CN110708315A - Asset vulnerability identification method, device and system - Google Patents
Asset vulnerability identification method, device and system Download PDFInfo
- Publication number
- CN110708315A CN110708315A CN201910956125.4A CN201910956125A CN110708315A CN 110708315 A CN110708315 A CN 110708315A CN 201910956125 A CN201910956125 A CN 201910956125A CN 110708315 A CN110708315 A CN 110708315A
- Authority
- CN
- China
- Prior art keywords
- information
- asset
- detected
- vulnerability
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention provides an asset vulnerability identification method, device and system, relating to the technical field of network security and comprising the following steps: acquiring asset information of assets to be detected; sending the asset information to a cloud data center so that the cloud data center performs vulnerability identification detection on assets to be detected based on the asset information and generates a vulnerability identification result, wherein target threat intelligence data are stored in the cloud data center and comprise at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs; the vulnerability identification result is obtained, and early warning information is generated based on the vulnerability identification result, so that the technical problem that the existing asset vulnerability identification method is single in detection of asset vulnerabilities is solved.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an asset vulnerability identification method, device and system.
Background
Under the current network security technology, the network attack basically occurs as a malicious behavior implemented by the network threat with the vulnerabilities to which the information assets are exposed. In a network space, the network threat exists objectively, and vulnerability reinforcement on information assets is a very effective safety technical measure for reducing the risk of network attack. However, before asset vulnerability reinforcement is performed, it is necessary to know what vulnerabilities an information asset faces, and therefore, information asset vulnerability detection is extremely important for network security protection.
However, the existing vulnerability detection method has the technical problem of single asset vulnerability detection.
No effective solution has been proposed to the above problems.
Disclosure of Invention
In view of this, the present invention provides an asset vulnerability identification method, apparatus and system, so as to solve the technical problem that the existing asset vulnerability identification method has a single detection for asset vulnerabilities.
In a first aspect, an embodiment of the present invention provides an asset vulnerability identification method, including: acquiring asset information of assets to be detected; sending the asset information to a cloud data center so that the cloud data center performs vulnerability identification detection on the assets to be detected based on the asset information and generates vulnerability identification results, wherein target threat intelligence data are stored in the cloud data center and comprise at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs; and acquiring the vulnerability identification result, and generating early warning information based on the vulnerability identification result.
Further, acquiring asset information of the asset to be detected includes: sending an acquisition instruction to a local asset information base so that the local asset information base acquires attribute information and fingerprint information of the asset to be detected based on the acquisition instruction, wherein the name of a person responsible for the asset to be detected belongs to the attribute information and the fingerprint information include, but are not limited to, the following information: the name of a factory manufacturer of the asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected; acquiring the attribute information and the fingerprint information, and determining the attribute information and the fingerprint information as the asset information; wherein the classification information includes: first-order classification information and second-order classification information, the first-order classification includes the following categories: the server, the network equipment, the security equipment, the secondary classification includes the following categories: firewall, switch, router, database.
Further, if the secondary classification of the asset to be detected is a database, the fingerprint information further includes the type and version of the asset to be detected.
Further, the asset information is sent to a cloud data center, so that the cloud data center performs vulnerability identification detection on the assets to be detected based on the asset information, and the method comprises the following steps: and sending the asset information to the cloud data center through a cloud service port provided by the cloud data center, so that the cloud data center performs vulnerability identification detection on the assets to be detected based on a preset vulnerability detection program and the asset information.
Further, the cloud data center is used for providing infrastructure as a service and platform as a service; and the cloud data center stores the target threat intelligence data based on a Hadoop frame.
In a second aspect, an embodiment of the present invention provides an apparatus for identifying an asset vulnerability, including: the system comprises an acquisition unit, a sending unit and an early warning unit, wherein the acquisition unit is used for acquiring asset information of assets to be detected; the sending unit is used for sending the asset information to a cloud data center so that the cloud data center can perform vulnerability identification detection on the assets to be detected based on the asset information and generate vulnerability identification results, wherein target threat intelligence data are stored in the cloud data center and include at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs; the early warning unit is used for obtaining the vulnerability identification result and generating early warning information based on the vulnerability identification result.
Further, the obtaining unit is further configured to: sending an acquisition instruction to a local asset information base so that the local asset information base acquires attribute information and fingerprint information of the asset to be detected based on the acquisition instruction, wherein the name of a person responsible for the asset to be detected belongs to the attribute information and the fingerprint information include, but are not limited to, the following information: the name of a factory manufacturer of the asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected; acquiring the attribute information and the fingerprint information, and determining the attribute information and the fingerprint information as the asset information; wherein the classification information includes: first-order classification information and second-order classification information, the first-order classification includes the following categories: the server, the network equipment, the security equipment, the secondary classification includes the following categories: firewall, switch, router, database.
Further, if the secondary classification of the asset to be detected is a database, the fingerprint information further includes the type and version of the asset to be detected.
Further, the sending unit is further configured to: and sending the asset information to the cloud data center through a cloud service port provided by the cloud data center, so that the cloud data center performs vulnerability identification detection on the assets to be detected based on a preset vulnerability detection program and the asset information.
In a third aspect, an embodiment of the present invention provides an asset vulnerability identification system, including: the system comprises production information acquisition equipment, a cloud data center and a vulnerability early warning platform, wherein the local asset information base is used for acquiring asset information of assets to be detected; the cloud data center is used for carrying out vulnerability identification detection on the assets to be detected based on the asset information and generating vulnerability identification results; and the vulnerability early warning platform is used for generating early warning information based on the vulnerability identification result.
In the embodiment of the invention, firstly, asset information of assets to be detected is obtained; sending the asset information to a cloud data center so that the cloud data center performs vulnerability identification detection on assets to be detected based on the asset information and generates a vulnerability identification result, wherein target threat intelligence data are stored in the cloud data center and comprise at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs, wherein a vulnerability identification result is used for representing whether the asset to be detected has a vulnerability or not; and acquiring a vulnerability identification result, and generating early warning information based on the vulnerability identification result.
In the application, the acquired asset information of the assets to be detected is sent to the cloud data center, so that the cloud data center can perform comprehensive leak detection on the assets to be detected according to the stored target threat information data, and the cloud data center can perform leak detection on the assets to be detected according to the gathered leak threat information data provided by multiple parties, so that the purpose of performing comprehensive leak detection on the assets to be detected is achieved, the technical problem that in the prior art, the asset leak detection is single is solved, and the technical effect of performing comprehensive leak detection on the assets to be detected is achieved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of an asset vulnerability identification method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an asset vulnerability identification apparatus according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an asset vulnerability identification system according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a server according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Regarding vulnerability detection techniques. In the method, the vulnerability scanning equipment actively scans various information assets by using a vulnerability rule base carried by the vulnerability scanning equipment, and if a scanning result of a certain asset is scanned and hits a rule R in the vulnerability rule base, the asset is judged to have a vulnerability corresponding to the R vulnerability rule. In this case, the results of vulnerability scanning depend on the quantity and quality of the "vulnerability rule base" carried by the vulnerability scanning device. If a certain vulnerability exposed by a certain information asset is in the vulnerability rule base, the vulnerability can be detected by the vulnerability scanning equipment. If a certain vulnerability is not in the vulnerability rule base, the vulnerability scanning equipment cannot detect the vulnerability even if the vulnerability really exists.
Regarding the updating of the vulnerability rule base. For newly discovered vulnerabilities, vulnerability scanning equipment providers generally pack the vulnerabilities into software upgrading packages regularly or irregularly, vulnerability scanning equipment completes upgrading of a vulnerability rule base through online or offline upgrading, and vulnerability scanning equipment after upgrading can have the capability of detecting the newly discovered vulnerabilities.
The existing asset vulnerability identification method has the following defects:
1. vulnerability scanning technology based on active scanning needs to send data packets to a scanned target through a network, and due to the complexity of the real environment, the operation of a target host computer is possibly unstable, and information assets are shut down, service is stopped, data are lost and the like.
2. Hysteresis in vulnerability detection. For an Oday vulnerability and undisclosed vulnerabilities, vulnerability scanning equipment may cause some vulnerabilities to be unable to be detected in time due to the hysteresis of 'vulnerability rule base' upgrading, and then the vulnerability is threatened maliciously to be attacked by the vulnerability.
3. The detection capability is single. Generally, vulnerability detection equipment of a certain manufacturer has the inherent technical and vulnerability rule base limitations, and cannot exert the vulnerability detection capabilities of a plurality of security manufacturers and various security organizations, and cannot realize the aggregation of the vulnerability detection capabilities.
4. Vulnerability detection is inefficient. Due to the implementation mode of the traditional vulnerability scanning equipment technology, when vulnerability detection is carried out on multiple assets, the efficiency is low, and usually, the vulnerability detection of one asset needs several minutes.
In view of the above disadvantages, the present application adopts the following method to overcome the above disadvantages:
the first embodiment is as follows:
in accordance with an embodiment of the present invention, there is provided an embodiment of a method for identifying asset vulnerabilities, it is noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
Fig. 1 is a method for identifying an asset vulnerability according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, acquiring asset information of assets to be detected;
step S104, sending the asset information to a cloud data center so that the cloud data center performs vulnerability identification detection on the assets to be detected based on the asset information and generates vulnerability identification results, wherein target threat intelligence data are stored in the cloud data center and include at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs;
and step S106, acquiring the vulnerability identification result, and generating early warning information based on the vulnerability identification result.
In the application, the acquired asset information of the assets to be detected is sent to the cloud data center, so that the cloud data center can perform comprehensive leak detection on the assets to be detected according to the stored target threat information data, and the cloud data center can perform leak detection on the assets to be detected according to the gathered leak threat information data provided by multiple parties, so that the purpose of performing comprehensive leak detection on the assets to be detected is achieved, the technical problem that in the prior art, the asset leak detection is single is solved, and the technical effect of performing comprehensive leak detection on the assets to be detected is achieved.
It should be noted that by establishing a cloud data center consisting of threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs, security threat information data of all parties can be integrated and connected, so that data cooperation of threat information and capability cooperation of multi-party security information are formed, and the construction of a sharing mechanism of security threat information is facilitated.
In addition, it should be noted that the vulnerability early warning information can be sent to the staff through short messages, mails and the like, so that the staff can process the vulnerability of the assets to be detected in time, and the risk of the assets to be detected is reduced.
In this embodiment of the present invention, step S102 further includes the following steps:
step S11, sending an acquisition instruction to a local asset information base, so that the local asset information base acquires attribute information and fingerprint information of the asset to be detected based on the acquisition instruction, where the name of the responsible person of the asset to be detected includes, but is not limited to, the following information: the name of a factory manufacturer of the asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected;
step S11, acquiring the attribute information and the fingerprint information, and determining the attribute information and the fingerprint information as the asset information.
In the embodiment of the invention, after the acquisition instruction is sent to the local asset information base, the local asset information base can acquire the attribute information and the fingerprint information of the asset to be detected according to the acquisition instruction.
And then, taking the attribute information and the fingerprint information of the assets to be detected, which are acquired from the acquired local asset information base, as the asset information of the assets to be detected.
It should be noted that the attribute information includes, but is not limited to, the following information: the name of the asset to be detected, the name of the person responsible for the asset to be detected and the like.
The fingerprint information includes, but is not limited to, the following information: the method comprises the following steps of detecting the name of a factory manufacturer of an asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected, wherein the classification information comprises: first-order classification information and second-order classification information, the first-order classification includes the following categories: the server, the network equipment, the security equipment, the secondary classification includes the following categories: firewall, switch, router, database.
In addition, it should be further noted that the operating system information given to the assets to be detected includes: type of operating system, version of operating system, etc.
If the assets to be detected are databases, the fingerprint information of the assets to be detected also comprises the version and the type of the assets on the fund side.
Because the asset information of the assets to be detected comprises the fingerprint information, each fingerprint information can determine one asset to be detected, accurate passive vulnerability detection can be carried out on the assets to be detected through the asset fingerprint matching technology, and the operation influence on the assets to be detected during vulnerability detection is reduced.
In addition, the local asset information base can collect the asset information of the assets to be detected in an automatic mode or manual input mode, the automatic collection of the asset information is mainly completed by virtue of asset detection equipment, and when the asset information is manually input, the local asset information base can provide a visual input interface so that workers can manually input the asset information into the local asset information base.
In this embodiment of the present invention, step S104 further includes the following steps:
step S21, the asset information is sent to the cloud data center through a cloud service port provided by the cloud data center, so that the cloud data center can identify and detect the vulnerability of the assets to be detected based on a preset vulnerability detection program and the asset information.
In the embodiment of the invention, IaaS (infrastructure as a service) and PaaS (platform as a service) provided by the cloud data center are used as a basic layer, and the Hadoop architecture with an open source is utilized to build the threat information database based on the big data processing architecture, wherein the data source in the threat information database can be from each security service provider, security information organization and enterprise. A vulnerability detection cloud application program (namely, a preset vulnerability detection program) is constructed on a platform as a service (PaaS), and the program can call data in a threat intelligence database so as to perform vulnerability identification detection on assets to be detected. Meanwhile, the cloud application provides a cloud service interface through the Internet, and the vulnerability detection interface is served.
The cloud data center can provide vulnerability detection service in a cloud interface mode by taking threat information cloud data updated in real time as basic data, can provide quick and timely detection results for 0day vulnerability detection and position vulnerability detection of assets in real time, solves risks caused by hysteresis of a vulnerability rule base, and can perform vulnerability detection on the assets in batches by the vulnerability detection service provided by the cloud data center in the cloud interface mode, so that the detection efficiency of asset vulnerabilities is improved.
Example two:
the invention further provides an asset vulnerability identification device, which is used for executing the asset vulnerability identification method provided by the embodiment of the invention, and the following is a specific introduction of the asset vulnerability identification device provided by the embodiment of the invention.
As shown in fig. 2, the asset identification device includes: the system comprises an acquisition unit 10, a sending unit 20 and an early warning unit 30.
The acquiring unit 10 is configured to acquire asset information of an asset to be detected;
the sending unit 20 is configured to send the asset information to a cloud data center, so that the cloud data center performs vulnerability identification detection on the asset to be detected based on the asset information, and generates a vulnerability identification result, where target threat intelligence data is stored in the cloud data center, and the target threat intelligence data includes at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs;
the early warning unit 30 is configured to obtain the vulnerability identification result, and generate early warning information based on the vulnerability identification result.
In the application, the acquired asset information of the assets to be detected is sent to the cloud data center, so that the cloud data center can perform comprehensive leak detection on the assets to be detected according to the stored target threat information data, and the cloud data center can perform leak detection on the assets to be detected according to the gathered leak threat information data provided by multiple parties, so that the purpose of performing comprehensive leak detection on the assets to be detected is achieved, the technical problem that in the prior art, the asset leak detection is single is solved, and the technical effect of performing comprehensive leak detection on the assets to be detected is achieved.
Preferably, the obtaining unit is further configured to: sending an acquisition instruction to a local asset information base so that the local asset information base acquires attribute information and fingerprint information of the asset to be detected based on the acquisition instruction, wherein the name of a person responsible for the asset to be detected belongs to the attribute information and the fingerprint information include, but are not limited to, the following information: the name of a factory manufacturer of the asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected; acquiring the attribute information and the fingerprint information, and determining the attribute information and the fingerprint information as the asset information; wherein the classification information includes: first-order classification information and second-order classification information, the first-order classification includes the following categories: the server, the network equipment, the security equipment, the secondary classification includes the following categories: firewall, switch, router, database.
Preferably, if the secondary classification of the asset to be detected is a database, the fingerprint information further includes the type and version of the asset to be detected.
Preferably, the sending unit is further configured to: and sending the asset information to the cloud data center through a cloud service port provided by the cloud data center, so that the cloud data center performs vulnerability identification detection on the assets to be detected based on a preset vulnerability detection program and the asset information.
Example three:
the invention further provides an asset vulnerability identification system, and the device is used for executing the asset vulnerability identification system provided by the embodiment of the invention, and the following is a specific introduction of the asset vulnerability identification system provided by the embodiment of the invention.
As shown in fig. 3, the above-described asset identification system includes: the system comprises a local asset information base 100, a cloud data center 200 and a vulnerability early warning platform 300.
The local asset information base 100 is used for collecting and storing asset information of assets to be detected;
the cloud data center 200 is used for performing vulnerability identification detection on the assets to be detected based on the asset information and generating vulnerability identification results;
the vulnerability early warning platform 300 is used for acquiring asset information of assets to be detected stored in the local asset information base, sending the asset information to the cloud data center, and generating early warning information based on the vulnerability identification result.
In the application, the acquired asset information of the assets to be detected is sent to the cloud data center, so that the cloud data center can perform comprehensive leak detection on the assets to be detected according to the stored target threat information data, and the cloud data center can perform leak detection on the assets to be detected according to the gathered leak threat information data provided by multiple parties, so that the purpose of performing comprehensive leak detection on the assets to be detected is achieved, the technical problem that in the prior art, the asset leak detection is single is solved, and the technical effect of performing comprehensive leak detection on the assets to be detected is achieved.
Referring to fig. 4, an embodiment of the present invention further provides a server 400, including: the device comprises a processor 50, a memory 51, a bus 52 and a communication interface 53, wherein the processor 50, the communication interface 53 and the memory 51 are connected through the bus 52; the processor 50 is arranged to execute executable modules, such as computer programs, stored in the memory 51.
The Memory 51 may include a high-speed Random Access Memory (RAM) and may also include a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 53 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used.
The bus 52 may be an ISA bus, PCI bus, EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 4, but that does not indicate only one bus or one type of bus.
The memory 51 is used for storing a program, the processor 50 executes the program after receiving an execution instruction, and the method executed by the apparatus defined by the flow process disclosed in any of the foregoing embodiments of the present invention may be applied to the processor 50, or implemented by the processor 50.
The processor 50 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 50. The Processor 50 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field-Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 51, and the processor 50 reads the information in the memory 51 and completes the steps of the method in combination with the hardware thereof.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. The method for identifying the asset vulnerability is applied to a vulnerability early warning platform and comprises the following steps:
acquiring asset information of assets to be detected;
sending the asset information to a cloud data center so that the cloud data center performs vulnerability identification detection on the assets to be detected based on the asset information and generates vulnerability identification results, wherein target threat intelligence data are stored in the cloud data center and comprise at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs;
and acquiring the vulnerability identification result, and generating early warning information based on the vulnerability identification result.
2. The method of claim 1, wherein obtaining asset information for assets to be detected comprises:
sending an acquisition instruction to a local asset information base so that the local asset information base acquires attribute information and fingerprint information of the asset to be detected based on the acquisition instruction, wherein the attribute information includes but is not limited to the following information: the name of the asset to be detected, the name of the person responsible for the asset to be detected, and the fingerprint information include, but are not limited to, the following information: the name of a factory manufacturer of the asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected;
acquiring the attribute information and the fingerprint information, and determining the attribute information and the fingerprint information as the asset information;
wherein the classification information includes: first-order classification information and second-order classification information, the first-order classification includes the following categories: the server, the network equipment, the security equipment, the secondary classification includes the following categories: firewall, switch, router, database.
3. The method according to claim 2, wherein the fingerprint information further includes a type and version of the asset to be detected if the secondary classification of the asset to be detected is a database.
4. The method according to claim 1, wherein the step of sending the asset information to a cloud data center so that the cloud data center performs vulnerability identification detection on the assets to be detected based on the asset information comprises:
and sending the asset information to the cloud data center through a cloud service port provided by the cloud data center, so that the cloud data center can identify and detect the vulnerability of the asset to be detected based on a preset vulnerability detection program and the asset information.
5. The method of claim 1,
the cloud data center is used for providing infrastructure as a service and platform as a service;
and the cloud data center stores the target threat intelligence data based on a Hadoop frame.
6. An apparatus for identifying asset vulnerabilities, the apparatus comprising: an acquisition unit, a sending unit and an early warning unit, wherein,
the acquisition unit is used for acquiring asset information of assets to be detected;
the sending unit is used for sending the asset information to a cloud data center so that the cloud data center can perform vulnerability identification detection on the assets to be detected based on the asset information and generate vulnerability identification results, wherein target threat information data are stored in the cloud data center, and the target threat information data threat data comprise at least one of the following data: threat information data uploaded by a security service provider, threat information data uploaded by a security information organization and threat information data uploaded by an enterprise to which the asset to be detected belongs;
the early warning unit is used for obtaining the vulnerability identification result and generating early warning information based on the vulnerability identification result.
7. The apparatus of claim 6, wherein the obtaining unit is further configured to:
sending an acquisition instruction to a local asset information base so that the local asset information base acquires attribute information and fingerprint information of the asset to be detected based on the acquisition instruction, wherein the name of a person responsible for the asset to be detected belongs to the attribute information and the fingerprint information include, but are not limited to, the following information: the name of a factory manufacturer of the asset to be detected, the classification information of the asset to be detected and the operating system information of the asset to be detected;
acquiring the attribute information and the fingerprint information, and determining the attribute information and the fingerprint information as the asset information;
wherein the classification information includes: first-order classification information and second-order classification information, the first-order classification includes the following categories: the server, the network equipment, the security equipment, the secondary classification includes the following categories: firewall, switch, router, database.
8. The apparatus according to claim 7, wherein the fingerprint information further includes a type and a version of the asset to be detected if the secondary classification of the asset to be detected is a database.
9. The apparatus of claim 6, wherein the sending unit is further configured to:
and sending the asset information to the cloud data center through a cloud service port provided by the cloud data center, so that the cloud data center performs vulnerability identification detection on the assets to be detected based on a preset vulnerability detection program and the asset information.
10. A system for identifying asset vulnerabilities, the system comprising: a local asset information base, a cloud data center and a vulnerability early warning platform, wherein,
the local asset information base is used for collecting and storing asset information of assets to be detected;
the cloud data center is used for carrying out vulnerability identification detection on the assets to be detected based on the asset information and generating vulnerability identification results;
the vulnerability early warning platform is used for acquiring asset information of the assets to be detected stored in the local asset information base, sending the asset information to the cloud data center and generating early warning information based on the vulnerability identification result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910956125.4A CN110708315A (en) | 2019-10-09 | 2019-10-09 | Asset vulnerability identification method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910956125.4A CN110708315A (en) | 2019-10-09 | 2019-10-09 | Asset vulnerability identification method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110708315A true CN110708315A (en) | 2020-01-17 |
Family
ID=69200034
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910956125.4A Pending CN110708315A (en) | 2019-10-09 | 2019-10-09 | Asset vulnerability identification method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110708315A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111695120A (en) * | 2020-06-12 | 2020-09-22 | 公安部第三研究所 | Information system safety deep threat early warning system and method |
| CN112131577A (en) * | 2020-09-25 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method, device and equipment and computer readable storage medium |
| CN112532647A (en) * | 2020-12-07 | 2021-03-19 | 中国南方电网有限责任公司超高压输电公司 | Deep attack identification method and device for core service of power system |
| CN112637159A (en) * | 2020-12-14 | 2021-04-09 | 杭州安恒信息技术股份有限公司 | Network asset scanning method, device and equipment based on active detection technology |
| CN113067829A (en) * | 2021-03-25 | 2021-07-02 | 北京天融信网络安全技术有限公司 | Threat information processing method and device |
| CN113238536A (en) * | 2021-06-04 | 2021-08-10 | 西安热工研究院有限公司 | Industrial control system network vulnerability identification method and device and related equipment thereof |
| CN113392283A (en) * | 2021-06-22 | 2021-09-14 | 南方电网电力科技股份有限公司 | Safety tool detection data processing method and device |
| CN113660232A (en) * | 2021-08-06 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Threat index query method and system based on cloud server and electronic device |
| CN114584339A (en) * | 2021-12-29 | 2022-06-03 | 奇安信科技集团股份有限公司 | Network security protection method and device based on endogenous security mechanism |
| US20220342690A1 (en) * | 2021-04-26 | 2022-10-27 | Orca Security | Forward and Rearward Facing Attack Vector Visualization |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120185945A1 (en) * | 2004-03-31 | 2012-07-19 | Mcafee, Inc. | System and method of managing network security risks |
| CN103453914A (en) * | 2012-05-28 | 2013-12-18 | 哈尔滨工业大学深圳研究生院 | Cloud navigation system and method for intelligent updating of map |
| CN107370763A (en) * | 2017-09-04 | 2017-11-21 | 中国移动通信集团广东有限公司 | Assets security method for early warning and device based on outside threat intelligence analysis |
| CN107566388A (en) * | 2017-09-18 | 2018-01-09 | 杭州安恒信息技术有限公司 | Industry control vulnerability detection method, apparatus and system |
| CN108460278A (en) * | 2018-02-13 | 2018-08-28 | 北京奇安信科技有限公司 | A kind of threat information processing method and device |
| CN108965346A (en) * | 2018-10-10 | 2018-12-07 | 上海工程技术大学 | One kind is fallen Host Detection method |
| CN109669405A (en) * | 2018-11-19 | 2019-04-23 | 东莞理工学院 | A kind of Industry Control monitoring system based on big data |
| CN109951477A (en) * | 2019-03-18 | 2019-06-28 | 武汉思普崚技术有限公司 | A kind of method and apparatus based on threat information detection network attack |
| CN110138770A (en) * | 2019-05-13 | 2019-08-16 | 四川长虹电器股份有限公司 | One kind threatening information generation and shared system and method based on Internet of Things |
-
2019
- 2019-10-09 CN CN201910956125.4A patent/CN110708315A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120185945A1 (en) * | 2004-03-31 | 2012-07-19 | Mcafee, Inc. | System and method of managing network security risks |
| CN103453914A (en) * | 2012-05-28 | 2013-12-18 | 哈尔滨工业大学深圳研究生院 | Cloud navigation system and method for intelligent updating of map |
| CN107370763A (en) * | 2017-09-04 | 2017-11-21 | 中国移动通信集团广东有限公司 | Assets security method for early warning and device based on outside threat intelligence analysis |
| CN107566388A (en) * | 2017-09-18 | 2018-01-09 | 杭州安恒信息技术有限公司 | Industry control vulnerability detection method, apparatus and system |
| CN108460278A (en) * | 2018-02-13 | 2018-08-28 | 北京奇安信科技有限公司 | A kind of threat information processing method and device |
| CN108965346A (en) * | 2018-10-10 | 2018-12-07 | 上海工程技术大学 | One kind is fallen Host Detection method |
| CN109669405A (en) * | 2018-11-19 | 2019-04-23 | 东莞理工学院 | A kind of Industry Control monitoring system based on big data |
| CN109951477A (en) * | 2019-03-18 | 2019-06-28 | 武汉思普崚技术有限公司 | A kind of method and apparatus based on threat information detection network attack |
| CN110138770A (en) * | 2019-05-13 | 2019-08-16 | 四川长虹电器股份有限公司 | One kind threatening information generation and shared system and method based on Internet of Things |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111695120A (en) * | 2020-06-12 | 2020-09-22 | 公安部第三研究所 | Information system safety deep threat early warning system and method |
| CN112131577A (en) * | 2020-09-25 | 2020-12-25 | 杭州安恒信息技术股份有限公司 | Vulnerability detection method, device and equipment and computer readable storage medium |
| CN112532647A (en) * | 2020-12-07 | 2021-03-19 | 中国南方电网有限责任公司超高压输电公司 | Deep attack identification method and device for core service of power system |
| CN112637159A (en) * | 2020-12-14 | 2021-04-09 | 杭州安恒信息技术股份有限公司 | Network asset scanning method, device and equipment based on active detection technology |
| CN113067829A (en) * | 2021-03-25 | 2021-07-02 | 北京天融信网络安全技术有限公司 | Threat information processing method and device |
| US11627154B2 (en) * | 2021-04-26 | 2023-04-11 | Orca Security LTD. | Forward and rearward facing attack vector visualization |
| US20220342690A1 (en) * | 2021-04-26 | 2022-10-27 | Orca Security | Forward and Rearward Facing Attack Vector Visualization |
| US11582257B2 (en) | 2021-04-26 | 2023-02-14 | Orca Security | Prioritizing internet-accessible workloads for cyber security |
| US11616803B2 (en) | 2021-04-26 | 2023-03-28 | Orca Security LTD. | Hybrid deployment of ephemeral scanners |
| US11637855B2 (en) | 2021-04-26 | 2023-04-25 | Orca Security LTD. | Systems and methods for managing cyber vulnerabilities |
| US11848956B2 (en) | 2021-04-26 | 2023-12-19 | Orca Security LTD. | Systems and methods for disparate risk information aggregation |
| US11888888B2 (en) | 2021-04-26 | 2024-01-30 | Orca Security LTD. | Systems and methods for passive key identification |
| US11943251B2 (en) | 2021-04-26 | 2024-03-26 | Orca Security | Systems and methods for malware detection |
| CN113238536A (en) * | 2021-06-04 | 2021-08-10 | 西安热工研究院有限公司 | Industrial control system network vulnerability identification method and device and related equipment thereof |
| CN113392283A (en) * | 2021-06-22 | 2021-09-14 | 南方电网电力科技股份有限公司 | Safety tool detection data processing method and device |
| CN113660232A (en) * | 2021-08-06 | 2021-11-16 | 杭州安恒信息技术股份有限公司 | Threat index query method and system based on cloud server and electronic device |
| CN114584339A (en) * | 2021-12-29 | 2022-06-03 | 奇安信科技集团股份有限公司 | Network security protection method and device based on endogenous security mechanism |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110708315A (en) | Asset vulnerability identification method, device and system | |
| US11750659B2 (en) | Cybersecurity profiling and rating using active and passive external reconnaissance | |
| CN110535727B (en) | Asset identification method and device | |
| CN109347827B (en) | Method, device, equipment and storage medium for predicting network attack behavior | |
| CN108989150B (en) | Login abnormity detection method and device | |
| US20220224723A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| CN111178760B (en) | Risk monitoring method, risk monitoring device, terminal equipment and computer readable storage medium | |
| CN111935172B (en) | Network abnormal behavior detection method based on network topology, computer device and computer readable storage medium | |
| CN111008380A (en) | Method and device for detecting industrial control system bugs and electronic equipment | |
| CN109063486B (en) | Safety penetration testing method and system based on PLC equipment fingerprint identification | |
| CN105306445A (en) | System and method for detecting vulnerability of server | |
| CN112087462A (en) | Vulnerability detection method and device of industrial control system | |
| CN111176202A (en) | Safety management method, device, terminal equipment and medium for industrial control network | |
| US20230418943A1 (en) | Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same | |
| CN110866259A (en) | Method and system for calculating potential safety hazard score based on multi-dimensional data | |
| CN112653693A (en) | Industrial control protocol analysis method and device, terminal equipment and readable storage medium | |
| CN111193727A (en) | Operation monitoring system and operation monitoring method | |
| CN113098852B (en) | Log processing method and device | |
| CN113765850B (en) | Internet of things abnormality detection method and device, computing equipment and computer storage medium | |
| CN112650180A (en) | Safety warning method, device, terminal equipment and storage medium | |
| CN112464238A (en) | Vulnerability scanning method and electronic equipment | |
| WO2021130897A1 (en) | Analysis device, analysis method, and non-transitory computer-readable medium storing analysis program | |
| CN113127875A (en) | Vulnerability processing method and related equipment | |
| CN108900488B (en) | Decentralization abnormal terminal discovery method and device in scene of Internet of things | |
| CN114499942A (en) | Data access method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200117 |