中文/English
Product introduction
Xunshao is an intelligent asset risk monitoring system developed by MoreSec Technology, which helps enterprises discover unknown assets from an attacker's perspective and continuously monitor assets on and off the networks and clouds through vulnerability risk, high-risk services, external threat intelligence and other dimensions to help enterprises efficiently respond to the latest security risks and achieve transparent asset management and security risk monitoring.
Product advantages
Sorting out known and unknown assets intelligently
Discover and sort out Active and passive asset automatically. Detect unknown networks actively and discover known networks passively. Realize full asset discovery and lifecycle management through machine learning models to complete associated assets and asset information.
Comprehensive monitoring on asset security risks
2000+ application vulnerability detection strategies, 1000+ third-party components, 17W+ compliance risk vulnerability information, black and grey market organizations association information, comprehensive and in-depth security risk monitoring to help enterprises control asset security risks.
Establish regular security operations
7*24-hour monitoring, timely emergency response for the latest high-risk security vulnerabilities. Help enterprises quantify threats in real time, realize normalized security operations and shorten the emergency response time of enterprises.
Integration with asset & vulnerability management platforms
With fully open API, it can be integrated with organizations CMDB, SCCM and other asset management platforms to improve the discovery efficiency on unknown assets and unify asset management Asset risk information can be imported and exported through open interfaces, which can be integrated with internal JIRA, Bugzilla and professional vulnerability management platforms, seamlessly connected with existing workflows.
Product features
Full lifecycle management of assets
From the attacker's point of view, we adopt professional collection means for unknown asset discovery and asset change detection. Through machine learning models it can analyze the correlation between assets and automatically sort out asset types, services and frameworks, helping enterprises to manage their assets transparently and intelligently.
Security Vulnerability Detection
Thousands of the latest vulnerability scanning plug-ins are updated in real time. It can automatically sense changes of business assets and deeply detect application vulnerabilities, service vulnerabilities, operation and maintenance vulnerabilities and other vulnerability risks. Each plug-in has undergone hundreds of automated tests and false alerts analysis to achieve zero false alarm in vulnerability detection.
Sensitive information anti-leakage
With assets as the core, we comprehensively monitor exposed asset information and associated sensitive organizations information, and link with threat intelligence to promptly discover security risks caused by core asset leakage, code leakage, employee information leakage, new vulnerability outbreaks, blackmail activities, etc.
Round-the-clock emergency response
7*24 hours monitoring of the latest high-risk security vulnerabilities and fulfilling emergency response. It can quickly locate affected assets, helping enterprises to respond to high-risk security risks timely and avoid losses by providing users with a vulnerability detection plug-in.
Case study
The customer profile
The customer is a large domestic organizations.
Business challenges
The customer owns massive IT assets. At present, security scanning will be done every quarter or every six months. The scanning only focuses on the system vulnerability and Web vulnerability detection, without effective audition and management on the online, offline and update of assets. Most of the traditional security scanning tools focus on version scanning with high false alert on the result of security vulnerability scanning, which wastes a lot of security manpower. At the same time, it cannot detect the security risks of "code leakage", "account leakage" and other sensitive information leakage caused by the lack of security awareness of internal employees.
The solution
The system connects to the organizations network in bypass mode, detects assets on the entire network based on known asset characteristics, automatically identifies all assets on the internal and external networks, and implements frequent asset status monitoring. According to the update status of assets, the method of periodic full scan + passive incremental scan are adopted to help enterprises automate the sorting of network assets, visualize management of assets from the perspective of business, deeply associate security risks with assets, and establish a perfect asset and vulnerability lifecycle management process.
Project value
According to the business challenges faced by enterprises, we implement effective asset and vulnerability lifecycle management solutions to help enterprises implement asset and vulnerability lifecycle management processes.
Customer feedback
Through the detection on whole network asset, it effectively helps us to find much unknown assets, and finally find the corresponding staffs that are in charge for these assets. By means of periodic full scan and passive incremental scan, we can effectively solve the problems like large amount of IT assets and low scanning efficiency. The combination of asset management and vulnerability management can improve the overall efficiency of our security management and the overall security status of the organizations.
Copyright © 2023 MoreSec Technology. All rights reserved
