Abstract: In recent years, with the emergence of new applications and new business models, network security risks are rising, and active defense has gradually become one of the most important means of network security. WebRAY’s Network security individual soldier detection system is based on the ATT&CK technical framework, this system adopts innovative technologies of cyberspace resources mapping, multiengine combined exposure surface detection and full scene infiltration chain processing, integrating the practical experience of cyber asset identification,  vulnerability detection and the actual combat of attack and defense. The system can automatically achieve the complete attack chain process of "target detection, exposed surface detection, infiltration and utilization" and the traceability and evidence collection of incident investigation. It is committed to standardizing, systematizing and processizing the attack and defense confrontation capabilities. It solves the problems such as the lack of network security professionals and  the insufficient capability of internal personnel. The system is suitable for a variety of application scenarios such as attack and defense confrontation, attack and defense drills, security testing, internal training and so on.

Key words: ATTCK, cyber asset mapping, attack surface reduction, attack and defense confrontation, network security, exploit loopholes

摘要： 近年来，新应用、新业态不断涌现，网络安全风险不断升级，主动防御逐渐成为网络安全的重要手段之一.盛邦安全网络安全单兵侦测系统基于“ATT&CK”技术框架，采用网络空间资产测绘、多引擎结合的暴露面检测和全场景渗透链式处理等创新技术，融合资产识别、漏洞检测和攻防实战等实践经验，能够自动化地完成“目标侦查、暴露面检测、渗透利用”完整攻击链流程和事件调查的溯源取证，致力于将攻防对抗能力标准化、系统化、流程化.该产品有利于解决网络安全专业人才匮乏及内部人员能力不足等问题，适用于攻防对抗、攻防演练、安全测试、内部实训等多种应用场景.

关键词: ATTCK, 网络资产测绘, 暴露面收敛, 攻防对抗, 网络安全, 漏洞利用