Search

CN-122001649-A - Asset data security-oriented detection and response method and system

CN122001649ACN 122001649 ACN122001649 ACN 122001649ACN-122001649-A

Abstract

The invention discloses a detection and response method and a system for asset data security, wherein the detection and response method comprises the steps of generating endpoint asset DNA and managing asset tags, carrying out sensitivity classification and life cycle tracking on the endpoint data, generating and adjusting security policies according to asset DNA, data sensitivity and threat information, automatically executing policy response operation, recording asset, data and user behaviors and generating compliance reports, and integrating with a UI, an agent and a third party security tool. The privacy and the safety of the endpoint data are accurately protected, the risk of data leakage is reduced, and the dynamic monitoring and control of sensitive data are realized.

Inventors

  • FANG XUPENG
  • SUN XUMING
  • SONG WENFANG
  • XU KEQUAN
  • LI HUI
  • HE YANG

Assignees

  • 中国电子产业工程有限公司

Dates

Publication Date
20260508
Application Date
20260203

Claims (9)

  1. 1. A method for detecting and responding to asset data security, the method comprising: Generating endpoint asset DNA and managing asset tags; Performing sensitivity classification and life cycle tracking on the endpoint data; generating and adjusting a security policy according to the asset DNA, the data sensitivity and the threat information; Automatically executing a strategy response operation; Recording assets, data, and user behavior and generating compliance reports; Integrated with the UI, agents, and third party security tools.
  2. 2. The method for detecting and responding to asset data security according to claim 1, wherein the generating endpoint asset DNA and managing asset tags specifically comprises: an endpoint asset "criticality-ownership-business flow direction" three-dimensional model; and establishing an asset DNA characterization model, and comprehensively modeling the business criticality, ownership, departments/business departments, data types, application loads and network exposure surfaces for dynamic risk judgment.
  3. 3. The method for asset data security oriented detection and response of claim 1, wherein said sensitivity classification and lifecycle tracking of endpoint data specifically comprises: Endpoint-level data governance + safety detection dual-core model; integrating data classification, sensitivity evaluation, data stream tracking and file fingerprint identification to an endpoint to realize endpoint data management; Establishing an asset value multiplied by data sensitivity multiplied by threat activity three-factor risk function; And calculating the endpoint risk in real time and dynamically adjusting the strategy.
  4. 4. The method for detecting and responding to asset data security according to claim 1, wherein the generating and adjusting security policies based on asset DNA, data sensitivity and threat intelligence comprises generating security policies based on context in real time and automatically adjusting based on data sensitivity and asset criticality.
  5. 5. The method for detecting and responding to asset data security of claim 1, wherein said automatically executing policy response operation specifically comprises: An endpoint data privacy access control fine tuning engine; And dynamically limiting peripheral access according to data sensitivity, constructing a privacy access baseline, and triggering an automatic response deviating from the baseline.
  6. 6. The asset data security oriented detection and response method of claim 1, further comprising: the endpoint data privacy access control fine tuning engine comprises dynamically limiting peripheral access according to data sensitivity, constructing a privacy access baseline, and triggering automatic response deviating from the baseline; asset lifecycle x data lifecycle double-chain governance model, implementing endpoint asset and data full-link management, including generation, storage, use, transmission, sharing, and deletion; The cross-device unified asset management comprises a support server, a PC, a mobile device, an industrial control terminal and an IoT device, and provides a unified asset abstraction model and a policy semantic model.
  7. 7. The method of claim 1, wherein the asset DNA comprises asset criticality, ownership type, department, data type distribution and network exposure plane.
  8. 8. The asset data security oriented detection and response method of claim 1, wherein the sensitivity classification employs regular matching, NLP and machine learning models for sensitive data identification.
  9. 9. An asset data security oriented detection and response system applying the asset data security oriented detection and response method of any one of the preceding claims 1-8, characterized in that the detection and response system comprises: An asset classification engine for generating endpoint asset DNA and managing asset tags; The data classification engine is used for carrying out sensitivity classification and life cycle tracking on the endpoint data; the dynamic policy engine is used for generating and adjusting a security policy according to the asset DNA, the data sensitivity and the threat information; A response orchestration engine for automatically performing policy response operations; The compliance and audit module is used for recording the asset, the data and the user behavior and generating a compliance report; The API layer is used for integrating with the UI, the agent and the third-party security tool.

Description

Asset data security-oriented detection and response method and system Technical Field The invention relates to the fields of network security and information security, in particular to a detection and response method and a system for asset data security. Background Existing endpoint safeguards rely mainly on EDR (EndpointDetection & Response) or EPP (EndpointProtectionPlatform) products, which suffer from the following drawbacks: 1. Asset management defects 1. Only stay at the asset account stage, and lack management capability for covering the full life cycle of the asset; 2. core attributes of endpoint assets (e.g., business criticality, ownership type) are not accurately defined; 3. asset data does not form management and safety governance guidelines and cannot support risk assessment. 2. Insufficient privacy management 1. Lack of quantitative analysis of data sensitivity and compliance requirements; 2. a closed-loop treatment system of asset inventory-compliance detection-risk assessment-rectification response-audit tracing is not formed; 3. the insufficient data classification and layering protection capability leads to inaccurate protection of private data and sensitive business data; 4. Asset management, data governance, and threat detection functions are each administrative, lacking in dynamic association and context awareness. Thus, existing endpoint security systems do not enable proactive, context aware, asset and data centric integrated security management. Disclosure of Invention The present invention has been made in view of the above problems, and it is an object of the present invention to provide an asset data security oriented detection and response method and system that overcomes or at least partially solves the above problems. According to one aspect of the present invention, there is provided an asset data security oriented detection and response method, the detection and response method comprising: Generating endpoint asset DNA and managing asset tags; Performing sensitivity classification and life cycle tracking on the endpoint data; generating and adjusting a security policy according to the asset DNA, the data sensitivity and the threat information; Automatically executing a strategy response operation; Recording assets, data, and user behavior and generating compliance reports; Integrated with the UI, agents, and third party security tools. Optionally, the generating the endpoint asset DNA and managing asset tags specifically includes: an endpoint asset "criticality-ownership-business flow direction" three-dimensional model; and establishing an asset DNA characterization model, and comprehensively modeling the business criticality, ownership, departments/business departments, data types, application loads and network exposure surfaces for dynamic risk judgment. Optionally, the sensitivity classification and life cycle tracking of the endpoint data specifically include: Endpoint-level data governance + safety detection dual-core model; integrating data classification, sensitivity evaluation, data stream tracking and file fingerprint identification to an endpoint to realize endpoint data management; Establishing an asset value multiplied by data sensitivity multiplied by threat activity three-factor risk function; And calculating the endpoint risk in real time and dynamically adjusting the strategy. Optionally, the generating and adjusting the security policy according to the asset DNA, the data sensitivity and the threat information specifically comprises generating the security policy in real time according to the context and automatically adjusting according to the data sensitivity and the asset criticality. Optionally, the automatic execution policy response operation specifically includes: An endpoint data privacy access control fine tuning engine; And dynamically limiting peripheral access according to data sensitivity, constructing a privacy access baseline, and triggering an automatic response deviating from the baseline. Optionally, the detecting and responding method further includes: the endpoint data privacy access control fine tuning engine comprises dynamically limiting peripheral access according to data sensitivity, constructing a privacy access baseline, and triggering automatic response deviating from the baseline; asset lifecycle x data lifecycle double-chain governance model, implementing endpoint asset and data full-link management, including generation, storage, use, transmission, sharing, and deletion; The cross-device unified asset management comprises a support server, a PC, a mobile device, an industrial control terminal and an IoT device, and provides a unified asset abstraction model and a policy semantic model. Optionally, the asset DNA includes asset criticality, ownership type, department, data type distribution, and network exposure side. Optionally, the sensitivity classification adopts regular matching, NLP and machine learning model to identify the