CN113468542A - Exposed surface asset risk assessment method, device, equipment and medium - Google Patents

Exposed surface asset risk assessment method, device, equipment and medium Download PDF

Info

Publication number
CN113468542A
CN113468542A CN202110766529.4A CN202110766529A CN113468542A CN 113468542 A CN113468542 A CN 113468542A CN 202110766529 A CN202110766529 A CN 202110766529A CN 113468542 A CN113468542 A CN 113468542A
Authority
CN
China
Prior art keywords
asset
exposed surface
information
assets
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110766529.4A
Other languages
Chinese (zh)
Inventor
赵云
胡鹏
顾弘
王方圆
尚程
刘洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Branch Center National Computer Network And Information Security Management Center
Eversec Beijing Technology Co Ltd
Original Assignee
Jiangsu Branch Center National Computer Network And Information Security Management Center
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Branch Center National Computer Network And Information Security Management Center, Eversec Beijing Technology Co Ltd filed Critical Jiangsu Branch Center National Computer Network And Information Security Management Center
Priority to CN202110766529.4A priority Critical patent/CN113468542A/en
Publication of CN113468542A publication Critical patent/CN113468542A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

The invention discloses a method, a device, equipment and a medium for assessing exposure surface asset risk, which comprise the following steps: acquiring exposed surface assets to be evaluated, and detecting the exposed surface assets through a preset asset detection tool to obtain asset information corresponding to the exposed surface assets; scanning the exposed surface assets through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface assets; acquiring external threat data and threat intelligence information for attacking the exposed surface assets; and performing risk assessment on the exposed asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat intelligence information. According to the technical scheme of the embodiment of the invention, the accuracy of the risk assessment result corresponding to the exposed surface asset can be improved, the risk of the exposed surface asset is reduced, and the safety guarantee level of the internet exposed surface is improved.

Description

Exposed surface asset risk assessment method, device, equipment and medium
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a method, a device, equipment and a medium for evaluating exposure surface asset risk.
Background
In recent years, network security attacks are evolving towards specialization and organization, and network hackers often deeply research targets before attacking specific targets, and focus on finding security risks such as security holes and weak password accounts exposed outside. Then, hackers can elaborately make attack strategies, accurately locate ignored hidden exposed surfaces, invade enterprise related business systems through specific attacks and the like, and complete attacks on the targets.
With the application of the fifth Generation Mobile Communication Technology (5th Generation Mobile Communication Technology, 5G) and the digital Technology such as the internet of things, the applications and terminals of the enterprise accessing the network will have a rapidly growing trend, which means that the risk exposure of the enterprise will grow and become more complicated, and the network security will face more serious pressure due to the continuous evolution of the network attack Technology.
The risk of exposing the face assets cannot be completely eliminated for any one enterprise or organizational unit. Therefore, how to reduce the risk of the assets to the maximum and improve the safety protection strength of the exposed assets is very necessary for enterprises or organization units.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for risk assessment of an exposed surface asset, which can improve the accuracy of a risk assessment result corresponding to the exposed surface asset, reduce the risk of the exposed surface asset and improve the safety guarantee level of the internet exposed surface.
In a first aspect, an embodiment of the present invention provides an exposed surface asset risk assessment method, where the method includes:
acquiring exposed surface assets to be evaluated, and detecting the exposed surface assets through a preset asset detection tool to obtain asset information corresponding to the exposed surface assets;
scanning the exposed surface assets through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface assets;
acquiring external threat data and threat intelligence information for attacking the exposed surface assets;
and performing risk assessment on the exposed asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat intelligence information.
In a second aspect, an embodiment of the present invention further provides an exposed surface asset risk assessment apparatus, where the apparatus includes:
the asset detection module is used for acquiring exposed surface assets to be evaluated, detecting the exposed surface assets through a preset asset detection tool and obtaining asset information corresponding to the exposed surface assets;
the asset scanning module is used for scanning the exposed surface asset through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface asset;
the threat information acquisition module is used for acquiring external threat data and threat information for attacking the exposed surface assets;
and the evaluation module is used for carrying out risk evaluation on the exposed surface asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat information.
In a third aspect, an embodiment of the present invention further provides a computer device, where the computer device includes:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to perform the exposed surface asset risk assessment method provided by any of the embodiments of the present invention.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the exposed-surface asset risk assessment method provided in any embodiment of the present invention is implemented.
The technical scheme of the embodiment of the invention obtains the asset information corresponding to the exposed surface asset by obtaining the exposed surface asset to be evaluated and detecting the exposed surface asset through a preset asset detection tool, and then through a preset network security scanning tool, scanning the exposed surface assets to obtain vulnerability data corresponding to the exposed surface assets, and obtaining external threat data and threat intelligence information for attacking the exposed asset, and finally according to at least one item of information in the asset information, vulnerability data, external threat data and threat intelligence information, the technical means for risk assessment of the exposed surface assets can improve accuracy of risk assessment results corresponding to the exposed surface assets, reduce risks faced by the exposed surface assets, and improve safety guarantee level of the internet exposed surface.
Drawings
FIG. 1 is a flowchart of an exposed asset risk assessment method according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a risk assessment method for exposed asset according to a second embodiment of the present invention;
FIG. 3 is a block diagram of an exposed asset risk assessment device according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computer device in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of an exposed asset risk assessment method according to an embodiment of the present invention, where the present embodiment is applicable to a situation of risk assessment for an exposed asset, and the method may be executed by an exposed asset risk assessment apparatus, which may be implemented by software and/or hardware, and may be generally integrated in a computer and all intelligent devices (e.g., a terminal device or a server) including a program running function, and specifically includes the following steps:
and 110, acquiring exposed surface assets to be evaluated, and detecting the exposed surface assets through a preset asset detection tool to obtain asset information corresponding to the exposed surface assets.
In this embodiment, the exposed surface asset may be an exposed surface asset in an internet platform, wherein a user may screen an asset to be managed as an exposed surface asset to be evaluated from a plurality of exposed surface assets existing in the internet platform. In a specific embodiment, a user can screen exposed surface assets to be evaluated in an internet platform according to focused industry information, focused area information or focused business unit information.
In this embodiment, after the exposed surface asset to be evaluated is acquired, the exposed surface asset may be detected by a preset asset detection tool, so as to obtain asset information corresponding to the exposed surface asset. The asset information may be attribute information for characterizing the exposed surface asset, for example, hardware information associated with the exposed surface asset, and information such as an operating system (e.g., an operating system version number, configuration parameters of the operating system, a version number of running software, configuration parameters of the running software, etc.).
In a particular embodiment, the asset detection tools may include Network Security Audit tools (Nmap) and Port scanner Masscan.
And 120, scanning the exposed surface asset through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface asset.
In this embodiment, the network security scanning tool may be a tool for vulnerability scanning and weak password scanning on the network. And after the exposed surface asset is scanned through a preset network security scanning tool, vulnerability data corresponding to the exposed surface asset can be obtained.
In a particular embodiment, vulnerability data corresponding to exposed surface assets may include: the vulnerability existing in the exposed face assets, the damage level to which the vulnerability belongs, and the weak password.
And step 130, acquiring external threat data and threat intelligence information for attacking the exposed asset.
In this embodiment, the latest external threat data for attacking the exposed face asset may be obtained. The external threat data may specifically include event data of flyer worms, stiff wood worm control, stiff wood worm controlled, website horse hanging, website backdoor, webpage tampering, hazard level thereof, and the like faced by the exposed assets.
In this embodiment, after the external threat data for attacking the exposed-surface asset is acquired, threat intelligence information faced by the exposed-surface asset may also be acquired. The threat intelligence information is used for enabling enterprise security personnel to definitely know which threat data are related to enterprise information assets and business security information, and the enterprise security personnel can know the context of the threat so as to select the priority of response processing according to the influence degree of the threat.
In a specific embodiment, the threat intelligence information may specifically include strategic threat intelligence, operational threat intelligence, tactical threat intelligence, and technical threat intelligence faced by the exposed asset.
And 140, performing risk assessment on the exposed surface asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat intelligence information.
In one embodiment of this embodiment, the risk assessment may be performed on the exposed asset based on one or more of the asset information, vulnerability data, external threat data, and threat intelligence information. Specifically, one or more items of information among asset information, vulnerability data, external threat data, and threat intelligence information may be quantized according to a preset calculation method to obtain a quantization result corresponding to each item of information, and then a risk assessment result corresponding to the exposed asset may be calculated according to the quantization result corresponding to each item of information.
In the embodiment, by combining asset information, vulnerability data, external threat data and threat information corresponding to the exposed surface asset, risk assessment is performed on the exposed surface asset, the accuracy of a risk assessment result corresponding to the exposed surface asset can be improved, and enterprise security personnel can conveniently take relevant measures to reduce asset risks according to the risk assessment result, so that the safety guarantee level of the internet exposed surface can be improved, the safety protection work of each system can be better promoted, the safety risk control of important systems is enhanced, and the internet exposed surface asset general investigation and vulnerability detection capability, the safety threat monitoring capability and the safety risk sense early warning capability are enhanced.
The technical scheme of the embodiment of the invention obtains the asset information corresponding to the exposed surface asset by obtaining the exposed surface asset to be evaluated and detecting the exposed surface asset through a preset asset detection tool, and then through a preset network security scanning tool, scanning the exposed surface assets to obtain vulnerability data corresponding to the exposed surface assets, and obtaining external threat data and threat intelligence information for attacking the exposed asset, and finally according to at least one item of information in the asset information, vulnerability data, external threat data and threat intelligence information, the technical means for risk assessment of the exposed surface assets can improve accuracy of risk assessment results corresponding to the exposed surface assets, reduce risks faced by the exposed surface assets, and improve safety guarantee level of the internet exposed surface.
Example two
This embodiment is a further refinement of the first embodiment, and the same or corresponding terms as those in the first embodiment are explained, and this embodiment is not repeated. Fig. 2 is a flowchart of an exposed surface asset risk assessment method according to a second embodiment of the present invention, in this embodiment, the technical solution of this embodiment may be combined with one or more methods in the solutions of the foregoing embodiments, and in this embodiment, as shown in fig. 2, the method according to the second embodiment of the present invention may further include:
step 210, obtaining an exposed surface asset to be evaluated, and detecting the exposed surface asset through a preset asset detection tool to obtain asset information corresponding to the exposed surface asset.
In one implementation of the embodiment of the present invention, acquiring an exposed surface asset to be evaluated includes: screening the exposed surface assets to be evaluated in a pre-stored asset information table according to a preset Internet Protocol (IP) address and preset domain name information; the asset information table stores a plurality of different exposed surface assets in advance.
The exposed asset to be evaluated can be screened from a pre-stored asset information table according to an Internet Protocol (IP) address and domain name information preset in the filing information by the user. The preset IP address and domain name information may be compared with the IP address and domain name information corresponding to each exposed surface asset stored in the asset information table, respectively, and the exposed surface asset to be evaluated may be screened out from the asset information table according to the comparison result.
The benefit of this arrangement is that the acquisition time of the exposed surface asset can be saved, improving the acquisition efficiency of the exposed surface asset.
Step 220, scanning the exposed surface asset through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface asset.
Step 230, obtaining external threat data and threat intelligence information for attacking the exposed asset.
In one implementation manner of the embodiment of the present invention, acquiring external threat data and threat intelligence information for attacking the exposed asset includes: acquiring external threat data for attacking the exposed surface asset within a plurality of historical continuous time periods; and acquiring real-time updated threat intelligence information corresponding to the exposed surface assets.
In a particular embodiment, external threat data may be obtained for each day of attack on the exposed asset prior to the current time, and real-time updated threat intelligence information corresponding to the exposed asset may be obtained.
And 240, evaluating the attribute risk corresponding to the exposed surface asset according to the asset information to obtain a first evaluation value.
In this embodiment, the asset information includes survival information, open service information, operating system, and component application information. The open service information may include information such as an open port, and the operating system information may include an operating system version number, configuration parameters of an operating system, a version number of running software, configuration parameters of running software, and the like.
In an implementation manner of the embodiment of the present invention, evaluating an attribute risk corresponding to the exposed surface asset according to the asset information to obtain a first evaluation value includes: judging whether the exposed surface assets survive or not according to the survival information; and if so, evaluating the attribute risk corresponding to the exposed surface asset according to the open service information, the operating system and the component application information of the exposed surface asset to obtain a first evaluation value.
In this embodiment, the attribute risk corresponding to the exposed surface asset may be evaluated according to the open service information, the operating system, and the component application information of the exposed surface asset by a preset calculation method, so as to obtain a first evaluation value. The first evaluation value is used for representing attribute risks to which the exposed surface asset faces, wherein optionally, if the first evaluation value is higher, the attribute risks to which the exposed surface asset faces can be considered to be larger.
And step 250, evaluating the vulnerability risk corresponding to the exposed surface asset according to the vulnerability data to obtain a second evaluation value.
In this embodiment, the vulnerability risk corresponding to the exposed surface asset may be evaluated according to the vulnerability existing in the exposed surface asset, the hazard level to which the vulnerability belongs, the weak password and other information by using a preset calculation method, so as to obtain a second evaluation value. The second evaluation value is used for representing the vulnerability risk of the exposed surface asset, wherein optionally, if the second evaluation value is higher, the vulnerability risk of the exposed surface asset can be considered to be higher.
And step 260, evaluating the external threat risk corresponding to the exposed surface asset according to the external threat data to obtain a third evaluation value.
In an implementation manner of the embodiment of the present invention, according to the external threat data, evaluating an external threat risk corresponding to the exposed-surface asset to obtain a third evaluation value, including: and evaluating the external threat risk corresponding to the exposed surface asset according to the event type, the hazard level and the attack frequency corresponding to the external threat data to obtain a third evaluation value.
In this embodiment, the external threat risk corresponding to the exposed surface asset may be evaluated according to the event type, the hazard level, and the attack frequency corresponding to the external threat data by using a preset calculation method, so as to obtain a third evaluation value. The third evaluation value is used for representing the external threat risk to which the exposed surface asset faces, wherein optionally, if the third evaluation value is higher, the external threat risk to which the exposed surface asset faces can be considered to be higher.
And 270, evaluating the threat intelligence risk corresponding to the exposed asset according to the threat intelligence information to obtain a fourth evaluation value.
In this embodiment, according to an attack IP of an exposed asset suffering an attack or the latest threat intelligence information of a hacker organization, a fourth evaluation value may be obtained by evaluating the external threat risk corresponding to the exposed asset by a preset calculation method. The fourth evaluation value is used for representing the threat intelligence risk to which the exposed surface asset faces, wherein optionally, if the fourth evaluation value is higher, the threat intelligence risk to which the exposed surface asset faces can be considered to be higher.
And step 280, calculating a final risk assessment result corresponding to the exposed surface asset according to the first assessment value, the second assessment value, the third assessment value and the fourth assessment value.
In an implementation manner of the embodiment of the present invention, optionally, the first evaluation value, the second evaluation value, the third evaluation value, and the fourth evaluation value may be added to obtain a final risk assessment result corresponding to the exposed surface asset.
In another implementation manner of the embodiment of the present invention, calculating a final risk assessment result corresponding to the exposed surface asset according to the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value includes: according to a preset weighting proportion, carrying out weighting processing on the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value; calculating a risk score corresponding to the exposed surface asset according to the weighting processing results corresponding to the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value; determining a risk level corresponding to the exposed surface asset based on the risk score corresponding to the exposed surface asset.
Wherein the corresponding weighting ratio can be set according to the influence degree of various risks faced by the exposed-surface assets. For example, if the degree of influence of the external threat risk to which the exposed-surface asset is exposed is greater than the degree of influence of the attribute risk, a higher weight value may be set for the third evaluation value and a lower weight value may be set for the first evaluation value.
After the weighting proportion is set, the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value may be subjected to weighted summation to obtain a weighted summation result, then normalization processing is performed on the weighted summation result to obtain a risk score corresponding to the exposed surface asset, and finally the risk grade corresponding to the exposed surface asset is determined according to preset mapping relations between different risk scores and different risk grades.
The advantage of this arrangement is that, by weighting the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value according to the preset weighting proportion and calculating the risk score corresponding to the exposed surface asset according to the weighting processing result, the final risk assessment result corresponding to the exposed surface asset can be associated with the influence degree of various risks, and thus the effectiveness of the risk assessment result corresponding to the exposed surface asset can be improved.
In this embodiment, after determining the risk level corresponding to the exposed surface asset, the enterprise security personnel may take relevant measures to reduce the asset risk according to the risk level, thereby improving the security level of the internet exposed surface.
The technical scheme of the embodiment of the invention obtains the asset information corresponding to the exposed surface asset by obtaining the exposed surface asset to be evaluated and detecting the exposed surface asset by a preset asset detection tool, then scans the exposed surface asset by a preset network security scanning tool to obtain the vulnerability data corresponding to the exposed surface asset and obtain the external threat data and threat information attacking the exposed surface asset, evaluates the attribute risk corresponding to the exposed surface asset according to the asset information to obtain a first evaluation value, evaluates the vulnerability risk corresponding to the exposed surface asset according to the vulnerability data to obtain a second evaluation value, and evaluates the external threat risk corresponding to the exposed surface asset according to the external threat data, and finally, calculating a final risk assessment result corresponding to the exposed surface asset according to the first assessment value, the second assessment value, the third assessment value and the fourth assessment value, so that the accuracy of the risk assessment result corresponding to the exposed surface asset can be improved, the risk of the exposed surface asset is reduced, and the safety guarantee level of the Internet exposed surface is improved.
EXAMPLE III
Fig. 3 is a structural diagram of an exposed surface asset risk assessment apparatus according to a third embodiment of the present invention, where the apparatus includes: an asset detection module 310, an asset scanning module 320, a threat information acquisition module 330, and an assessment module 340.
The asset detection module 310 is configured to acquire an exposed surface asset to be evaluated, detect the exposed surface asset through a preset asset detection tool, and obtain asset information corresponding to the exposed surface asset;
the asset scanning module 320 is configured to scan the exposed surface asset through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface asset;
a threat information obtaining module 330, configured to obtain external threat data and threat intelligence information for attacking the exposed asset;
and the evaluation module 340 is configured to perform risk evaluation on the exposed asset according to at least one item of information of the asset information, vulnerability data, external threat data, and threat intelligence information.
The technical scheme of the embodiment of the invention obtains the asset information corresponding to the exposed surface asset by obtaining the exposed surface asset to be evaluated and detecting the exposed surface asset through a preset asset detection tool, and then through a preset network security scanning tool, scanning the exposed surface assets to obtain vulnerability data corresponding to the exposed surface assets, and obtaining external threat data and threat intelligence information for attacking the exposed asset, and finally according to at least one item of information in the asset information, vulnerability data, external threat data and threat intelligence information, the technical means for risk assessment of the exposed surface assets can improve accuracy of risk assessment results corresponding to the exposed surface assets, reduce risks faced by the exposed surface assets, and improve safety guarantee level of the internet exposed surface.
On the basis of the above embodiments, the asset detection module 310 may include:
the asset screening unit is used for screening the exposed surface assets to be evaluated from a pre-stored asset information table according to a preset Internet Protocol (IP) address and preset domain name information; the asset information table stores a plurality of different exposed surface assets in advance.
The threat information obtaining module 330 may include:
the threat data acquisition unit is used for acquiring external threat data which attacks aiming at the exposed surface assets in a plurality of historical continuous time periods;
and the threat intelligence acquisition unit is used for acquiring real-time updated threat intelligence information corresponding to the exposed surface assets.
The evaluation module 340 may include:
the first evaluation value calculation unit is used for evaluating the attribute risk corresponding to the exposed surface asset according to the asset information to obtain a first evaluation value; the asset information comprises survival information, open service information, an operating system and component application information;
the second evaluation value calculation unit is used for evaluating the vulnerability risk corresponding to the exposed surface asset according to the vulnerability data to obtain a second evaluation value;
a third evaluation value calculation unit, configured to evaluate, according to the external threat data, an external threat risk corresponding to the exposed surface asset to obtain a third evaluation value;
a fourth evaluation value calculation unit, configured to evaluate a threat intelligence risk corresponding to the exposed asset according to the threat intelligence information, so as to obtain a fourth evaluation value;
the evaluation result calculation unit is used for calculating a final risk evaluation result corresponding to the exposed surface asset according to the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value;
the judging unit is used for judging whether the exposed surface assets survive or not according to the survival information;
the attribute risk assessment unit is used for assessing the attribute risk corresponding to the exposed surface asset according to the open service information, the operating system and the component application information of the exposed surface asset to obtain a first assessment value if the exposed surface asset survives;
the weighting processing unit is used for carrying out weighting processing on the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value according to a preset weighting proportion;
a score calculating unit, configured to calculate a risk score corresponding to the exposed surface asset according to a weighting processing result of each of the first evaluation value, the second evaluation value, the third evaluation value, and the fourth evaluation value;
a grade determining unit, which is used for determining a risk grade corresponding to the exposed surface asset according to the risk score corresponding to the exposed surface asset;
and the threat risk evaluation unit is used for evaluating the external threat risk corresponding to the exposed surface asset according to the event type, the hazard level and the attack frequency corresponding to the external threat data to obtain a third evaluation value.
The exposed surface asset risk assessment device provided by the embodiment of the invention can execute the exposed surface asset risk assessment method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 4 is a schematic structural diagram of a computer apparatus according to a fourth embodiment of the present invention, as shown in fig. 4, the computer apparatus includes a processor 410, a memory 420, an input device 430, and an output device 440; the number of the processors 410 in the computer device may be one or more, and one processor 410 is taken as an example in fig. 4; the processor 410, the memory 420, the input device 430 and the output device 440 in the computer apparatus may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 4. Memory 420 serves as a computer-readable storage medium that may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to a method for exposed asset risk assessment in any embodiment of the present invention (e.g., asset detection module 310, asset scanning module 320, threat information acquisition module 330, and assessment module 340 in an exposed asset risk assessment apparatus). The processor 410 executes various functional applications and data processing of the computer device by executing software programs, instructions and modules stored in the memory 420, so as to realize the exposed surface asset risk assessment method. That is, the program when executed by the processor implements:
acquiring exposed surface assets to be evaluated, and detecting the exposed surface assets through a preset asset detection tool to obtain asset information corresponding to the exposed surface assets;
scanning the exposed surface assets through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface assets;
acquiring external threat data and threat intelligence information for attacking the exposed surface assets;
and performing risk assessment on the exposed asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat intelligence information.
The memory 420 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 420 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 420 may further include memory located remotely from processor 410, which may be connected to a computer device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The input device 430 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus, and may include a keyboard and a mouse, etc. The output device 440 may include a display device such as a display screen.
EXAMPLE five
Fifth, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method according to any embodiment of the present invention. Of course, embodiments of the present invention provide a computer-readable storage medium, which can perform related operations in an exposed surface asset risk assessment method provided by any embodiments of the present invention. That is, the program when executed by the processor implements:
acquiring exposed surface assets to be evaluated, and detecting the exposed surface assets through a preset asset detection tool to obtain asset information corresponding to the exposed surface assets;
scanning the exposed surface assets through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface assets;
acquiring external threat data and threat intelligence information for attacking the exposed surface assets;
and performing risk assessment on the exposed asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat intelligence information.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the above embodiment of the exposed surface asset risk assessment device, the included units and modules are merely divided according to the functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. An exposed surface asset risk assessment method, comprising:
acquiring exposed surface assets to be evaluated, and detecting the exposed surface assets through a preset asset detection tool to obtain asset information corresponding to the exposed surface assets;
scanning the exposed surface assets through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface assets;
acquiring external threat data and threat intelligence information for attacking the exposed surface assets;
and performing risk assessment on the exposed asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat intelligence information.
2. The method of claim 1, wherein obtaining exposed surface assets to be evaluated comprises:
screening the exposed surface assets to be evaluated in a pre-stored asset information table according to a preset Internet Protocol (IP) address and preset domain name information; the asset information table stores a plurality of different exposed surface assets in advance.
3. The method of claim 1, wherein performing a risk assessment on the exposed face asset based on at least one of the asset information, vulnerability data, external threat data, and threat intelligence information comprises:
according to the asset information, evaluating attribute risks corresponding to the exposed surface assets to obtain a first evaluation value;
according to the vulnerability data, assessing vulnerability risks corresponding to the exposed surface assets to obtain a second assessment value;
according to the external threat data, evaluating external threat risks corresponding to the exposed surface assets to obtain a third evaluation value;
evaluating threat intelligence risks corresponding to the exposed asset according to the threat intelligence information to obtain a fourth evaluation value;
and calculating a final risk assessment result corresponding to the exposed surface asset according to the first assessment value, the second assessment value, the third assessment value and the fourth assessment value.
4. The method of claim 3, wherein the asset information comprises survival information, open service information, operating system and component application information;
the evaluating the attribute risk corresponding to the exposed surface asset according to the asset information to obtain a first evaluation value, including:
judging whether the exposed surface assets survive or not according to the survival information;
and if so, evaluating the attribute risk corresponding to the exposed surface asset according to the open service information, the operating system and the component application information of the exposed surface asset to obtain a first evaluation value.
5. The method of claim 3, wherein calculating a final risk assessment corresponding to the exposed surface asset based on the first, second, third, and fourth assessment values comprises:
according to a preset weighting proportion, carrying out weighting processing on the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value;
calculating a risk score corresponding to the exposed surface asset according to the weighting processing results corresponding to the first evaluation value, the second evaluation value, the third evaluation value and the fourth evaluation value;
determining a risk level corresponding to the exposed surface asset based on the risk score corresponding to the exposed surface asset.
6. The method of claim 3, wherein evaluating the external threat risk corresponding to the exposed surface asset based on the external threat data to obtain a third evaluated value comprises:
and evaluating the external threat risk corresponding to the exposed surface asset according to the event type, the hazard level and the attack frequency corresponding to the external threat data to obtain a third evaluation value.
7. The method of claim 1, wherein obtaining external threat data and threat intelligence information for an attack on the exposed asset comprises:
acquiring external threat data for attacking the exposed surface asset within a plurality of historical continuous time periods;
and acquiring real-time updated threat intelligence information corresponding to the exposed surface assets.
8. An exposed surface asset risk assessment device, comprising:
the asset detection module is used for acquiring exposed surface assets to be evaluated, detecting the exposed surface assets through a preset asset detection tool and obtaining asset information corresponding to the exposed surface assets;
the asset scanning module is used for scanning the exposed surface asset through a preset network security scanning tool to obtain vulnerability data corresponding to the exposed surface asset;
the threat information acquisition module is used for acquiring external threat data and threat information for attacking the exposed surface assets;
and the evaluation module is used for carrying out risk evaluation on the exposed surface asset according to at least one item of information in the asset information, the vulnerability data, the external threat data and the threat information.
9. A computer device, comprising:
one or more processors;
storage means for storing one or more programs;
the exposed surface asset risk assessment method of any of claims 1-7 when executed by the one or more programs such that the one or more processors execute the programs.
10. A computer-readable storage medium having stored thereon a computer program, which when executed by a processor implements the exposed surface asset risk assessment method according to any one of claims 1-7.
CN202110766529.4A 2021-07-07 2021-07-07 Exposed surface asset risk assessment method, device, equipment and medium Pending CN113468542A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110766529.4A CN113468542A (en) 2021-07-07 2021-07-07 Exposed surface asset risk assessment method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110766529.4A CN113468542A (en) 2021-07-07 2021-07-07 Exposed surface asset risk assessment method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN113468542A true CN113468542A (en) 2021-10-01

Family

ID=77878811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110766529.4A Pending CN113468542A (en) 2021-07-07 2021-07-07 Exposed surface asset risk assessment method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN113468542A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174250A (en) * 2022-07-19 2022-10-11 北京安天网络安全技术有限公司 Network asset safety assessment method and device, electronic equipment and storage medium
CN114157494B (en) * 2021-12-06 2024-04-26 杭州安恒信息技术股份有限公司 IP resource state determining method and related device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114157494B (en) * 2021-12-06 2024-04-26 杭州安恒信息技术股份有限公司 IP resource state determining method and related device
CN115174250A (en) * 2022-07-19 2022-10-11 北京安天网络安全技术有限公司 Network asset safety assessment method and device, electronic equipment and storage medium
CN115174250B (en) * 2022-07-19 2024-02-23 北京安天网络安全技术有限公司 Network asset security assessment method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
TWI595375B (en) Anomaly detection using adaptive behavioral profiles
CN108471429B (en) Network attack warning method and system
CN107579956B (en) User behavior detection method and device
CN111460445B (en) Sample program malicious degree automatic identification method and device
CN105009132A (en) Event correlation based on confidence factor
WO2010126733A1 (en) Systems and methods for sensitive data remediation
Alkawaz et al. Detecting phishing website using machine learning
WO2011153227A2 (en) Dynamic multidimensional schemas for event monitoring priority
CN111786974B (en) Network security assessment method and device, computer equipment and storage medium
US10341373B2 (en) Automatically detecting insider threats using user collaboration patterns
US9479521B2 (en) Software network behavior analysis and identification system
KR102088310B1 (en) Risk Index Correction System Based on Attack Frequency, Asset Importance, and Severity
CN110868403B (en) Method and equipment for identifying advanced persistent Attack (APT)
CN111090862A (en) Asset portrait method and system based on Internet terminal
CN113987509A (en) Risk rating method, device, equipment and storage medium for information system security vulnerability
CN113886829B (en) Method and device for detecting defect host, electronic equipment and storage medium
CN113468542A (en) Exposed surface asset risk assessment method, device, equipment and medium
CN110598959A (en) Asset risk assessment method and device, electronic equipment and storage medium
CN110618977B (en) Login anomaly detection method, device, storage medium and computer equipment
CN115664868B (en) Security level determination method, device, electronic equipment and storage medium
CN110233848B (en) Asset situation analysis method and device
CN113824736B (en) Asset risk handling method, device, equipment and storage medium
CN113238971A (en) Automatic penetration testing system and method based on state machine
CN113742629A (en) Daily information security check method and device for internet data center
Alavi et al. A comparative evaluation of automated vulnerability scans versus manual penetration tests on false-negative errors

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination