摘要
随着网络技术的发展,信息安全越来越受到人们的重视.安全漏洞作为攻击者最常利用的攻击手段之一也受到了广泛关注.当前各大组织或企业进行漏洞管理时大都依赖于人工的方式,且缺乏统一的跟踪处置和展示分析,这样不仅效率较低而且容易出错.针对这一问题,设计了一款统一漏洞管理平台,利用一体化平台实现漏洞全生命周期的自动化闭环管理,将不同的漏洞管理功能集成在特定的功能模块中.同时使用通用的开发语言和标准的服务接口方便与其他基础服务平台系统或网络安全工具进行协同联动.实践表明,该平台可有效提高漏洞管理效能,实现了漏洞管理的集中化、流程化和自动化.
With the development of the network technology,information security has been paid more and more attention.As one of the most frequently used attacking methods,security vulnerability has also been widely concerned.At present,most organizations or enterprises rely on manual methods to manage vulnerabilities,and do not have unified tracking,disposition,display and analysis.These methods are not only inefficient but also error-prone.A unified platform for vulnerability management was proposed,which allowed the automatic closed loop controlling of the life cycle of vulnerabilities.The platform integrated different vulnerability management capabilities into specific functional modules.General development languages and standards-based service interfaces were developed to integrate this platform with other infrastructure platform systems or network security tools.Practices show that,this platform can effectively improve the performance of vulnerability management,and make vulnerability management to be centralized,streamlined and automated.
作者
刘畅
LIU Chang(Credit Card Center,Postal Savings Bank of China,Beijing 100040)
出处
《信息安全研究》
2022年第2期190-195,共6页
Journal of Information Security Research
关键词
网络安全
漏洞
自动化
生命周期
闭环管理
network security
vulnerability
automation
life cycle
closed-loop management
