calculate the evaluation value of each device by adding up the calculated evaluation value.
    The vulnerability management device according to claim 3, wherein the display unit switches and displays evaluation values before and after totaling for each device.
  6.  前記表示部は、それぞれの機器が配置されたフロア図、又は、それぞれの機器が接続されたネットワーク構成図に対して、各機器の評価結果に対応する大きさのシンボルを重ね合わせて表示する
     請求項3に記載の脆弱性管理装置。     The display unit displays a floor diagram in which each device is arranged or a network configuration diagram to which each device is connected by superimposing a symbol having a size corresponding to the evaluation result of each device. Vulnerability management device according to item 3.
  7.  前記表示部は、ネットワークに接続している機器の評価結果を、このネットワークがインターネットに接続しているか否かに応じて異なる表示態様で表示する
     請求項3に記載の脆弱性管理装置。     The vulnerability management device according to claim 3, wherein the display unit displays evaluation results of devices connected to the network in different display modes depending on whether or not the network is connected to the Internet.
  8.  機器の設置場所の周囲に配置された複数の警告灯と、
     いずれかの機器について前記評価部による評価結果が既定の条件に合致した場合に、この機器の周囲に設置された警告灯を点灯させる検知部と
     をさらに有する請求項1に記載の脆弱性管理装置。     Multiple warning lights placed around the equipment installation location,
    The vulnerability management device according to claim 1, further comprising a detection unit that lights a warning light installed around the device when the evaluation result by the evaluation unit matches a predetermined condition for any of the devices. ..
  9.  所定のネットワークに接続している機器の構成情報を取得する構成情報取得ステップと、
     適用可能なセキュリティ対策を示す脆弱性情報を収集する情報収集ステップと、
     前記構成情報取得ステップにより取得された構成情報と、前記情報収集ステップにより収集された脆弱性情報とに基づいて、前記ネットワークに接続している機器それぞれの脆弱性を評価する評価ステップと
     を有する脆弱性管理方法。     A configuration information acquisition step to acquire configuration information of devices connected to a predetermined network, and
    Information gathering steps to collect vulnerability information indicating applicable security measures,
    Vulnerability having an evaluation step for evaluating the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition step and the vulnerability information collected by the information collection step. Gender management method.
  10.  所定のネットワークに接続している機器の構成情報を取得する構成情報取得ステップと、
     適用可能なセキュリティ対策を示す脆弱性情報を収集する情報収集ステップと、
     前記構成情報取得ステップにより取得された構成情報と、前記情報収集ステップにより収集された脆弱性情報とに基づいて、前記ネットワークに接続している機器それぞれの脆弱性を評価する評価ステップと
     をコンピュータに実行させるプログラム。     A configuration information acquisition step to acquire configuration information of devices connected to a predetermined network, and
    Information gathering steps to collect vulnerability information indicating applicable security measures,
    Based on the configuration information acquired by the configuration information acquisition step and the vulnerability information collected by the information collection step, an evaluation step for evaluating the vulnerability of each device connected to the network is provided to the computer. The program to be executed.
PCT/JP2019/039457 2019-10-07 2019-10-07 Vulnerability management equipment, vulnerability management method, and program WO2021070216A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2019/039457 WO2021070216A1 (en) 2019-10-07 2019-10-07 Vulnerability management equipment, vulnerability management method, and program
JP2021550949A JP7198991B2 (en) 2019-10-07 2019-10-07 Vulnerability management device, vulnerability management method, and program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2019/039457 WO2021070216A1 (en) 2019-10-07 2019-10-07 Vulnerability management equipment, vulnerability management method, and program

Publications (1)

Publication Number Publication Date
WO2021070216A1 true WO2021070216A1 (en) 2021-04-15

Family

ID=75437057

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/039457 WO2021070216A1 (en) 2019-10-07 2019-10-07 Vulnerability management equipment, vulnerability management method, and program

Country Status (2)

Country Link
JP (1) JP7198991B2 (en)
WO (1) WO2021070216A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06282527A (en) * 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd Network control system
US20040006704A1 (en) * 2002-07-02 2004-01-08 Dahlstrom Dale A. System and method for determining security vulnerabilities
JP2004054706A (en) * 2002-07-22 2004-02-19 Sofutekku:Kk Security risk management system, program, and recording medium thereof
JP2006066982A (en) * 2004-08-24 2006-03-09 Hitachi Ltd Network connection control system
JP2015138509A (en) * 2014-01-24 2015-07-30 株式会社日立システムズ Vulnerability risk diagnostic system and vulnerability risk diagnostic method
US20180309782A1 (en) * 2017-03-15 2018-10-25 Trust Networks Inc. Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06282527A (en) * 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd Network control system
US20040006704A1 (en) * 2002-07-02 2004-01-08 Dahlstrom Dale A. System and method for determining security vulnerabilities
JP2004054706A (en) * 2002-07-22 2004-02-19 Sofutekku:Kk Security risk management system, program, and recording medium thereof
JP2006066982A (en) * 2004-08-24 2006-03-09 Hitachi Ltd Network connection control system
JP2015138509A (en) * 2014-01-24 2015-07-30 株式会社日立システムズ Vulnerability risk diagnostic system and vulnerability risk diagnostic method
US20180309782A1 (en) * 2017-03-15 2018-10-25 Trust Networks Inc. Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network

Also Published As

Publication number Publication date
JPWO2021070216A1 (en) 2021-04-15
JP7198991B2 (en) 2023-01-05

Similar Documents

Publication Publication Date Title
CN106576052B (en) Analyzing cyber-security risks in an industrial control environment
CN106716953B (en) Dynamic quantification of cyber-security risks in a control system
US20170041337A1 (en) Systems, Methods, Apparatuses, And Computer Program Products For Forensic Monitoring
US9372995B2 (en) Vulnerability countermeasure device and vulnerability countermeasure method
JP2020052686A (en) Vulnerability evaluating device, vulnerability evaluating system, and method thereof
US20120096065A1 (en) System and method for monitoring system performance changes based on configuration modification
US10853487B2 (en) Path-based program lineage inference analysis
US9692779B2 (en) Device for quantifying vulnerability of system and method therefor
US20220207153A1 (en) System and method for multi-source vulnerability management
CN112055957B (en) Computer Network Security Assessment Engine
US11025660B2 (en) Impact-detection of vulnerabilities
US20130254524A1 (en) Automated configuration change authorization
WO2012132124A1 (en) Security-level visualization device
CN113411302B (en) Network security early warning method and device for local area network equipment
JP2007164465A (en) Client security management system
CN115733646A (en) Network security threat assessment method, device, equipment and readable storage medium
KR101847277B1 (en) Automatic generation method of Indicators of Compromise and its application for digital forensic investigation of cyber attack and System thereof
CN112650180B (en) Safety warning method, device, terminal equipment and storage medium
JP7396371B2 (en) Analytical equipment, analytical methods and analytical programs
JP7198991B2 (en) Vulnerability management device, vulnerability management method, and program
JP6780326B2 (en) Information processing equipment and programs
KR20190070728A (en) Method and Apparatus for Checking of Error of Time Series Data
WO2021070217A1 (en) Security measure management equipment, security measure management method, and program
JP5731586B2 (en) Double anti-phishing method and anti-phishing server via toolbar
US10250644B2 (en) Detection and removal of unwanted applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19948328

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021550949

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19948328

Country of ref document: EP

Kind code of ref document: A1