WO2021070216A1 - Équipement de gestion de vulnérabilité, procédé de gestion de vulnérabilité, et programme - Google Patents

Équipement de gestion de vulnérabilité, procédé de gestion de vulnérabilité, et programme Download PDF

Info

Publication number
WO2021070216A1
WO2021070216A1 PCT/JP2019/039457 JP2019039457W WO2021070216A1 WO 2021070216 A1 WO2021070216 A1 WO 2021070216A1 JP 2019039457 W JP2019039457 W JP 2019039457W WO 2021070216 A1 WO2021070216 A1 WO 2021070216A1
Authority
WO
WIPO (PCT)
Prior art keywords
vulnerability
information
configuration information
unit
evaluation
Prior art date
Application number
PCT/JP2019/039457
Other languages
English (en)
Japanese (ja)
Inventor
朋治 中村
哲也 出村
齋藤 直樹
Original Assignee
株式会社Pfu
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社Pfu filed Critical 株式会社Pfu
Priority to JP2021550949A priority Critical patent/JP7198991B2/ja
Priority to PCT/JP2019/039457 priority patent/WO2021070216A1/fr
Publication of WO2021070216A1 publication Critical patent/WO2021070216A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a vulnerability management device, a vulnerability management method, and a program.
  • Patent Document 1 in an information processing method for processing input information input to an information processing apparatus having a control unit, the control unit acquires danger increase / decrease information, and the danger acquired by the control unit. Whether or not the value based on the input information by the control unit exceeds the first threshold range by correcting the first threshold range stored in the storage unit or the second threshold range stored in the storage unit based on the sex increase / decrease information. When the control unit determines that the first threshold range is exceeded, the control unit determines whether the number of times the determination is exceeded or the time exceeded exceeds the second threshold range, and the control unit determines that the second threshold range is exceeded. An information processing method for outputting abnormal information when it is determined that the threshold range is exceeded is disclosed.
  • Patent Document 2 information on a cyber attack detected with respect to a device targeted for a cyber attack is acquired, and an image showing the earth and an image showing the device arranged around the image showing the earth are described.
  • Image information that is placed between the surface of the image showing the earth and the image showing the device, and includes an image showing the level of the cyber attack detected with respect to the device based on the acquired information on the cyber attack.
  • a display method is disclosed, wherein a computer executes a process of generating the generated image information and outputting the generated image information.
  • Non-Patent Document 3 discloses software that integrates proactive prevention and post-response, realizes simple and quick incident response, and integrates and manages the cycle of detection, investigation, and response.
  • the purpose is to provide a vulnerability management device that can visually grasp and manage the risk level of a vulnerability.
  • the vulnerability management device includes a configuration information acquisition unit that acquires configuration information of a device connected to a predetermined network, an information collection unit that collects vulnerability information indicating applicable security measures, and the above. It has an evaluation unit that evaluates the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition unit and the vulnerability information collected by the information collection unit.
  • it further has a display unit that displays the vulnerability of each device with a symbol having a size corresponding to the evaluation result by the evaluation unit.
  • the information collecting unit collects information on an applicable patch or update program and information on an updatable virus definition file as the vulnerability information
  • the configuration information acquisition unit is a device for each device.
  • the identification information for identifying the patch or update program applied to the device and the information regarding the update of the virus definition file in each device are acquired as the configuration information.
  • the display unit displays a list of evaluation results by the evaluation unit for a plurality of devices connected to the default network.
  • the evaluation unit has an evaluation value calculated based on whether or not an applicable patch or update program has been applied to the device, and whether or not the updateable virus definition file has been updated on the device.
  • the evaluation value of each device is calculated by adding up the evaluation value calculated based on the above, and the display unit switches and displays the evaluation value before and after the total for each device.
  • the display unit superimposes a symbol having a size corresponding to the evaluation result of each device on the floor diagram in which each device is arranged or the network configuration diagram in which each device is connected. To display.
  • the display unit displays the evaluation results of the devices connected to the network in different display modes depending on whether or not the network is connected to the Internet.
  • a plurality of warning lights arranged around the place where the equipment is installed, and a warning installed around the equipment when the evaluation result by the evaluation unit for any of the equipments meets the predetermined conditions. It further has a detection unit for turning on the light.
  • the vulnerability management method includes a configuration information acquisition step for acquiring the configuration information of a device connected to a predetermined network, an information collection step for collecting vulnerability information indicating applicable security measures, and the above. It has an evaluation step for evaluating the vulnerability of each device connected to the network based on the configuration information acquired by the configuration information acquisition step and the vulnerability information collected by the information collection step.
  • the program according to the present invention includes a configuration information acquisition step for acquiring configuration information of a device connected to a predetermined network, an information collection step for collecting vulnerability information indicating applicable security measures, and the configuration information acquisition. Based on the configuration information acquired by the step and the vulnerability information collected by the information gathering step, the computer is made to execute an evaluation step for evaluating the vulnerability of each device connected to the network.
  • FIG. 1 It is a figure which illustrates the whole structure of the vulnerability management system 1. It is a figure which illustrates the hardware configuration of the vulnerability management apparatus 5. It is a figure which illustrates the functional structure of the vulnerability management apparatus 5.
  • (A) is a diagram illustrating the vulnerability information stored in the vulnerability information DB 600
  • (b) is a diagram illustrating the configuration information stored in the configuration information DB 610
  • (c) is a diagram illustrating the configuration information stored in the configuration information DB 610.
  • S10 the vulnerability visualization process
  • (A) exemplifies the display method of the evaluation value of the vulnerability origin
  • (b) exemplifies the display method of the evaluation value of the terminal origin
  • (c) exemplifies the display method of the evaluation value of the user origin.
  • (A) is an evaluation value map exemplifying a totaling mode in which the evaluation values for each user terminal 3 are totaled and displayed
  • (b) is a "circle" for the number of vulnerabilities and the evaluation value for each user terminal 3.
  • It is an evaluation value map which exemplifies the detailed mode which displays by the number and size of. It is a figure which illustrates the visualization of the evaluation value of the user terminal 3 between a company, a floor, and a department.
  • FIG. 1 is a diagram illustrating the overall configuration of the vulnerability management system 1.
  • the vulnerability management system 1 includes a plurality of user terminals 3a, user terminals 3b, user terminals 3c, user terminals 3d, vulnerability management device 5, and warning light 7, via a network 9. Are connected to each other.
  • the user terminal 3a, the user terminal 3b, the user terminal 3c, and the user terminal 3d are collectively referred to as the user terminal 3.
  • the user terminal 3 is an example of the device according to the present invention.
  • the user terminal 3 is a computer terminal or a network device operated by the user, and is a target device for vulnerability management by the vulnerability management device 5.
  • the user terminal 3 is a business server, a business PC, a router, or an IoT device.
  • the vulnerability management device 5 is a computer terminal, and manages and displays the vulnerabilities of each user terminal 3.
  • the vulnerability in the present invention refers to an information security defect caused by a program defect or a design error, and includes a risk due to unpatching and a risk due to a virus.
  • the patch means a patch, an update program, and a virus definition file.
  • the vulnerability management device 5 represents the influence of the vulnerability of the user terminal 3 connected to the network 9 based on the vulnerability information acquired from the external website and the configuration information of the user terminal 3.
  • the evaluation value is quantified, and the symbol corresponding to the evaluation value of the vulnerability is displayed.
  • the warning light 7 is a rotating light that is arranged around the installation location of the user terminal 3 and informs the surroundings of the vulnerability.
  • FIG. 2 is a diagram illustrating a hardware configuration of the vulnerability management device 5.
  • the vulnerability management device 5 includes a CPU 200, a memory 202, an HDD 204, a network interface 206 (network IF206), a display device 208, and an input device 210, and these configurations include a bus 212. They are connected to each other via.
  • the CPU 200 is, for example, a central arithmetic unit.
  • the memory 202 is, for example, a volatile memory and functions as a main storage device.
  • the HDD 204 is, for example, a hard disk drive device, and is a computer program (for example, the vulnerability management program 50 in FIG. 3) and other data files (for example, the vulnerability information database 600 in FIG.
  • the information database 610) is stored.
  • the network IF206 is an interface for wired or wireless communication, and realizes communication in the internal network 9, for example.
  • the display device 208 is, for example, a liquid crystal display.
  • the input device 210 is, for example, a keyboard and a mouse.
  • FIG. 3 is a diagram illustrating the functional configuration of the vulnerability management device 5.
  • the vulnerability management program 50 is installed in the vulnerability management device 5 of this example, and the vulnerability information database 600 (vulnerability information DB 600) and the configuration information database 610 (configuration information) are installed. DB610) is configured.
  • the vulnerability management program 50 includes a configuration information acquisition unit 500, a vulnerability information collection unit 502, a search unit 504, an evaluation unit 506, a display unit 508, and a detection unit 510.
  • a part or all of the vulnerability management program 50 may be realized by hardware such as an ASIC, or may be realized by borrowing a part of the functions of the OS (Operating System).
  • the configuration information acquisition unit 500 acquires the configuration information of the user terminal 3 connected to the network 9. Specifically, the configuration information acquisition unit 500 configures identification information for identifying a patch or update program applied to each user terminal 3 and information related to updating a virus definition file in each user terminal 3. Get as information. More specifically, the configuration information acquisition unit 500 acquires the latest OS (VL) information, user information, installed software information, and patch application status of the user terminal 3 connected to the network 9. It is stored in the configuration information DB 610. For example, the configuration information acquisition unit 500 acquires OS information, user information, and patch application status from the business server and business PC, acquires a communication path from network 9, acquires setting information from a router, and is an IoT device. Obtain Bluetooth Version, Sensor Version, Firmware Version, and Wifi Level from. When the user terminal 3 is a PC or an IoT device, the configuration information acquisition unit 500 acquires configuration information by using the API of the OS.
  • Vulnerability information collection unit 502 collects vulnerability information indicating applicable information security measures. Specifically, the vulnerability information collection unit 502 collects information on applicable patches or updates and information on updatable virus definition files as vulnerability information. More specifically, the vulnerability information collection unit 502 constantly monitors an external website that publishes vulnerability information, and when new vulnerability information is posted, collects new vulnerability information. It is stored in the vulnerability information DB 600. More specifically, the vulnerability information collection unit 502 collects software, the degree of risk, and the presence or absence of patches as vulnerability information from an external website. External websites refer to, for example, JVN (vulnerability information), IPA, ESET, Trend Micro, SOURCENEXT (virus information), Microsoft (patch information), and McAfee (definition information) sites.
  • JVN vulnerability information
  • IPA IPA
  • ESET Trend Micro
  • SOURCENEXT virus information
  • Microsoft patch information
  • McAfee definition information
  • Vulnerability information collection unit 502 acquires vulnerability information by analyzing the contents of APIs and Web pages published on these websites.
  • the risk level of the vulnerability that can be obtained from an external website is the standardized value CVSSv2 or CVSSv3.
  • the vulnerability information collecting unit 502 is an example of the information collecting unit according to the present invention.
  • the search unit 504 searches for the user terminal 3 that is the target of the new vulnerability information. Specifically, the search unit 504 searches the configuration information DB 610 for the user terminal 3 that needs to be dealt with based on the vulnerability information collected by the vulnerability information collecting unit 502.
  • the display unit 508 is a symbol having a size corresponding to the evaluation result by the evaluation unit 506, and displays the vulnerabilities of each of the user terminals 3. Specifically, the display unit 508 displays a symbol having a size corresponding to the evaluation value calculated by the evaluation unit 506 in association with the user terminal 3. Also, The display unit 508 displays a list of evaluation results by the evaluation unit 506 for a plurality of user terminals 3 connected to the network 9. Further, the display unit 508 switches and displays the evaluation values before and after the summation for each user terminal 3. Specifically, the display unit 508 switches between a total mode for displaying the total evaluation value for each user terminal 3 and a detailed mode for displaying the evaluation value in the user terminal 3 separately.
  • the display unit 508 has a size corresponding to the evaluation result of each user terminal 3 with respect to the floor diagram in which each user terminal 3 is arranged or the network configuration diagram to which each user terminal 3 is connected.
  • the symbols are superimposed and displayed. Specifically, the display unit 508 superimposes the user terminal 3 having the evaluation value calculated by the evaluation unit 506 on the layout diagram or the floor diagram of the user terminal 3 to generate an evaluation value map. Further, the display unit 508 displays the evaluation result of the user terminal 3 connected to the network in a different display mode depending on whether or not the network is connected to the Internet.
  • the detection unit 510 turns on the warning light installed around the user terminal 3.
  • FIG. 4A is a diagram illustrating vulnerability information stored in the vulnerability information DB 600
  • FIG. 4B is a diagram illustrating configuration information stored in the configuration information DB610
  • FIG. 4C is a diagram illustrating the configuration information stored in the configuration information DB610.
  • the vulnerability information DB 600 includes a vulnerability ID that identifies the vulnerability, the target software that the vulnerability affects, and the degree of risk that quantifies the risk of the vulnerability.
  • the patch name corresponding to the vulnerability is stored. As illustrated in FIG.
  • the configuration information DB 610 contains a terminal ID that identifies the user terminal 3, OS information of the user terminal 3, user identification information of the user terminal 3, and a patch application status. It is stored. As illustrated in FIG. 4C, the configuration information DB 610 further stores the terminal ID that identifies the user terminal 3, the software of the user terminal 3, and the patch application status as software configuration information. To.
  • FIG. 5 is a flowchart illustrating the vulnerability visualization process (S10) by the vulnerability management device 5.
  • the vulnerability information collecting unit 502 constantly monitors an external website that discloses the vulnerability information.
  • step 105 when the vulnerability information collection unit 502 detects that new vulnerability information has been posted on an external website, it proceeds to S110 and does not detect new vulnerability information. Then, move to S100 and continue monitoring.
  • step 110 the vulnerability information collecting unit 502 collects the newly posted vulnerability information. Specifically, the vulnerability information collection unit 502 collects the target software, the degree of risk, and the presence / absence of patches of the newly posted vulnerability information, and stores them in the vulnerability information DB 600.
  • the vulnerability information collecting unit 502 notifies the search unit 504 of the collected vulnerability information.
  • the configuration information acquisition unit 500 acquires the latest configuration information of the user terminal 3 connected to the network 9. Specifically, the configuration information acquisition unit 500 acquires the OS information, user information, installed software information, and patch application status of the user terminal 3 and stores them in the configuration information DB 610.
  • step 120 the search unit 504 searches the configuration information stored in the configuration information DB 610 for whether or not the user terminal 3 corresponding to the vulnerability information notified by the vulnerability information collection unit 502 exists. ..
  • step 125 when the corresponding user terminal 3 exists as a result of the search by the search unit 504, the vulnerability visualization process (S10) shifts to S130, and when the corresponding user terminal 3 does not exist. , S100.
  • step 130 the evaluation unit 506 calculates an evaluation value based on the application status of the patch of the user terminal 3 corresponding to the new vulnerability information and the vulnerability remaining in the user terminal 3.
  • step 135 the display unit 508 displays the evaluation value calculated by the evaluation unit 506 on the vulnerability management device 5. Further, the display unit 508 displays the evaluation value of the user terminal 3 on the vulnerability management device 5 with a symbol (for example, the size of a “circle”) corresponding to the evaluation value.
  • FIG. 6 is a diagram illustrating a method of displaying the evaluation value.
  • FIG. 6A exemplifies a method of displaying an evaluation value of a vulnerability origin
  • FIG. 6B exemplifies a method of displaying an evaluation value of a terminal origin
  • FIG. 6C exemplifies a method of displaying an evaluation value of a user origin. Is illustrated.
  • the display unit 508 displays the evaluation value from the vulnerability origin, the terminal origin, and the user origin.
  • FIG. 6A in the method of displaying the starting point of a vulnerability, a list of terminals affected by a certain vulnerability and an evaluation value is displayed.
  • the evaluation value of the user terminal 3 for each vulnerability can be displayed in a list by using the target software of the vulnerability information as a key.
  • the evaluation values for each terminal are displayed in a list using the terminal ID of the configuration information as a key.
  • the risk indicating the risk of not applying the patch, the risk indicating the risk of the virus, and the evaluation value which is the total of these are displayed by numerical values and symbols. Further, at the terminal starting point, by setting the importance of the user terminal 3, it is possible to change the notification method to the user when the vulnerability is not addressed.
  • a mailing list can be set for notifications that are not vulnerable to the user terminal 3, which has a high degree of importance.
  • the vulnerability can be dealt with systematically.
  • a user's responsible terminal is obtained by acquiring a list of terminals operated by the same user based on the configuration information and calculating an evaluation value for each terminal. List the evaluation values of.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • the vulnerability management device 5 notifies a preset mailing list to which the user belongs when the user's response is delayed.
  • FIG. 7A is an evaluation value map exemplifying a totaling mode in which evaluation values for each terminal are totaled and displayed
  • FIG. 7B is a number of “circles” for the number of vulnerabilities and evaluation values for each terminal. It is an evaluation value map which exemplifies the detailed mode which displays by the size.
  • the display unit 508 calculates evaluation values for all user terminals 3 and generates an evaluation value map by combining the evaluation values with the layout of the user terminals 3. As illustrated in FIG. 7A, the display unit 508 displays the evaluation value for each user terminal 3 in the size of one symbol “circle” in the total mode. As illustrated in FIG.
  • the display unit 508 displays the number of vulnerabilities and the evaluation value for each user terminal 3 by the number and size of “circles”. Further, the user can display the information of the user terminal origin and the information of the vulnerability origin by selecting the user terminal 3 on the evaluation value map.
  • the evaluation value map can immediately identify the physical position of the user terminal 3 having a high evaluation value of vulnerability.
  • the content of the vulnerability can be understood, and the necessary countermeasures can be specified.
  • FIG. 8 is a diagram illustrating visualization of the evaluation value of the user terminal 3 between companies, floors, and departments.
  • the display unit 508 represents the relevance on the network based on the amount of communication between the user terminals 3.
  • the thickness of the line in the figure is proportional to the amount of communication.
  • the security administrator can view the evaluation value map on the "floor” of the "4F” by selecting “4F” of "company-wide” in FIG. 8, and further select “B” of the "floor”. This makes it possible to browse the evaluation value map in the "department” corresponding to "B". Displaying the traffic volume and the evaluation value of the vulnerability together makes it possible to identify the range affected by the vulnerability.
  • the display unit 508 makes it possible to distinguish the closed environment, which is generally not patchable and always tends to have a high risk, by displaying the closed environment in different colors.
  • the evaluation value is calculated based on the vulnerability information collected from the external website and the configuration information of the user terminal 3, and the calculated evaluation value is used as a symbol. Represent.
  • the security administrator can intuitively grasp the danger.
  • an evaluation value display method it is possible to display based on different starting points, so that it is possible to grasp the danger from multiple aspects.
  • the range of impact of the vulnerability can be visually grasped, and the priority of response to the vulnerability can be set. It will be possible.
  • Vulnerability management system 3 ... User terminal 5 ... Vulnerability management device 7 ... Warning light 9 ... Network 50 ... Vulnerability management program 500 ... Configuration information acquisition unit 502 . Vulnerability information collection unit 504 ... Search unit 506 ... Evaluation unit 508 ... Display unit 510 ... Detection unit 600 ... Vulnerability information database 610 ... Configuration information database

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

L'équipement de gestion de vulnérabilité (5) comprend : une unité d'acquisition d'informations de configuration (500) qui acquiert des informations de configuration concernant des dispositifs connectés à un réseau prescrit ; une unité de collecte d'informations de vulnérabilité (502) qui collecte des informations de vulnérabilité indiquant des mesures de sécurité applicables ; et une unité d'évaluation (506) qui évalue la vulnérabilité de chaque dispositif connecté au réseau d'après les informations de configuration acquises par l'unité d'acquisition d'informations de configuration (500) et les informations de vulnérabilité collectées par l'unité de collecte d'informations de vulnérabilité (502). L'équipement de gestion de vulnérabilité (5) comprend également une unité d'affichage (508) qui indique la vulnérabilité de chaque dispositif à l'aide de symboles ayant des tailles correspondant aux résultats de l'évaluation réalisée par l'unité d'évaluation (506).
PCT/JP2019/039457 2019-10-07 2019-10-07 Équipement de gestion de vulnérabilité, procédé de gestion de vulnérabilité, et programme WO2021070216A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2021550949A JP7198991B2 (ja) 2019-10-07 2019-10-07 脆弱性管理装置、脆弱性管理方法、及びプログラム
PCT/JP2019/039457 WO2021070216A1 (fr) 2019-10-07 2019-10-07 Équipement de gestion de vulnérabilité, procédé de gestion de vulnérabilité, et programme

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2019/039457 WO2021070216A1 (fr) 2019-10-07 2019-10-07 Équipement de gestion de vulnérabilité, procédé de gestion de vulnérabilité, et programme

Publications (1)

Publication Number Publication Date
WO2021070216A1 true WO2021070216A1 (fr) 2021-04-15

Family

ID=75437057

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2019/039457 WO2021070216A1 (fr) 2019-10-07 2019-10-07 Équipement de gestion de vulnérabilité, procédé de gestion de vulnérabilité, et programme

Country Status (2)

Country Link
JP (1) JP7198991B2 (fr)
WO (1) WO2021070216A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06282527A (ja) * 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd ネットワーク管理システム
US20040006704A1 (en) * 2002-07-02 2004-01-08 Dahlstrom Dale A. System and method for determining security vulnerabilities
JP2004054706A (ja) * 2002-07-22 2004-02-19 Sofutekku:Kk セキュリティリスク管理システム、そのプログラムおよび記録媒体
JP2006066982A (ja) * 2004-08-24 2006-03-09 Hitachi Ltd ネットワーク接続制御システム
JP2015138509A (ja) * 2014-01-24 2015-07-30 株式会社日立システムズ 脆弱性リスク診断システム及び脆弱性リスク診断方法
US20180309782A1 (en) * 2017-03-15 2018-10-25 Trust Networks Inc. Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06282527A (ja) * 1993-03-29 1994-10-07 Hitachi Software Eng Co Ltd ネットワーク管理システム
US20040006704A1 (en) * 2002-07-02 2004-01-08 Dahlstrom Dale A. System and method for determining security vulnerabilities
JP2004054706A (ja) * 2002-07-22 2004-02-19 Sofutekku:Kk セキュリティリスク管理システム、そのプログラムおよび記録媒体
JP2006066982A (ja) * 2004-08-24 2006-03-09 Hitachi Ltd ネットワーク接続制御システム
JP2015138509A (ja) * 2014-01-24 2015-07-30 株式会社日立システムズ 脆弱性リスク診断システム及び脆弱性リスク診断方法
US20180309782A1 (en) * 2017-03-15 2018-10-25 Trust Networks Inc. Method and Apparatus for Determining a Threat Using Distributed Trust Across a Network

Also Published As

Publication number Publication date
JP7198991B2 (ja) 2023-01-05
JPWO2021070216A1 (fr) 2021-04-15

Similar Documents

Publication Publication Date Title
CN106576052B (zh) 分析工业控制环境中的网络安全性风险
CN106716953B (zh) 控制系统中的网络安全风险的动态量化
US9507936B2 (en) Systems, methods, apparatuses, and computer program products for forensic monitoring
JP2019501436A (ja) アプリケーションのセキュリティ及びリスクの評価及び試験のためのシステム及び方法
US10853487B2 (en) Path-based program lineage inference analysis
US11308219B2 (en) System and method for multi-source vulnerability management
US11025660B2 (en) Impact-detection of vulnerabilities
US11546365B2 (en) Computer network security assessment engine
US20130254524A1 (en) Automated configuration change authorization
WO2012132124A1 (fr) Dispositif de visualisation du niveau de sécurité
CN113411302B (zh) 局域网设备网络安全预警方法及装置
JP2007164465A (ja) クライアントセキュリティ管理システム
CN115733646A (zh) 网络安全威胁评估方法、装置、设备及可读存储介质
CN112650180B (zh) 安全告警方法、装置、终端设备及存储介质
JP7396371B2 (ja) 分析装置、分析方法及び分析プログラム
JP7198991B2 (ja) 脆弱性管理装置、脆弱性管理方法、及びプログラム
JP6780326B2 (ja) 情報処理装置及びプログラム
KR20190070728A (ko) 시계열 데이터의 에러를 확인하는 방법 및 장치
WO2021070217A1 (fr) Équipement de gestion de mesures de sécurité, procédé de gestion de mesures de sécurité et programme
CN112825059B (zh) 安全性确定方法、装置及电子设备
Oser et al. Evaluating the Future Device Security Risk Indicator for Hundreds of IoT Devices
JP5731586B2 (ja) ツールバーを介した二重アンチフィッシング方法及びアンチフィッシングサーバ
US10250644B2 (en) Detection and removal of unwanted applications
KR20200071995A (ko) 정보자산의 실시간 위협 대응 시스템
JP7235109B2 (ja) 評価装置、システム、制御方法、及びプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19948328

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021550949

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19948328

Country of ref document: EP

Kind code of ref document: A1