A kind of Vulnerability Management system and method
Technical field
The present invention relates to information security of computer network field, more particularly to a kind of Vulnerability Management system and method.
Background technology
Present communications produce loophole discovery and the way to manage of net system equipment, mainly use vulnerability scanners scanning system
System equipment simultaneously exports vulnerability scanning report, and safety manager's manual analysis is reported and generates loophole tracking report.Existing loophole
Management mode is also in manual analysis, and in the stage of labor management, the efficiency of management and management effect are poor, unsuitable information system
The trend and needs of system scale, networking.The traffic issues that Vulnerability Management pattern faces at this stage mainly have following several sides
Face:
1, network size increasingly increases, and device type and quantity are on the increase, and leads to that loophole type is various, enormous amount,
Vulnerability scanning report needs a large amount of manpowers to carry out analysis and arrangement, and statistical management is extremely difficult, and analysis efficiency is low.
2, lack loophole track record effective in detail, efficiency is reinforced in loophole rectification and working result is difficult to control, it is difficult to
The whole loophole present situation for understanding system.There is no a vulnerability information library, loophole repeats but handle reinforcing experience to be difficult to share.
3, loophole is large number of, but is a lack of loophole equipment association analysis tool and crucial loophole alarm, leads to high-risk leakage
Hole is difficult to find at the first time.Loophole positioning simultaneously and acquisition of information still take manual type, working efficiency low.
4, current labor management pattern lacks the intuitive display of loophole distribution, and office side is difficult to the entirety in control range of management
Safe condition.And tripartite's information of loophole related work is transmitted and uses file transfer mode, loophole tracks list and needs in safety
It is transmitted between operation maintenance personnel, third party manufacturer and client, easy tos produce information transmission delay and loss, client is difficult to learn in time
System integrally rectifies and improves situation.
Such as mobile communications operator, the operation system that intranet pipe network involves is numerous, equipment is complicated, daily industry
It is engaged in various, so must divide moon or carry out in season the vulnerability scanning and repairing treatment of each operation system of whole network, current
In big multisystem, after vulnerability scanning equipment generates vulnerability scanning report, just by a large amount of security service personnel, report is carried out
Analysis, then drafts the mending option of loophole, worksheet processing processing is then carried out, however, due to the huge and complicated spy of operation system
Point, administrative staff are difficult to follow up, the disposition of loophole, and are difficult to accurately assess the health degree and safety of entire webmaster net
Situations such as threat.
Invention content
The shortcomings that it is an object of the invention to overcome the prior art and deficiency, provide a kind of Vulnerability Management that work efficiency is high
System, the system can record all relevant informations of loophole in detail, be conducive to the peace of tracking and traceability system equipment
Full blast danger, and the safe condition of whole network system can be effectively assessed, identify the weak link in network, Jin Erwei
The security hardening work of network points the direction.
Another object of the present invention is to provide a kind of management methods realized based on above-mentioned Vulnerability Management system.
The first object of the present invention is achieved through the following technical solutions:A kind of Vulnerability Management system, which is characterized in that including
Vulnerability scanning module for being scanned to the loophole in system, and generates vulnerability scanning report;
Vulnerability Management module carries out loophole pipe for importing vulnerability scanning report by the parsing reported vulnerability scanning
Reason, provide loophole processing state automatically update, information displaying and leak repairing reference scheme, the leak repairing reference scheme
It is selected from leak repairing scheme base;
Loophole tracks processing module, the leak repairing reference scheme for providing Vulnerability Management module and technical essential hair
Give loophole treatment people;For to the displaying of vulnerability scanning progress, loophole distribution, worksheet processing process limited of loophole, loophole place
Reason progress is given more sustained attention and is tracked into line trace, and to crucial loophole;
Statistical analysis module, it is right for after present lot loophole is disposed, subregion statistics to be carried out to loophole quantity
The truth of front and back multiple batches of loophole before and after the processing compares and analyzes, to the reinforcing rate of loophole and some business system
The trend that loophole generates in system is counted, and scoring is calculated to loophole index of correlation, for assessing and judging this operation system
Health;
And asset equipment management module, for the analysis to loophole and its being associated property of underlying assets equipment, for
The loophole that each asset equipment history generates is understood, and is analyzed by the Vulnerability Management performance to assets, is realized to whole
The information security of asset equipment is assessed in a operation system.
Preferably, further include
Loophole alarm module becomes for the prompt alarm to important loophole, the time-out alarm of loophole processing, loophole quantity
Gesture alerts and the processing alarm of difficult loophole, is alerted to the loophole that do not repaired timely in loophole processing procedure.
Preferably, the loophole tracking processing module includes work order worksheet processing module, for provide Vulnerability Management module
Leak repairing reference scheme and technical essential are distributed to loophole treatment people in the form of work order, and loophole treatment people is repaiied from loophole
It mends reference scheme and selects the leak repairing scheme under the work order, to handle loophole.
The second object of the present invention is achieved through the following technical solutions:A kind of leakage realized based on above-mentioned Vulnerability Management system
Hole management method, steps are as follows:
S1, vulnerability scanning module are scanned the loophole in system, and generate vulnerability scanning report, then by loophole
Scan report is imported into Vulnerability Management module;
S2, Vulnerability Management module carry out Vulnerability Management by the parsing reported vulnerability scanning, provide loophole processing state
It automatically updates, information is shown and leak repairing reference scheme;
S3, loophole tracking processing module issue the leak repairing reference scheme and technical essential that Vulnerability Management module provides
Loophole treatment people, loophole treatment people selects the leak repairing scheme under work order from leak repairing reference scheme, with to loophole
It is handled;When loophole tracking processing module handles the displaying of vulnerability scanning progress, loophole distribution, the worksheet processing of loophole simultaneously
Limit, the processing progress of loophole carry out crucial loophole to execute concern and tracking into line trace;Feedback loophole processing in real time
Situation and progress.
S4, after present lot loophole is disposed, statistical analysis module to loophole quantity carry out subregion statistics, to preceding
The truth of multiple batches of loophole before and after the processing compares and analyzes afterwards, to the reinforcing rate of loophole and some operation system
The trend that middle loophole generates is counted, and scoring is calculated to loophole index of correlation, for assessing and judging this operation system
Health;
The analysis of S5, asset equipment management module to loophole and its being associated property of underlying assets equipment, for each money
The loophole that production device history generates is understood, and is analyzed by the Vulnerability Management performance to assets, is realized to entire business
The information security of asset equipment is assessed in system.
Preferably, further comprising the steps of:S6, loophole alarm module handle the prompt alarm of important loophole, loophole
Time-out alarm, the trend alarm of loophole quantity and the processing of difficult loophole alarm, in loophole processing procedure not by timely
The loophole of repairing is alerted.
Further, loophole alarm module carries out loophole number when the generation trend of loophole quantity is more than certain threshold value
The trend of amount alerts.
Preferably, in the step S3, the work order worksheet processing module in loophole tracking processing module puies forward Vulnerability Management module
The leak repairing reference scheme and technical essential of confession are distributed to loophole treatment people in the form of work order, and loophole treatment people is from leakage
Hole repairing reference scheme selects the leak repairing scheme under the work order, to handle loophole.
Preferably, the step S3 loopholes tracking processing module is in loophole tracks processing procedure, leak repairing processing side
Method and the difficult point encountered, counter-measure, technology point will be stored in leak repairing scheme base after being all associated with loophole itself, work as business
It, can also be from leak repairing scheme base other than its vulnerability information and state are presented at the first time when system generates a loophole
In, selection most the leak repairing processing method of reference value, difficult point, counter-measure and technology point.
The present invention has the following advantages and effects with respect to the prior art:
(1) present invention passes through vulnerability scanning, Vulnerability Management, loophole tracking processing, statistical analysis and asset equipment management
Control is managed to loophole, and leak repairing reference scheme is provided, arranges to implement leak repairing processing for administrative staff.This
Invention system can record all relevant informations of loophole in detail, be conducive to the safety wind of tracking and traceability system equipment
Danger, and the safe condition of whole network system can be effectively assessed, identify the weak link in network, and then be network
Security hardening work point the direction.
(2) present system makes personal work platform, the related personnel such as safe operation maintenance personnel, third party manufacturer and client
The data informations such as vulnerability information, loophole processing tracking, loophole alarm can be obtained in real time, while by the method for the invention by loophole
Management process flow is standardized, and realizes the standardization work(such as loophole standard is handled, information timely feedbacks, job schedule tracks
It can, hence it is evident that improve the quality and efficiency of loophole processing work.
(3) present invention is by by the analysis of loophole and its being associated property of underlying assets equipment, for each asset history
The loophole of generation is understood, and the management of management, professional system to system assets equipment, the pipe of assets and vulnerability information are passed through
The Vulnerability Management performance of reason, asset threats management and assets is analyzed, to realize the information to assets in entire operation system
Safety is fully assessed, to realize the assessment and management that are cooperateed with to the security threat that assets in system can be subject to, shape
At system vulnerability risk evaluation system.
Description of the drawings
Fig. 1 is present system composition frame chart.
Specific implementation mode
Present invention will now be described in further detail with reference to the embodiments and the accompanying drawings, but embodiments of the present invention are unlimited
In this.
Embodiment
As shown in Figure 1, present embodiment discloses a kind of Vulnerability Management systems, including
Vulnerability scanning module for being scanned to the loophole in system, and generates vulnerability scanning report;
Vulnerability Management module carries out loophole pipe for importing vulnerability scanning report by the parsing reported vulnerability scanning
Reason, formatting show the relevant information of leakage, and record the affiliated operation system and scanning batch of vulnerability information, use
In subsequent comparative analysis;For provide loophole processing state automatically update, information displaying and leak repairing reference scheme, wherein
Leak repairing reference scheme is selected from leak repairing scheme base, at the correlation that available reference is extracted in leak repairing scheme base
Reason scheme and technical essential arrange to implement leak repairing processing for administrative staff.
Loophole alarm module becomes for the prompt alarm to important loophole, the time-out alarm of loophole processing, loophole quantity
Gesture alerts and the processing alarm of difficult loophole, is alerted to the loophole that do not repaired timely in loophole processing procedure.Its
In loophole quantity generation trend be more than certain threshold value when, carry out loophole quantity trend alarm.
Loophole tracks processing module, the leak repairing reference scheme for providing Vulnerability Management module and technical essential hair
Give loophole treatment people;For to the displaying of vulnerability scanning progress, loophole distribution, worksheet processing process limited of loophole, loophole place
Reason progress carries out crucial loophole to execute concern and tracking into line trace.Loophole tracks processing module packet in the present embodiment
Work order worksheet processing module is included, the leak repairing reference scheme and technical essential for providing Vulnerability Management module are in the form of work order
It is distributed to loophole treatment people, loophole treatment people selects the leak repairing scheme under the work order from leak repairing reference scheme,
To handle loophole.
Processing module is tracked by loophole, Vulnerability Management personnel can be at any time by system queries, and follow up any one industry
The loophole disposition and difficulty in treatment of business system specify corresponding treatment Countermeasures in time.
Statistical analysis module, it is right for after present lot loophole is disposed, subregion statistics to be carried out to loophole quantity
The truth of front and back multiple batches of loophole before and after the processing compares and analyzes, to the reinforcing rate of loophole and some business system
The trend that loophole generates in system is counted, and scoring is calculated to loophole index of correlation, for assessing and judging this operation system
Health.
And asset equipment management module, for the analysis to loophole and its being associated property of underlying assets equipment, for
The loophole that each asset equipment history generates is understood, and the management of management, professional system to system assets equipment, money are passed through
The production equipment and management of vulnerability information, asset equipment Threat Management and assets Vulnerability Management performance analyzed, to realize pair
The information security of asset equipment is fully assessed in entire operation system.The safe prestige that asset equipment in system can be subject to
Coerce the assessment and management cooperateed with.
The present embodiment system be divided into vulnerability scanning, Vulnerability Management, loophole alarm, loophole tracking processing, statistical analysis and
Asset equipment manages six big modules, passes through the association point of the much informations such as vulnerability scanning information, processing tracking information, asset of equipments
System-wide comprehensive Vulnerability Management control is realized in analysis.
The present embodiment also discloses a kind of Vulnerability Management method realized based on above-mentioned Vulnerability Management system, and steps are as follows:
S1, vulnerability scanning module are scanned the loophole in system, and generate vulnerability scanning report, then by loophole
Scan report is imported into Vulnerability Management module;
S2, Vulnerability Management module carry out Vulnerability Management by the parsing reported vulnerability scanning, provide loophole processing state
It automatically updates, information is shown and leak repairing reference scheme;
S3, loophole tracking processing module issue the leak repairing reference scheme and technical essential that Vulnerability Management module provides
Loophole treatment people, loophole treatment people selects the leak repairing scheme under work order from leak repairing reference scheme, with to loophole
It is handled;When loophole tracking processing module handles the displaying of vulnerability scanning progress, loophole distribution, the worksheet processing of loophole simultaneously
Limit, the processing progress of loophole carry out crucial loophole to execute concern and tracking into line trace;Wherein in this step loophole with
The leak repairing reference scheme and technical essential that work order worksheet processing module in track processing module provides Vulnerability Management module are with work
Single form is distributed to loophole treatment people, and loophole treatment people selects the loophole under the work order to repair from leak repairing reference scheme
Benefit scheme, to handle loophole.
The present embodiment realizes complete period life management in loophole tracks processing procedure, is generated from loophole, arrives loophole
It is disposed, each details of entire processing procedure can be follow-up to by Vulnerability Management system.
S4, after present lot loophole is disposed, statistical analysis module to loophole quantity carry out subregion statistics, to preceding
The truth of multiple batches of loophole before and after the processing compares and analyzes afterwards, to the reinforcing rate of loophole and some operation system
The trend that middle loophole generates is counted, and scoring is calculated to loophole index of correlation, for assessing and judging this operation system
Health;
The analysis of S5, asset equipment management module to loophole and its being associated property of underlying assets equipment, for each money
The loophole that production device history generates is understood, and is analyzed by the Vulnerability Management performance to assets, is realized to entire business
The information security of asset equipment is assessed in system.
S6, loophole alarm module are to the time-out alarm of prompt alarm, the loophole processing of important loophole, the trend of loophole quantity
Alarm and the processing alarm of difficult loophole, alert the loophole that do not repaired timely in loophole processing procedure.Wherein
Loophole alarm module carries out the trend alarm of loophole quantity when the generation trend of loophole quantity is more than certain threshold value.
Loophole tracking processing module is in loophole tracks processing procedure in the present embodiment above-mentioned steps S3, the mend of loophole
Reason method and the key difficulties encountered, counter-measure, key technology point are stored in leak repairing after being all associated with loophole itself
Scheme base, can also be from leakage other than its vulnerability information and state are presented at the first time when operation system generates a loophole
In the mending option library of hole, loophole processing method, key difficulties, the counter-measure of selection most reference value, and crucial skill
Art point.
The above embodiment is a preferred embodiment of the present invention, but embodiments of the present invention are not by above-described embodiment
Limitation, it is other it is any without departing from the spirit and principles of the present invention made by changes, modifications, substitutions, combinations, simplifications,
Equivalent substitute mode is should be, is included within the scope of the present invention.