Advanced asset tracking and correlation
First Claim
1. A security management system comprising:
- an asset database operable to store a plurality of asset entries, wherein each asset entry in the asset database is associated with an asset of a network; and
an asset correlation engine in communication with the asset database, wherein the asset correlation engine is operable to;
receive a data chunk associated with a target asset of the network;
parse the data chunk to identify an attribute in the data chunk, wherein the identified attribute is one of a strongly correlated attribute, a moderately correlated attribute, and a loosely correlated attribute with respect to the target asset;
determine an attribute weight for the identified attribute, wherein an attribute weight of the highly correlated attribute is 1.5 to 40 times as large as an attribute weight of the moderately correlated attribute, and wherein the attribute weight of the moderately correlated attribute is 1.5 to 25 times as large as an attribute weight of the loosely correlated attribute;
generate an asset score for an asset entry in the asset database using the attribute weight; and
create a new asset entry in the asset database for the target asset in response to determining the asset score is less than a predetermined threshold value, wherein the data chunk is associated with the new asset entry in the asset database.
1 Assignment
0 Petitions
Accused Products
Abstract
A security management system may be remotely deployed (e.g., using a cloud-based architecture) to add security to an enterprise network. For example, the security management system may scan assets within the enterprise network for vulnerabilities and may receive data chunks from these scans. The security management system may also receive data chunks from other sources, and, as a result, the system may handle data chunks having many different formats and attributes. When the security management system tries to associate data chunks to assets, there may not be a globally unique identifier that is applicable for all received data chunks. Provided in the present disclosure are exemplary techniques for tracking assets across a network using an asset correlation engine that can flexibly match data chunks to assets based on the attribute or attributes that are available within the data chunks.
19 Citations
20 Claims
-
1. A security management system comprising:
-
an asset database operable to store a plurality of asset entries, wherein each asset entry in the asset database is associated with an asset of a network; and an asset correlation engine in communication with the asset database, wherein the asset correlation engine is operable to; receive a data chunk associated with a target asset of the network; parse the data chunk to identify an attribute in the data chunk, wherein the identified attribute is one of a strongly correlated attribute, a moderately correlated attribute, and a loosely correlated attribute with respect to the target asset; determine an attribute weight for the identified attribute, wherein an attribute weight of the highly correlated attribute is 1.5 to 40 times as large as an attribute weight of the moderately correlated attribute, and wherein the attribute weight of the moderately correlated attribute is 1.5 to 25 times as large as an attribute weight of the loosely correlated attribute; generate an asset score for an asset entry in the asset database using the attribute weight; and create a new asset entry in the asset database for the target asset in response to determining the asset score is less than a predetermined threshold value, wherein the data chunk is associated with the new asset entry in the asset database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
providing a plurality of asset entries in an asset database, wherein each asset entry in the asset database is associated with an asset of a network; receiving, by an asset correlation engine in communication with the asset database, a data chunk associated with a target asset of the network; parsing, by the asset correlation engine, the data chunk to identify an attribute in the data chunk, wherein the identified attribute is one of a strongly correlated attribute, a moderately correlated attribute, and a loosely correlated attribute with respect to the target asset; determining, by the asset correlation engine, an attribute weight for the identified attribute, wherein an attribute weight of the highly correlated attribute is 1.5 to 40 times as large as an attribute weight of the moderately correlated attribute, and wherein the attribute weight of the moderately correlated attribute is 1.5 to 25 times as large as an attribute weight of the loosely correlated attribute; generating, by the asset correlation engine, an asset score for an asset entry in the asset database using the attribute weight; and creating, by the asset correlation engine, a new asset entry in the asset database for the target asset in response to determining the asset score is less than a predetermined threshold value, wherein the data chunk is associated with the new asset entry in the asset database. - View Dependent Claims (18, 19, 20)
-
Specification