神州泰岳

Historical data and trend analysis of enterprise security control

By deploying and applying Ultra-SecCloud products, enterprises can centrally aggregate enterprise historical security testing data to achieve historical jitter and trend analysis of the security health of individual assets and business systems.

Rich support for enterprise security management and maintenance work scenarios

Ultra-SecCloud products can help enterprises achieve complete security maintenance work scenarios such as IT asset entry security counselling, entry security inspection and acceptance, daily security inspection, special problem inspection, emergency threat inspection, and so on.

A variety of convenient and reliable enterprise IT resource access capabilities

Resource access to Ultra-SecCloud products can achieve more in-depth and detailed security testing, Ultra-SecCloud support for custom and enterprise 4A system account data, resource data synchronization interfaces, to achieve access to existing assets, while supporting the offline resource configuration in offline scripting method to obtain the ability.

Integrate, simplify and save traditional security equipment deployment

Ultra-SecCloud products can help enterprises integrate and sort out the deployment of traditional security devices such as existing security vulnerability scanning, Web security scanning, code security testing, baseline security scanning, etc., adapt to the enterprise IT architecture tending to be open and centralized planning mode, and gradually change the existing decentralized deployment mode into a centralized deployment mode, which can significantly save the deployment number of traditional security devices and save the investment in equipment, and at the same time also allows users to obtain more convenient and high-quality experience of special and comprehensive security capabilities.

Centralized release of multiple types of enterprise security control capabilities

Ultra-SecCloud products centrally release various types of information security protection, monitoring, testing, analysis, response and service capabilities of enterprises in the form of Security as a Service cloud, which support the integration of security baseline checking, system vulnerability scanning and checking, Web vulnerability scanning and checking, code security verification, special verification of weak password, App security checking, special verification of firewall policy, special verification of security domain, special verification of full-volume vulnerabilities, special verification of patch installation, special verification of log service configuration, etc. Users can choose to be equipped with various security capabilities according to their business management needs.

Emergency release of vulnerability testing service

Security testing can be carried out in time when an emergency release of vulnerability is encountered. The current products can provide Struts2 series of vulnerability testing, SSL heartbleed vulnerability, SHELL broken shell vulnerability and other major critical vulnerability testing services.

Major security services

According to the information security management business of the enterprise, the combination of testing services is encapsulated to form a service capability focusing on the security business, which can support the year-end WEB site security checking, the National Day IT assets key protection and other security services.

Daily security testing service

In the process of daily security operation and maintenance, we carry out security baseline testing, weak password testing, WEB site vulnerability scanning, system vulnerability scanning, etc. for IT assets, so as to promptly discover existing problems and rectify them in time to safeguard asset security.

Classic Cases

Remote security testing platform of China Mobile Communications Group Information Security Center

Customer Value

The project platform serves as the main implementer of security testing of Internet-exposed assets in each province of China Mobile Communications Group, reflecting the product's strong capability in asset control and security testing and risk early warning.

Technical Solutions

It identifies China Mobile's Internet-exposed asset information and asset fingerprint information through automated means, identifies China Mobile's own assets, external assets and vendors to which the assets belong, establishes asset lists, and realizes automatic identification and management of the entire life cycle of the assets. Access to a variety of heterogeneous tools for security testing in the industry, achieving unified management of heterogeneous tools in task scheduling control and data recovery and processing, has the platform had security testing capabilities such as system vulnerability scanning, Web vulnerability scanning, weak password verification, etc. The security testing is task-driven, and process infiltration and articulation are carried out in each link from the beginning to the end of security testing, so that the process of issuing security tasks, executing tasks, comprehensively analyzing and presenting testing results, rectifying security problems, reviewing security problems, reporting security problems, etc. forms a complete closed loop of risk management. The introduction of external threat intelligence enables timely control of the security status of assets (system information, application components, component status, etc.), and combined with the acquired threat intelligence, enables accurate judgement of the scope of vulnerability impact and timely warning. Web shell risk, counterfeit phishing website risk, botnet risk, and high-risk weak password risk have been collected and identified.

Application Scenarios

The core capabilities of remote detection and auditing of Internet-exposed assets, system vulnerability scanning, Web vulnerability scanning, weak password verification, vulnerability warning, etc. have played an important supporting role in daily inspections, major protection and other tasks. It implements all-round management of assets such as network-wide asset identification, automated closed-loop control of the entire life cycle of assets, IPv6 asset detection, and asset search engine. It leverages correlation and analysis of external threat intelligence with the Internet-exposed Asset Database, to discover security risks of exposed assets, and release warnings.

Software & IT Service

Cloud Value-added Services

RoamWiFi

Game

War and Order

Age of Origins

Infinite Galaxy

Software & IT Service

Cloud Value-added Services

RoamWiFi

Software & IT Service

Game

Software & IT Service

Product Description

Advantages & Features

Product Function

Emergency release of vulnerability testing service

Major security services

Daily security testing service

Classic Cases

Remote security testing platform of China Mobile Communications Group Information Security Center

Home

Solutions

Products

Company

Historical data and trend analysis of enterprise security control

Rich support for enterprise security management and maintenance work scenarios

A variety of convenient and reliable enterprise IT resource access capabilities

Integrate, simplify and save traditional security equipment deployment

Centralized release of multiple types of enterprise security control capabilities

Emergency release of vulnerability testing service

Major security services

Daily security testing service

Classic Cases

Remote security testing platform of China Mobile Communications Group Information Security Center

Customer Value

Technical Solutions

Application Scenarios