Infrastructure monitoring tool for collecting industrial process control and automation system risk data

US 10,021,125 B2
Filed: 09/30/2015
Issued: 07/10/2018
Est. Priority Date: 02/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

discovering multiple devices in a computing system by a risk manager system;

grouping the multiple devices into multiple security zones by the risk manager system;

for each security zone, causing one or more devices in that security zone to provide information to the risk manager system identifying alerts and events associated with the one or more devices according to configuration data sent to the one or more devices by the risk manager system,wherein the configuration data defines the alerts and events to be provided by the one or more devices and include a management pack that defines data characterization and can be executed by one or more devices to translate the alerts and events into the information provided to the risk manager system, said management pack configured for each category with a unique configuration identifier for each type of data to be collected;

storing the information, by the risk manager system, in association with unique identifier values, the unique identifier values identifying different types of information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides an infrastructure monitoring tool, and related systems and methods, for collecting industrial process control and automation system risk data, and other data. A method includes discovering multiple devices in a computing system by a risk manager system. The method includes grouping the multiple devices into multiple security zones by the risk manager system. The method includes, for each security zone, causing one or more devices in that security zone to provide information to the risk manager system identifying alerts and events associated with the one or more devices. The method includes storing the information, by the risk manager system, in association with unique identifier values, the unique identifier values identifying different types of information.

132 Citations

23 Claims

1. A method comprising:
- discovering multiple devices in a computing system by a risk manager system;
  
  grouping the multiple devices into multiple security zones by the risk manager system;
  
  for each security zone, causing one or more devices in that security zone to provide information to the risk manager system identifying alerts and events associated with the one or more devices according to configuration data sent to the one or more devices by the risk manager system,wherein the configuration data defines the alerts and events to be provided by the one or more devices and include a management pack that defines data characterization and can be executed by one or more devices to translate the alerts and events into the information provided to the risk manager system, said management pack configured for each category with a unique configuration identifier for each type of data to be collected;
  
  storing the information, by the risk manager system, in association with unique identifier values, the unique identifier values identifying different types of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the risk manager system uses the System Center Operations Manager (SCOM) infrastructure monitoring software tool from MICROSOFT CORPORATION.
  - 3. The method of claim 1, wherein the information identifying the alerts and events is collected from at least one of the devices by at least one data adapter that is polled for the information at a configured.
  - 4. The method of claim 1, wherein the one or more devices in that security zone provide information to the risk manager system at the time of discovery and also when additional events are later detected.
  - 5. The method of claim 1, wherein the one or more devices in that security zone provide information to the risk manager system at preconfigured intervals.
  - 6. The method of claim 1, further comprising calculating risks based on the stored information by performing queries using the unique identifier values.
  - 7. The method of claim 1, further comprising categorizing the information collected from the one or more devices in each security zone to calculate risk values.
  - 8. The method of claim 1, wherein the multiple security zones according to one of:
    - a type of each device, a type of risk presented by each device, anda severity of risks presented by each device.

9. A risk manager system comprising:
- a controller; and
  
  a display;
  
  wherein the controller is configured to;
  
  discover multiple devices in a computing system;
  
  group the multiple devices into multiple security zones;
  
  for each security zone, cause one or more devices in that security zone to provide information identifying alerts and events associated with the one or more devices according to configuration data sent to the one or more devices by the controller,wherein the configuration data defines the alerts and events to be provided by the one or more devices and include a management pack that defines data characterization and can be executed by one or more devices to translate the alerts and events into the information provided to the risk manager system, said management pack configured for each category with a unique configuration identifier for each type of data to be collected; and
  
  store the information in association with unique identifier values, the unique identifier values identifying different types of information.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The risk manager system of claim 9, wherein the controller is configured to use a system uses the System Center Operations Manager (SCOM) infrastructure monitoring software tool from MICROSOFT CORPORATION.
  - 11. The risk manager system of claim 9, wherein the controller comprises a rules engine with at least one data adapter, each data adapter configured to collect the information identifying the alerts and events from at least one of the devices and to provide the collected information when polled at a configured interval.
  - 12. The risk manager system of claim 9, wherein the controller is configured to receive the information from the one or more devices in each security zone at a time of discovery and also when additional events are later detected.
  - 13. The risk manager system of claim 9, wherein the controller is configured to receive the information from one or more devices in each security zone at preconfigured intervals.
  - 14. The risk manager system of claim 9, wherein the controller is further configured to calculate risks based on the stored information by performing queries using the unique identifier values.
  - 15. The risk manager system of claim 9, wherein the controller is further configured to categorize the information collected from the one or more devices in each security zone to calculate risk values.
  - 16. The risk manager system of claim 9, wherein the multiple devices are grouped into the multiple security zones according to one of a type of each device, a type of risk presented by each device, and a severity of risks presented by each device.

17. A non-transitory machine-readable medium encoded with executable instructions that, when executed, cause one or more processors of a risk manager system to:
- discover multiple devices in a computing system;
  
  group the multiple devices into multiple security zones;
  
  for each security zone, cause one or more devices in that security zone to provide information identifying alerts and events associated with the one or more devices according to configuration data sent to the one or more devices by the risk manager system,wherein the configuration data defines the alerts and events to be provided by the one or more devices and include a management pack that defines data characterization and can be executed by one or more devices to translate the alerts and events into the information provided to the risk manager system, said management pack configured for each category with a unique configuration identifier for each type of data to be collected; and
  
  store the information in association with unique identifier values, the unique identifier values identifying different types of information.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The non-transitory machine-readable medium of claim 17, wherein the risk manager system uses the System Center Operations Manager (SCOM) infrastructure monitoring software tool from MICROSOFT CORPORATION.
  - 19. The non-transitory machine-readable medium of claim 17, further encoded with executable instructions that when executed cause the one or more processors of the risk manager system to:
    - receive the information identifying the alerts and events from at least one of the devices using at least one data adapter that is configured to be polled for the information at a configured interval.
  - 20. The non-transitory machine-readable medium of claim 17, further encoded with executable instructions that when executed cause the one or more processors of the risk manager system to:
    - receive the information from the one or more devices in each security zone at a time of discovery and also when additional events are later detected.
  - 21. The non-transitory machine-readable medium of claim 17, further encoded with executable instructions that when executed cause the one or more processors of the risk manager system to:
    - receive the information from the one or more devices in each security zone at preconfigured intervals.
  - 22. The non-transitory machine-readable medium of claim 17, further encoded with executable instructions that when executed cause the one or more processors of the risk manager system to:
    - calculate risks based on the stored information by performing queries using the unique identifier values.
  - 23. The non-transitory machine-readable medium of claim 17, wherein the multiple devices are grouped into the multiple security zones according to one of:
    - a type of each device, a type of risk presented by each device, and a severity of risks presented by each device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Talamanchi, Venkata Srinivasulu Reddy, Dietrich, Kenneth W., Boice, Eric T., Kowalczyk, Andrew W., Gadhe, Ganesh P.
Primary Examiner(s)
Parsons, Theodore C

Application Number

US14/871,732
Publication Number

US 20160234241A1
Time in Patent Office

1,014 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 41/0631   using root cause analysis; ...

H04L 41/0803   Configuration setting

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Infrastructure monitoring tool for collecting industrial process control and automation system risk data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

132 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Infrastructure monitoring tool for collecting industrial process control and automation system risk data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

132 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links