CN115695044B - IT asset security management and control platform and management method - Google Patents

Abstract

The invention discloses an IT asset safety control platform, which is characterized in that: the platform comprises an out-link service module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module; the external link service module is connected with an external service port to synchronize IT asset data; the data verification module is used for verifying the data source of the input IT asset data; the identity verification module is used for verifying login information to perform operation control; the data storage module is used for storing IT asset data in a distributed mode; the data supervision module is used for carrying out security screening on IT asset data; the platform management and control module is used for making and executing platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules; the invention has simple structure, easy deployment and simple asset management steps, and can realize unified management and dynamic monitoring of IT asset data.

Description

IT asset security management and control platform and management method

Technical Field

The invention belongs to the technical field of Internet, and particularly relates to an IT asset security management and control platform and management method.

Background

With the wide application of computer network technology, the degree of dependence of government departments, enterprises and institutions and the like on information systems is increasingly enhanced, particularly in power system management, the generated IT asset data has a large amount of information and huge data, and the IT asset data contains a large amount of important contents, if the IT asset data is not subjected to system management and security protection, the data can be exposed to the Internet all around without fortification, and system loopholes, malicious software, viruses and the like have endangered network security layers, so that the IT assets are lost or even divulged in security events. The traditional IT asset management is complex in system architecture, difficult to deploy, complicated in asset management steps and difficult to realize unified management and dynamic monitoring of IT assets.

Disclosure of Invention

The invention aims to solve the technical problems that: the IT asset safety management platform and the management method are provided, so that the technical problems that the traditional IT asset management is complex in system architecture, difficult to deploy, complicated in asset management steps, difficult to realize unified management and dynamic monitoring of IT assets and the like are solved.

The technical scheme of the invention is as follows:

An IT asset security management and control platform comprises an out-link service module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module;

the external link service module is configured to be connected with an external service port for IT asset data synchronization;

the data verification module is configured to perform data source verification on the input IT asset data;

the identity verification module is configured to verify login information for operation control;

The data storage module is configured to store IT asset data in a distributed manner;

The data supervision module is configured to perform security screening on IT asset data;

the platform management and control module is configured to formulate and execute platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules.

The external link service module is further configured to perform unified formatting processing on the IT asset data imported by the external service port, obtain the IT asset data in the JSON data format, and perform packing compression.

The data verification module is further configured to perform data source analysis, check and abnormal data preliminary screening on the IT asset data in the JSON data format after unified formatting processing, and perform ID labeling on the IT asset data which is matched with the IP address corresponding to the external service port and has no data abnormality after screening based on the abnormal data screening rule, wherein the ID comprises data receiving time, data source IP address and content classification corresponding to the IT asset data, and the out-link service module packages and compresses the IT asset data and the ID corresponding to the IT asset data.

The data storage module classifies and stores IT asset data based on data distributed storage rules, and stores the IT asset data in storage spaces in a distributed manner, wherein the storage spaces comprise computer readable storage media and/or blockchain storage nodes in a plurality of storage servers.

And when the data source analysis and verification are performed, a series of TCP and UDP data packets are sent to the external service port, a response data packet returned by the external service port is received, each data item in the response data packet is detected, the data item is compared with a preset port identity data set, and the IP address and the operating system type of the external service port are obtained according to the comparison result.

The identity verification module verifies and collects personnel information of the login platform, wherein the personnel information comprises identity information, department information and identity levels, collects IT asset data contents checked by personnel based on the platform, the IT asset data contents comprise IT asset data types and IT asset data levels, and generates corresponding safe browsing logs for storage of login time, collected personnel information and checked IT asset data contents.

The data supervision module is further configured to monitor the IT asset data contents which are checked and retrieved by the personnel logging in the platform based on the identity level of the personnel, and send out alarm information and generate an alarm log when the IT asset data contents which do not correspond to the identity level of the personnel are retrieved for a plurality of times.

The data supervision module performs security screening on IT asset data stored in the data storage module periodically according to a screening period based on an abnormal data screening rule, wherein the abnormal data screening rule comprises a data storage time node, a last security screening time node and a data change condition; and processing the IT asset data stored in the data storage module based on an abnormal data processing strategy, wherein the abnormal data processing strategy comprises clearing the IT asset data with an earlier data storage time node or updating the storage time node of the IT asset data according to the life cycle of the IT asset, extracting and alarming the IT asset data with the time difference between the last safety screening time and the current safety screening time being larger than the screening period, extracting and alarming the IT asset data which are not successfully matched when the characteristic contents before and after the change are extracted and compared based on the condition of data change, and the data change comprises the steps of deleting and adding the data by personnel through a platform and the falsification of the IT asset data which occurs in a safety event.

The data administration module is further configured to perform vulnerability discovery on the IT asset data, the vulnerability discovery comprising:

Vulnerability scanning: traversing and matching IT asset data based on a preset vulnerability screening rule to find vulnerabilities existing in the IT asset data, extracting the IT asset data and giving an alarm when the existing vulnerabilities are found, repairing the vulnerabilities of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability finding does not occur any more after repeated scanning;

POC scanning: traversing vulnerability attack test is carried out on IT asset data based on a preset vulnerability attack code, when the attack is successful, the IT asset data is extracted and an alarm is given, the vulnerability of the IT asset data is repaired based on a vulnerability repair rule, and when the attack is not successful any more after repeated attack test, the IT asset data and a vulnerability repair log are packaged and then returned to an original storage position for storage;

Nessus scan: traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when a vulnerability is found, repairing the vulnerability of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability is found no longer after repeated scanning;

weak password scan: traversing and matching the IT asset data based on a preset weak password dictionary, repairing the loopholes of the IT asset data based on a loophole repairing rule when the weak passwords exposed by the IT asset application program are matched, and packaging the IT asset data and the loophole repairing log and returning the packaged IT asset data and the loophole repairing log to the original storage position for storage when the exposed weak passwords are not generated any more after repeated scanning.

The application also discloses an IT asset safety management method applied to the IT asset safety control platform, which comprises the following steps:

Platform management: formulating a platform operation rule, an abnormal data screening rule, an abnormal data processing strategy and a data distributed storage rule;

acquiring data: the staff login platform performs data import or performs data interaction with an external service port by adopting an external service module to realize IT asset data uploading, and performs unified formatting processing on the imported IT asset data to obtain the IT asset data in a JSON data format;

data primary screening: the data verification module performs data source verification on the input IT asset data, and performs data exception preliminary screening on the input IT asset data based on an exception data processing strategy, wherein the exception data processing strategy comprises any one of vulnerability scanning, POC scanning, nessus scanning and weak password scanning;

And (3) data storage: the data verification module performs ID labeling on the IT asset data which passes through the data primary screening, wherein the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, the out-link business module packs and compresses the IT asset data and the ID corresponding to the IT asset data, the data storage module performs classified storage on the IT asset data based on a data distributed storage rule, and the data storage module stores all the IT asset data in a storage space in a distributed manner, and the storage space comprises computer-readable storage media and/or block-chain storage nodes in a plurality of storage servers;

And (3) data supervision: the data supervision module performs security screening and vulnerability discovery on IT asset data stored in the data storage module according to a screening period on the basis of an abnormal data screening rule, wherein vulnerability discovery comprises one or more of vulnerability scanning, POC scanning, nessus scanning and weak password scanning, vulnerability scanning comprises traversing and matching the IT asset data on the basis of a preset vulnerability screening rule to discover vulnerabilities existing in the IT asset data, when the existing vulnerabilities are discovered, extracting and alarming the IT asset data, repairing the vulnerabilities of the IT asset data on the basis of a vulnerability repairing rule, and packaging the IT asset data and a repairing log for returning to an original storage position for storage when the vulnerabilities are not found any more after repeated scanning; POC scanning comprises traversing vulnerability attack test on IT asset data based on a preset vulnerability attack code, extracting the IT asset data and giving an alarm when the attack is successful, repairing the vulnerability of the IT asset data based on a vulnerability repair rule, and packaging the IT asset data and a vulnerability repair log and returning to an original storage position for storage when the attack is not successful any more after repeated attack test; the Nessus scanning comprises traversing scanning the IT asset data based on the Nessus scanning, extracting the IT asset data and giving an alarm when a vulnerability is found, repairing the vulnerability of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability is found no longer after repeated scanning; the weak password scanning comprises traversing and matching IT asset data based on a preset weak password dictionary, repairing the loopholes of the IT asset data based on a loophole repairing rule when the weak passwords exposed by an IT asset application program are matched, and packaging the IT asset data and a loophole repairing log and returning the packaged IT asset data and the loophole repairing log to an original storage position for storage when the exposed weak passwords are not generated any more after repeated scanning;

operation supervision: the identity verification module acquires personnel information of the login platform, monitors the operation content of personnel and gives an alarm when abnormality occurs.

The invention has the beneficial effects that:

According to the method, the data source analysis and verification and the abnormal data preliminary screening are carried out on the IT asset data imported to the platform in a data preliminary screening mode, so that preliminary data security detection is completed in the first step that the imported IT asset data enter the platform, and the situation that unsafe data such as attack means enter a database to cause large-area data security threat is avoided. During storage, IT asset data is stored in a distributed mode, and the problems that data calling and checking occur slowly in response speed and difficult data safety supervision and execution are caused due to the fact that a large amount of data is stored in one server are avoided.

In daily data supervision, the data supervision module regularly monitors the IT asset data stored in the data storage module according to the abnormal data screening rule and the abnormal data processing strategy, so that dynamic safety management is realized, and the situation that the safety of the whole data storage module is threatened due to the occurrence of data abnormality in the long-term storage, called and checked processes is avoided.

The platform has simple framework, easy deployment and simple asset management steps, and can realize unified management and dynamic monitoring of IT asset data.

Drawings

FIG. 1 is a schematic diagram of the platform of the present invention.

Detailed Description

An IT asset security management and control platform comprises an out-link service module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module.

The platform management and control module is configured to formulate and execute platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules.

The external link service module is configured to be connected with the external service port to synchronize IT asset data, and is also configured to perform unified formatting processing on the IT asset data imported by the external service port, obtain the IT asset data in the JSON data format and perform packing compression.

The data verification module is configured to perform data source verification on the input IT asset data, perform data source analysis check and abnormal data preliminary screening on the IT asset data in the JSON data format after unified formatting processing, match a data source analysis result with an IP address corresponding to a docked external service port, and perform ID marking on the IT asset data without data abnormality after screening based on an abnormal data screening rule, wherein the ID comprises data receiving time, data source IP address and content classification corresponding to the IT asset data, and package and compress the IT asset data and the corresponding ID when the external link service module performs packaging.

The identity verification module is configured to verify login information for operation management and control, and specifically, the identity verification module verifies and collects personnel information of the login platform, wherein the personnel information comprises identity information, department information and identity levels, and collects IT asset data contents checked by personnel based on the platform, the IT asset data contents comprise IT asset data types and IT asset data levels, and the login time, the collected personnel information and the checked IT asset data contents generate corresponding safe browsing logs for storage.

The data storage module is configured for distributed storage of IT asset data, in particular, IT classifies and stores IT asset data based on data distributed storage rules, and stores each IT asset data in a distributed manner within a storage space comprising computer readable storage media and/or blockchain storage nodes within a plurality of storage servers. And when the data source analysis and verification are performed, a series of TCP and UDP data packets are sent to the external service port, a response data packet returned by the external service port is received, each data item in the response data packet is detected, the data item is compared with a preset port identity data set, and the IP address and the operating system type of the external service port are obtained according to the comparison result.

The data supervision module is configured to perform security screening on IT asset data, specifically, the data supervision module performs security screening on the IT asset data stored in the data storage module periodically according to a screening period based on abnormal data screening rules, wherein the abnormal data screening rules comprise a data storage time node, a last security screening time node and a data change condition; and processing the IT asset data stored in the data storage module based on an abnormal data processing strategy, wherein the abnormal data processing strategy comprises clearing the IT asset data with an earlier data storage time node or updating the storage time node of the IT asset data according to the life cycle of the IT asset, extracting and alarming the IT asset data with the time difference between the last safety screening time and the current safety screening time being larger than the screening period, extracting and alarming the IT asset data which are not successfully matched when the characteristic contents before and after the change are extracted and compared based on the condition of data change, and the data change comprises the steps of deleting and adding the data by personnel through a platform and the falsification of the IT asset data which occurs in a safety event. Further, the data supervision module is further configured to monitor the Information Technology (IT) asset data contents which are checked and retrieved by the personnel logging in the platform based on the identity level of the personnel, and send out alarm information and generate an alarm log when the IT asset data contents which do not correspond to the identity level of the personnel are retrieved for a plurality of times.

In this embodiment, the data administration module is further configured to perform vulnerability discovery on IT asset data, where the vulnerability discovery includes:

Vulnerability scanning: traversing and matching IT asset data based on a preset vulnerability screening rule to find vulnerabilities existing in the IT asset data, extracting the IT asset data and giving an alarm when the existing vulnerabilities are found, repairing the vulnerabilities of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability finding does not occur any more after repeated scanning;

POC scanning: traversing vulnerability attack test is carried out on IT asset data based on a preset vulnerability attack code, when the attack is successful, the IT asset data is extracted and an alarm is given, the vulnerability of the IT asset data is repaired based on a vulnerability repair rule, and when the attack is not successful any more after repeated attack test, the IT asset data and a vulnerability repair log are packaged and then returned to an original storage position for storage;

Nessus scan: traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when a vulnerability is found, repairing the vulnerability of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability is found no longer after repeated scanning;

weak password scan: traversing and matching the IT asset data based on a preset weak password dictionary, repairing the loopholes of the IT asset data based on a loophole repairing rule when the weak passwords exposed by the IT asset application program are matched, and packaging the IT asset data and the loophole repairing log and returning the packaged IT asset data and the loophole repairing log to the original storage position for storage when the exposed weak passwords are not generated any more after repeated scanning.

On the system architecture of the platform, corresponding to the above modules, the whole system architecture can be divided into a data display layer with functions of data security display, asset management operation, data linkage analysis, policy management operation, task management operation, risk management operation, report management and the like, and a security service layer which provides overall data security management and control and comprises functional modules of asset management, policy management, unified API, data risk analysis, data full life cycle management, data security operation and maintenance, integration with other security platforms and the like, and correspondingly, an out-link service module, a data verification module and an identity verification module are integrated on the data display layer, and a data storage module, a data supervision module and a platform management and control module are integrated on the security service layer.

Specifically, in the detailed functions, the data security presentation refers to the data security presentation should provide a functional view of data asset situation, data risk situation, user behavior portrait, operation and maintenance visualization, abnormal operation, abnormal access, unauthorized access, high frequency access, data blood edge, etc. Asset management operation refers to providing a global data asset management view, and providing multi-dimensional data asset statistical analysis, graphic and imaging presentation, so that the data asset is displayed according to the dimension modes of category level, security domain, application and the like. The data linkage analysis refers to providing data security checking and policy query functions and providing overall security policy list presentation. Providing a policy behavior template baseline and providing an analysis matching policy function. And formulating a special inspection analysis strategy according to the current business requirement, freely combining an inspection strategy template according to the special inspection requirement, carrying out data linkage analysis according to the inspection template, and generating a corresponding analysis report according to an analysis result. Policy management operation refers to combining and calling policy management capability, and provides an upper panoramic policy management module. The task management operation refers to a platform-based task API, provides data security management and control task scheduling management, and provides a task state statistical analysis module in the dimensions of a security component, time and the like. Risk management operations refer to the analysis of data events, flows, blood edges, and sensitive data leakage risk based on data security risk policies, providing global data security risk monitoring and management modules. Report management refers to calling a security component log based on a report unified API, integrating information in a unified way, and providing a comprehensive and multidimensional report according to requirements. Asset management refers to formulating a data management standard suitable for a power grid according to the data security laws (draft) and the characteristics of power grid data, and performing visual management on the whole application asset and data asset of the power grid through a specific classification and grading method.

Further, in the specific implementation of asset management, specific are: asset overview-establishing a cascaded data asset ledger and visually exposing the storage location of the data. Providing multi-dimensional data asset statistical analysis, graphics and imaging presentation, and realizing the presentation of data assets according to the dimension modes of category level, security domain, application and the like; the classification and grading platform classifies and grades the data types according to the existing data types of the power grid company, and realizes classification and grading according to the types of the sensitive data. The data classification is mainly a view for classifying and grading the current data. The unstructured data and the structured data can be independently displayed. The unstructured data can display the type of a system in which the data is stored, provide chart display, provide data domain display for the unstructured data according to a hierarchical classification strategy, and intuitively display the use times of the unstructured data in the hierarchical classification strategy. The method can be used for respectively displaying the data of the unstructured data in the hierarchical classification level, providing various pictures for proportional display, and sorting the data with higher classification and classification level, so that the hierarchical view of the unstructured data can be intuitively known. The structured data can display the system type of the database stored by the data and provide chart display, and the structured data is provided with data domain display according to the hierarchical classification strategy, so that the use times of the structured data in the hierarchical classification strategy can be intuitively displayed. The data of the structure can be respectively displayed in the data classification level, multiple pictures can be provided for proportional display, and the data with higher classification and classification level can be sequenced, so that the classification view of the structured data can be intuitively known; the asset responsibility-confirming platform confirms the service area, service system, owner, manager, user and other factors of the data asset while realizing the data asset discovery and import, and clarifies the data asset safety management responsibility; the asset positioning-platform generates a data asset list, and records the state of the current data asset in detail, including service areas, service systems, IP addresses, library instance names, resource types, service names and the like, so that the accurate positioning of the data asset can be realized. Data index-in order to facilitate querying data asset information, to achieve rapid data asset location, the platform builds metadata ledgers on data assets, supporting efficient data asset querying.

Policy management refers to an important module as a data security management means, and includes data tags, application tags, user tags, tag classification, policy issuing, policy validation, service component policies, capability component policies, management component policies, and the like. The data risk analysis refers to data risk monitoring management, which is mainly used for monitoring and managing global data risk and comprises data event analysis, data risk analysis and data flow direction analysis. The data event analysis refers to statistics according to data asset events, and graphically displays the duty ratio of the data asset events of various levels and categories, and can select different display contents according to the data asset events of different levels and categories, wherein the display contents comprise asset names, event time and the like. The data risk trend refers to providing a data security risk trend function, classifying and counting data security events, displaying the data security events in a graph, selecting and displaying the data security events according to different time dimensions, selecting and displaying the data security events according to different event types, and distinguishing the data security events according to the event occurrence intervals, so that the data security event risk can be rapidly judged. Data flow analysis refers to data flow analysis for establishing an access relationship view of data assets and accounts. The invocation of the data asset is exposed by the time and path accessed by the account and is selectable according to a time range. And a global data asset flow direction display is established, and a data path used by a certain data asset or a certain account can be highlighted, so that the business flow of the account in using data can be rapidly positioned, and a corresponding security alarm can be given when abnormal access occurs. Full lifecycle management refers to providing security monitoring capabilities based on data collection, data transmission, etc. for a full lifecycle of data. Data security operation refers to providing operation and maintenance security supervision capabilities for structured and unstructured.

Meanwhile, the mentioned system architecture can be integrated with other security platforms, for example, a data presentation layer of the platform is integrated by docking with an information security operation monitoring and early warning system (IOS), and is integrated with the IOS by interconnecting and communicating data such as data security risks, data access analysis, data security policies and the like, and unified API (application program interface) integration is performed; the method comprises the steps of synchronously acquiring metadata information, data classification and classification information, data attribution information, data distribution information, data account information, sensitive data identification information, data quantity and other information on data asset platform management through integration with company headquarter data asset platform management, and providing basic data for data security management and control; by integrating with a company unified password service platform, synchronizing key authentication information, key management information, data certificate information, identification key information and the like, the intrusion problem caused by password leakage is solved; through integrating with the company 4A platform, the functions of unified account number, organization, role authorization, single sign-on and the like are inherited, and unified authentication management is carried out on the user identity.

Finally, the embodiment also discloses an IT asset security management method based on the IT asset security management and control platform, which comprises the following steps:

Platform management: formulating a platform operation rule, an abnormal data screening rule, an abnormal data processing strategy and a data distributed storage rule;

acquiring data: the staff login platform performs data import or performs data interaction with an external service port by adopting an external service module to realize IT asset data uploading, and performs unified formatting processing on the imported IT asset data to obtain the IT asset data in a JSON data format;

data primary screening: the data verification module performs data source verification on the input IT asset data, and performs data exception preliminary screening on the input IT asset data based on an exception data processing strategy, wherein the exception data processing strategy comprises any one of vulnerability scanning, POC scanning, nessus scanning and weak password scanning;

And (3) data storage: the data verification module performs ID labeling on the IT asset data which passes through the data primary screening, wherein the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, the out-link business module packs and compresses the IT asset data and the ID corresponding to the IT asset data, the data storage module performs classified storage on the IT asset data based on a data distributed storage rule, and the data storage module stores all the IT asset data in a storage space in a distributed manner, and the storage space comprises computer-readable storage media and/or block-chain storage nodes in a plurality of storage servers;

And (3) data supervision: the data supervision module performs security screening and vulnerability discovery on IT asset data stored in the data storage module according to a screening period on the basis of an abnormal data screening rule, wherein vulnerability discovery comprises one or more of vulnerability scanning, POC scanning, nessus scanning and weak password scanning, vulnerability scanning comprises traversing and matching the IT asset data on the basis of a preset vulnerability screening rule to discover vulnerabilities existing in the IT asset data, when the existing vulnerabilities are discovered, extracting and alarming the IT asset data, repairing the vulnerabilities of the IT asset data on the basis of a vulnerability repairing rule, and packaging the IT asset data and a repairing log for returning to an original storage position for storage when the vulnerabilities are not found any more after repeated scanning; POC scanning comprises traversing vulnerability attack test on IT asset data based on a preset vulnerability attack code, extracting the IT asset data and giving an alarm when the attack is successful, repairing the vulnerability of the IT asset data based on a vulnerability repair rule, and packaging the IT asset data and a vulnerability repair log and returning to an original storage position for storage when the attack is not successful any more after repeated attack test; the Nessus scanning comprises traversing scanning the IT asset data based on the Nessus scanning, extracting the IT asset data and giving an alarm when a vulnerability is found, repairing the vulnerability of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability is found no longer after repeated scanning; the weak password scanning comprises traversing and matching IT asset data based on a preset weak password dictionary, repairing the loopholes of the IT asset data based on a loophole repairing rule when the weak passwords exposed by an IT asset application program are matched, and packaging the IT asset data and a loophole repairing log and returning the packaged IT asset data and the loophole repairing log to an original storage position for storage when the exposed weak passwords are not generated any more after repeated scanning;

operation supervision: the identity verification module acquires personnel information of the login platform, monitors the operation content of personnel and gives an alarm when abnormality occurs.

In the embodiments provided in the present application, it should be understood that the disclosed platform and method may be implemented in other manners. For example, the embodiments of a platform architecture or system architecture described above are merely illustrative, e.g., the division of the elements is merely a logical functional division, and there may be additional divisions of actual implementation, e.g., multiple elements or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

Claims (6)

1. An IT asset security management and control platform, ITs characterized in that: the platform comprises an out-link service module, a data verification module, an identity verification module, a data storage module, a data supervision module and a platform management and control module;

The external link service module is connected with an external service port to synchronize IT asset data; the external link service module is further configured to perform unified formatting processing on the IT asset data imported by the external service port, acquire the IT asset data in the JSON data format and perform packaging compression;

The data verification module is used for verifying the data source of the input IT asset data; the data verification module is further configured to perform data source analysis check and abnormal data preliminary screening on the IT asset data in the JSON data format after the unified formatting processing, the data source analysis result is matched with an IP address corresponding to the external service port in a butt joint mode, ID marking is performed on the IT asset data without data abnormality after screening based on the abnormal data screening rule, the ID comprises data receiving time, data source IP address and content classification corresponding to the IT asset data, and the out-link service module packages and compresses the IT asset data and the ID corresponding to the IT asset data;

The identity verification module is used for verifying login information to perform operation control;

the data storage module is used for storing IT asset data in a distributed mode;

The data supervision module is used for carrying out security screening on IT asset data; the data supervision module performs security screening on IT asset data stored in the data storage module periodically according to a screening period based on an abnormal data screening rule, wherein the abnormal data screening rule comprises a data storage time node, a last security screening time node and a data change condition; the method comprises the steps of processing IT asset data stored in a data storage module based on an abnormal data processing strategy, wherein the abnormal data processing strategy comprises the steps of cleaning the IT asset data with an earlier data storage time node or updating the storage time node of the IT asset data according to the life cycle of the IT asset, extracting and alarming the IT asset data with the time difference between the last safety screening time and the current safety screening time being larger than the screening cycle, extracting and alarming the IT asset data with unsuccessful matching during the characteristic content extraction and comparison before and after the change based on the data change condition, and the data change comprises the steps of deleting and increasing the data by personnel through a platform and the tampering of the IT asset data in the safety event; the data administration module is further configured to perform vulnerability discovery on the IT asset data, the vulnerability discovery comprising:

Vulnerability scanning: traversing and matching IT asset data based on a preset vulnerability screening rule to find vulnerabilities existing in the IT asset data, extracting the IT asset data and giving an alarm when the existing vulnerabilities are found, repairing the vulnerabilities of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability finding does not occur any more after repeated scanning;

POC scanning: traversing vulnerability attack test is carried out on IT asset data based on a preset vulnerability attack code, when the attack is successful, the IT asset data is extracted and an alarm is given, the vulnerability of the IT asset data is repaired based on a vulnerability repair rule, and when the attack is not successful any more after repeated attack test, the IT asset data and a vulnerability repair log are packaged and then returned to an original storage position for storage;

Nessus scan: traversing and scanning IT asset data based on Nessus scanning, extracting the IT asset data and giving an alarm when a vulnerability is found, repairing the vulnerability of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability is found no longer after repeated scanning;

weak password scan: traversing and matching IT asset data based on a preset weak password dictionary, repairing the loopholes of the IT asset data based on a loophole repairing rule when the weak passwords exposed by an IT asset application program are matched, and packaging the IT asset data and a loophole repairing log and returning the packaged IT asset data and the loophole repairing log to an original storage position for storage when the exposed weak passwords are not generated any more after repeated scanning;

The platform management and control module is used for making and executing platform operation rules, abnormal data screening rules, abnormal data processing strategies and data distributed storage rules.

2. The IT asset security management and control platform of claim 1, wherein: the data storage module classifies and stores IT asset data based on data distributed storage rules, and stores the IT asset data in storage space in a distributed mode, wherein the storage space comprises more than one computer readable storage medium, blockchain storage nodes or readable storage medium and blockchain storage nodes in a storage server.

3. The IT asset security management and control platform of claim 1, wherein: when the data source analysis and the check are performed, a series of TCP and UDP data packets are sent to the external service port, a response data packet returned by the external service port is received, each data item in the response data packet is detected, the data item is compared with a preset port identity data set, and the IP address and the operating system type of the external service port are obtained according to the comparison result.

4. The IT asset security management and control platform of claim 1, wherein: the identity verification module verifies and collects personnel information of the login platform, wherein the personnel information comprises identity information, department information and identity levels, and collects IT asset data contents checked by personnel based on the platform, the IT asset data contents comprise IT asset data types and IT asset data levels, and the login time, the collected personnel information and the checked IT asset data contents are stored in corresponding safe browsing logs.

5. The IT asset security management and control platform of claim 1, wherein: the data supervision module is also configured to monitor the viewed and retrieved IT asset data content based on the identity level of the person logging in the platform, and when more than one time of IT asset data content which does not correspond to the identity level is retrieved, alarm information is sent out and an alarm log is generated.

6. An IT asset security management method of an IT asset security management platform according to any one of claims 1-5, characterized in that the method comprises the steps of:

Platform management: formulating a platform operation rule, an abnormal data screening rule, an abnormal data processing strategy and a data distributed storage rule;

acquiring data: the staff login platform performs data import or performs data interaction with an external service port by adopting an external service module to realize IT asset data uploading, and performs unified formatting processing on the imported IT asset data to obtain the IT asset data in a JSON data format;

data primary screening: the data verification module performs data source verification on the input IT asset data, and performs data exception preliminary screening on the input IT asset data based on an exception data processing strategy, wherein the exception data processing strategy comprises any one of vulnerability scanning, POC scanning, nessus scanning and weak password scanning;

And (3) data storage: the data verification module performs ID labeling on the IT asset data which passes through the data primary screening, wherein the ID comprises data receiving time, a data source IP address and content classification corresponding to the IT asset data, the out-link business module packs and compresses the IT asset data and the ID corresponding to the IT asset data, the data storage module performs classified storage on the IT asset data based on a data distributed storage rule, and the data storage module stores all the IT asset data in a storage space in a distributed manner, and the storage space comprises computer-readable storage media and/or block-chain storage nodes in a plurality of storage servers;

And (3) data supervision: the data supervision module performs security screening and vulnerability discovery on IT asset data stored in the data storage module according to a screening period on the basis of an abnormal data screening rule, wherein vulnerability discovery comprises one or more of vulnerability scanning, POC scanning, nessus scanning and weak password scanning, vulnerability scanning comprises traversing and matching the IT asset data on the basis of a preset vulnerability screening rule to discover vulnerabilities existing in the IT asset data, when the existing vulnerabilities are discovered, extracting and alarming the IT asset data, repairing the vulnerabilities of the IT asset data on the basis of a vulnerability repairing rule, and packaging the IT asset data and a repairing log for returning to an original storage position for storage when the vulnerabilities are not found any more after repeated scanning; POC scanning comprises traversing vulnerability attack test on IT asset data based on a preset vulnerability attack code, extracting the IT asset data and giving an alarm when the attack is successful, repairing the vulnerability of the IT asset data based on a vulnerability repair rule, and packaging the IT asset data and a vulnerability repair log and returning to an original storage position for storage when the attack is not successful any more after repeated attack test; the Nessus scanning comprises traversing scanning the IT asset data based on the Nessus scanning, extracting the IT asset data and giving an alarm when a vulnerability is found, repairing the vulnerability of the IT asset data based on a vulnerability repairing rule, and packaging the IT asset data and a vulnerability repairing log and returning to an original storage position for storage when the vulnerability is found no longer after repeated scanning; the weak password scanning comprises traversing and matching IT asset data based on a preset weak password dictionary, repairing the loopholes of the IT asset data based on a loophole repairing rule when the weak passwords exposed by an IT asset application program are matched, and packaging the IT asset data and a loophole repairing log and returning the packaged IT asset data and the loophole repairing log to an original storage position for storage when the exposed weak passwords are not generated any more after repeated scanning;

operation supervision: the identity verification module acquires personnel information of the login platform, monitors the operation content of personnel and gives an alarm when abnormality occurs.