千寻威胁情报系统
申请试用 千寻
随着网络空间广度与深度的不断拓展,网络安全攻防双方的对抗日趋激烈,新的攻击手段不断出现,企业安全面临日益严重的威胁。传统安全思维模式与安全技术已经无法有效满足企业安全防护的需要。近年来新安全理念与新安全技术不断涌现,大家认识到网络安全仅仅靠被动防御肯定是不够的,需要的是主动获得威胁情报,持续进行更高效的检测与更快速的响应。
千寻平台是墨云科技依靠多年的安全行业经验及情报数据收集积累,打造的一款威胁情报分析和网络空间探测平台,可以为用户提供权威、及时、准确的威胁情报数据。借助千寻平台的威胁情报支撑,用户可以及时洞悉网络资产面临的安全威胁,进行准确预警。用户可以快速了解最新的安全威胁动态,从而可以实施积极主动的威胁防御和快速响应策略,同时可以结合安全数据的深度分析,全面掌握安全威胁态势,准确进行威胁追踪和攻击溯源。
千寻平台针对全网进行数据采集、攻击行为采集、安全分析。通过采集全球资产数据,关联和结合外部的威胁情报,利用数据可视化技术进行数据透视,形成资产态势、攻击态势、威胁态势等安全态势图,并以此作为关键信息基础设施整体安全监测和防护的基础。
特色与优势
全面的资产发现
综合使用主动扫描、被动监控以及第三方引擎等多种方式,对全网资产进行深度探测采集。千寻收集了大量网络关键信息基础设施及相关资产信息,囊括了全球98%的外网资产信息。千寻对全球40多亿IP地址进行不间断扫描,实时对网络空间进行精准测绘,探索网络空间资产部署及更新情况。千寻资产信息库的测绘目标包括: IP地址、资产名称、服务端口、协议名称、操作系统、设备类型、厂商属性、应用组件等等。
态势监控
千寻获取全球范围的设备类型分布趋势、Web系统的部署趋势、漏洞分布和发展趋势;它会爬取攻击情报信息、情报交易、情报热点;通过全球部署的当下热门网站系统蜜罐节点,实时监控全局攻击动态;从互联网空间每天发生的海量安全事件中,提炼最受关注的热点威胁事件,如突发漏洞、恶意样本、数据泄露事件等等;第一时间帮忙用户全面深入了解事件的技术原理,并提供自查和防护解决方案。
数据可视
具有全局多标签数据分析能力;可以结合可视化技术,对资产数据进行全方位挖掘,将现实的物理空间进行数字化3D映射;通过可视化交互钻取,能进一步看到详细的风险详情。让数字空间中每一个IP背后的资产详情,资产开放的端口、服务、组件等信息都清晰而直观。
风险评估
通过轮询资产指纹,维护存活资产库,当风险发生时,以最新漏洞POC、风险特征等规则进行专项验证,可精准描绘漏洞风险影响面,缩短验证周期。
深度指纹识别
收集近千种指纹特征数据,覆盖Web系统、容器、摄像头、工控系统、物联网设施等特征,结合机器学习算法,扫描精度更加灵敏准确,探测深度更加垂直有效。
Comprehensive asset discovery
Deeply detect and collect all-network assets by using active scanning, passive monitoring, and third-party engines. Qianxun collects a large amount of network key information infrastructure and related asset information, including 98% of the global network assets information. Qianxun continuously scans more than 4 billion IP addresses around the world, accurately maps network space in real time, and explores the deployment and update of cyberspace assets. The mapping objectives of the Qianxun Asset Information Database include: IP address, asset name, service port, protocol name, operating system, device type, vendor attributes, application components, and so on.
Situation monitoring
Qianxun acquires global device type distribution trends, Web system deployment trends, vulnerability distribution and trends. It crawls attack intelligence information, intelligence transactions, and intelligence hotspots. It monitors global attack dynamics in real time through globally deployed hot site system honeypot nodes. It refines the most popular hotspot threats, such as sudden vulnerabilities, malicious samples, data breaches, etc., from the massive security incidents that occur every day in the Internet space. It is the first time to help users fully understand the technical principles of the event and provide self-checking and protection solutions.
Data visualization
It has global multi-label data analysis capability; it can be combined with visualization technology to dig all-round asset data, and digital 3D mapping of real physical space; through visual interactive drilling, you can further see detailed risk details. Let the details of the assets behind each IP in the digital space, the open ports, services, components and other information of the assets are clear and intuitive.
Risk assessment
By polling the asset fingerprints and maintaining the surviving asset database, when the risk occurs, special verification is carried out with the latest vulnerability POC and risk characteristics, which can accurately depict the vulnerability risk impact surface and shorten the verification cycle.
Deep fingerprint recognition
It collects nearly one thousand kinds of fingerprint feature data, covering Web system, container, camera, industrial control system, and IoT facilities. Combined with machine learning algorithm, the scanning accuracy is more sensitive and accurate, and the detection depth is more vertical and effective.
架构
流程图