In recent years, with the rise of the concept of actual attack and defense, security managers have gradually discovered that traditional vulnerability scanning tools have obvious disadvantages in actual attack and defense confrontation: their disadvantages of indiscriminate, high false positives, and low returns have become a constraint on their own development. Offensive and defensive confrontation requirements vary widely. In order to meet the needs of current users in vulnerability identification and detection, Hua Yunan has created an enterprise-level lightweight vulnerability discovery and detection tool – Lingjian Weakness Identification and Detection System Ai.Scan (hereinafter referred to as Lingjian).
Deep integration of demand and technology, the first choice for enterprise-level lightweight vulnerability detection
Lingjian transforms Hua Yun’an’s long-term experience in vulnerability mining and actual attack and defense into AI models and PoC verification models, aiming at practical scenarios such as 1-day vulnerability emergency, attack and defense drills, and high-quality vulnerability mining, to provide users with high-quality Vulnerability detection. Lingjian supports a variety of offensive and defensive scenarios, including asset detection, weak password detection, web vulnerability detection, host vulnerability detection, and baseline configuration verification.
Lingjian originates from the industry and serves the industry. Huayunan has deeply integrated its in-depth understanding of industry user needs with innovative technologies over the past two years, making it possible to identify and detect security vulnerabilities more accurately and efficiently, and to scan and respond more quickly. At the same time, the bottom layer of Lingjian uses cloud-native technology architecture. We hope that Lingjian can become a handy tool for user vulnerability detection in the turbulent cloud-native era, and become a must for enterprises to deploy proactive defense strategies for actual offensive and defensive confrontation.
Lingjian is committed to helping users easily build practical defense capabilities and make security weaknesses invisible. It maximizes the value of technological innovation and presents and releases:
1 Active and passive two-pronged approach, knowledge graph empowers fingerprint detection
Lingjian detects asset open port information and fingerprint information based on active and passive modes. Based on deep learning algorithms, knowledge map fingerprint database and built-in 17000+ self-developed detection rules, it can accurately analyze and identify target fingerprint information.
2 Harmless PoC vulnerability detection with close to 0 false positives
From the perspective of offensive and defensive combat, Lingjian adopts the PoC method to conduct principle + self-verification detection, with an accuracy of over 98%, freeing security personnel from the trouble of false negatives and false positives. Through automated filtering and screening, Lingjian focuses on vulnerabilities that are highly harmful to customers and can be highly utilized, greatly improving customer work efficiency. Unlike traditional scanners that use a large number of rules and full tests to put an excessive burden on the business system, Lingjian combines the fingerprint engine to scan accurately and efficiently, and can complete the vulnerability detection of thousands of assets in just 10 minutes. At the same time, Lingjian makes full use of Go’s technical advantages in multi-threading and high concurrency, and dynamically controls the detection process based on AI algorithms to achieve fast and efficient.
3 Jet-free scanning and response
Lingjian adopts the streaming data output mode, which realizes a zero-day fast response, and solves the drawback that the traditional missed scan tool cannot obtain the result before the scan is completed. Report vulnerabilities to users as soon as they are discovered, so that vulnerabilities can be dealt with quickly and the exposure time of risks can be shortened.
4 Cloud-native architecture with scalable functions
The bottom layer of Lingjian uses cloud-native technology architecture, and all components are deployed in the form of microservices. At the same time, with business upgrades and demand expansion, users can expand functions and scanning capabilities by upgrading certificates, and can quickly upgrade products without additional deployment or purchase of other products.
Vulnerabilities are an important source of cyber attacks and the core of security. Comprehensive discovery and identification of vulnerabilities and weaknesses in existing assets is the first step in building a cyber defense. Lingjian will become the “whistleblower” of vulnerability security, providing strong support for the strategic deployment of actual combat defense of enterprises, and helping enterprises to achieve rapid defense and effective defense.
At the same time, Lingjian’s vulnerability identification and detection system and Lingdong’s adaptive threat and vulnerability management system are in the same line. They are the result of the long-term tracking and research of global vulnerability attack and defense dynamics by dozens of security experts of Huayun’an, as well as the rich experience of actual attack and defense confrontation. manifest.
The Links: NL8048BC19-02C MG15N6ES42