How Huolala Built a Comprehensive Security Asset Map for Cloud‑Native Environments

Preface

As Huolala's business expands, its Information Security Department built a security asset library based on industry asset mapping practices, creating an asset space map to support the security system.

1. Construction Background

1.1 Asset Pain Points

Assets are unclear, incomplete, and inaccurate, leading to insufficient security coverage.

Asset granularity is insufficient; security needs service, process, port, and version details beyond ITAM/CMDB.

Low asset correlation; assets are isolated without links to business, vulnerabilities, or risks.

1.2 Security Asset Definition

According to GB/T 20984‑2007/2022, an asset is any information or resource valuable to an organization and protected by security policies. Assets are classified into business, system, component, and unit layers.

From an attacker’s perspective, security assets include all digital assets that could be exploited.

1.3 Asset Demand Scenarios

Collected internal team use cases:

Security Operations : Export public domain/IP exposure, check WAF/SSO coverage; recall server assets for agent installation verification.

Security Incident Response : Quickly query asset service numbers or visual platform; assess affected assets during vulnerability outbreaks.

Security Assessment & Review : Provide full‑link asset inventory for risk assessment and compliance.

Office Operations : List office PC assets and software for patching and license compliance.

2. Asset Mapping Scheme

2.1 Mapping Idea

We construct asset point‑line‑plane : points (servers, terminals) → lines (link relationships) → planes (business contexts) → an asset space map.

2.2 Overall Scheme

The scheme consists of four layers: asset collection (internal & external) → Asset Detection (aggregation, recall, enrichment) → Asset Drawing (tagging, linking) → Asset Service .

2.3 Asset Detection Module

Internal Detection

Combine internal asset metadata with security probes (custom agents, IDS, automated scans, crawlers) to recall and enrich internal assets, synchronizing daily (or every 10 minutes for critical data).

External Detection

Gather public‑facing assets (domains, IPs, app IDs, mini‑programs, etc.) from various internet data sources.

2.4 Asset Drawing Module

Based on typical production‑network deployments, we draw asset lines from north‑south and east‑west request flows, linking services, databases, and hosts.

Application‑level links are built by probing HTTPS endpoints, identifying middle‑ware (WAF, Kong, SLB), and correlating host and process data.

Sensitive asset chains are generated by linking classified database tables with trace monitoring and external API exposure.

2.5 Asset Visualization

Using a graph database, multi‑dimensional asset attributes and relationships are visualized as a knowledge graph.

3. Security Asset Outcomes

3.1 Asset Ledger

Iteratively built a unified asset ledger by integrating CMDB, IT assets, RDS, OSS, and various security detections (HIDS, NIDS, EDR, cloud firewall, scans, public crawlers), feeding back to CMDB and exposing asset services.

3.2 Detection Results

Key metrics include asset completeness, public domain coverage, IP recall, and public exposure, guiding remediation of orphaned or risky assets.

3.3 Asset Drawing Results

Examples show detailed server information, port lists, and topology for a given IP, as well as sensitive data link traces.

4. Conclusion and Outlook

Asset mapping is foundational for information security. Huolala’s security team has built a comprehensive asset library covering information, data, and service assets, and continues to iterate, service‑ify, and visualize assets using graph databases to enable automated risk assessment across the full business chain.