METHOD FOR RISK MANAGEMENT ANALYSIS BASED ON VULNERABILITY ASSESSMENT AND APPARATUS THEREOF

摘要

A device and a method for analyzing risk management based on network vulnerability evaluation are provided to increase analysis performance by considering relation between alarm data and vulnerability information, analyze correlation with a current countermeasure policy in addition, and use only the actually needed alarm data. A preprocessor(300) discriminates an attack type of the alarm data generated in the network according to a source/destination IP(Internet Protocol), an attack name, and presence of a port number according to a service sort. A database processor(350) collects and stores the vulnerability information for network assets by using a vulnerability analyzer. A correlation analyzer(310) associates the alarm data according to the presence of the destination IP, the attack name, and the port number, and opening of the port with the presence of the stored vulnerability information for the asset. A countermeasure processor(330) generates or revokes an alarm depending on an association result, and generates the countermeasure policy corresponding to the alarm.