Geo-mapping system security events

US 10,038,708 B2
Filed: 05/28/2016
Issued: 07/31/2018
Est. Priority Date: 12/29/2011
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

identifying a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;

identifying a particular grouping of assets in a plurality of asset groupings defined for devices within the particular computing system as including the particular computing device;

identifying a source of the particular security event, wherein the source is associated with at least one second computing device;

associating the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and

generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;

a geographical map background element representing geographic locations;

a plurality of graphical background elements representing each of the plurality of asset groupings, wherein each of the plurality of graphical background elements are to be presented outside the geographical map in the graphical representation;

a first graphical element representing the particular computing device, wherein the first graphical element is overlaid on a particular one of the graphical background elements to represent the particular computing device as included in the particular grouping of assets, anda second graphical element representing the source, wherein the second graphical element is overlaid on one of the geographical map background element or one of the plurality of graphical elements to respectively represent the source as associated with the geographic location or one of the groupings of assets included in the plurality of asset groupings.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A particular security event is identified that has been detected as targeting a particular computing device included in a particular computing system. A particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular computing device. A source of the particular security event is also identified and at least one of a geographic location and a grouping of assets in the plurality of asset groupings is associated with the identified source. Data is generated that is adapted to cause a presentation of a graphical representation of the particular security event on a display device, the graphical representation including a first graphical element representing the particular computing device as included in the particular grouping of assets and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets.

26 Citations

View as Search Results

20 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identifying a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
  
  identifying a particular grouping of assets in a plurality of asset groupings defined for devices within the particular computing system as including the particular computing device;
  
  identifying a source of the particular security event, wherein the source is associated with at least one second computing device;
  
  associating the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
  
  generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
  
  a geographical map background element representing geographic locations;
  
  a plurality of graphical background elements representing each of the plurality of asset groupings, wherein each of the plurality of graphical background elements are to be presented outside the geographical map in the graphical representation;
  
  a first graphical element representing the particular computing device, wherein the first graphical element is overlaid on a particular one of the graphical background elements to represent the particular computing device as included in the particular grouping of assets, anda second graphical element representing the source, wherein the second graphical element is overlaid on one of the geographical map background element or one of the plurality of graphical elements to respectively represent the source as associated with the geographic location or one of the groupings of assets included in the plurality of asset groupings.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The storage medium of claim 1, wherein the source is associated with a particular geographic location included in the view of the geographic map and the particular geographic location is identified from a device identifier associated with the source.
  - 3. The storage medium of claim 1, wherein the graphical representation further includes a representation of two or more asset groupings in the plurality of asset groupings, the two or more asset groupings including the particular grouping.
  - 4. The storage medium of claim 2, wherein the second graphical element is positioned in the geographical map background element to correspond with the particular geographic location.
  - 5. The storage medium of claim 1, wherein the graphical representation further including a graphical connector associating the first graphical element with the second graphical element and representing that the particular computing device and the source are associated with the particular security event.
  - 6. The storage medium of claim 1, wherein the first graphical element is a bubble element and a diameter of the bubble element corresponds to a quantity of detected security events including the particular security event.
  - 7. The storage medium of claim 1, wherein the source is identified as included in the particular computing system and the source is associated with a first grouping in the plurality of asset groupings.
  - 8. The storage medium of claim 7, wherein the particular grouping is the first grouping.
  - 9. The storage medium of claim 7, wherein the particular grouping is a grouping other than the first grouping.
  - 10. The storage medium of claim 1, wherein the graphical representation further includes representations of each of the plurality of security events.
  - 11. The storage medium of claim 1, wherein each of the plurality of asset groupings is a distinct, user-defined asset grouping.
  - 12. The storage medium of claim 1, wherein each of the plurality of asset groupings corresponds to a range of IP addresses of assets in the particular computing system.
  - 13. The storage medium of claim 1, wherein the graphical representation is an interactive presentation and user interactions with one or more of the first and second graphical elements causes a view to be presented of details of the particular security event.
  - 14. The storage medium of claim 13, wherein the user interactions include a mouse-over of one or more of the first and second graphical elements.
  - 15. The storage medium of claim 13, wherein the user interactions include a selection of one or more of the first and second graphical elements.
  - 16. The storage medium of claim 1, wherein the graphical representation of the particular security event communicates a type of the particular security event.
  - 17. The storage medium of claim 16, wherein the graphical representation of the particular security event color-codes each of the first and second graphical elements according to the type of the particular security event, wherein the type of the particular security event is one of a plurality of security event types and each of the plurality of security event types is coded to a respective color.
  - 18. The storage medium of claim 1, wherein the first graphic element is a first type of graphic element representing targets of a security event and the second graphic element is a second, different type of security event representing sources of a security event.

19. A method comprising:
- identifying a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
  
  identifying a particular grouping of assets in a plurality of asset groupings defined for devices within the particular computing system as including the particular computing device;
  
  identifying a source of the particular security event, wherein the source is associated with at least one second computing device;
  
  associating the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
  
  generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
  
  a geographical map background element representing geographic locations;
  
  a plurality of graphical background elements representing each of the plurality of asset groupings, wherein each of the plurality of graphical background elements are to be presented outside the geographical map in the graphical representation;
  
  a first graphical element representing the particular computing device, wherein the first graphical element is overlaid on a particular one of the graphical background elements to represent the particular computing device as included in the particular grouping of assets, anda second graphical element representing the source, wherein the second graphical element is overlaid on one of the geographical map background element or one of the plurality of graphical elements to respectively represent the source as associated with the geographic location or one of the groupings of assets included in the plurality of asset groupings.

20. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a geo-mapping engine, adapted when executed by the at least one processor device to;
  
  identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
  
  identify a particular grouping of assets in a plurality of asset groupings defined for devices within the particular computing system as including the particular computing device;
  
  identify a source of the particular security event, wherein the source is associated with at least one second computing device;
  
  associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
  
  generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
  
  a geographical map background element representing geographic locations;
  
  a plurality of graphical background elements representing each of the plurality of asset groupings, wherein each of the plurality of graphical background elements are to be presented outside the geographical map in the graphical representation;
  
  a first graphical element representing the particular computing device, wherein the first graphical element is overlaid on a particular one of the graphical background elements to represent the particular computing device as included in the particular grouping of assets, anda second graphical element representing the source, wherein the second graphical element is overlaid on one of the geographical map background element or one of the plurality of graphical elements to respectively represent the source as associated with the geographic location or one of the groupings of assets included in the plurality of asset groupings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Pearcy, Derek Patton, Heinrich, Jessica Anne, Gaskins, Jessica Jeanne
Primary Examiner(s)
Harriman, Dant B Shaifer

Application Number

US15/168,010
Publication Number

US 20170091972A1
Time in Patent Office

794 Days
Field of Search

726 23
US Class Current
CPC Class Codes

G06F 16/29   Geographical information da...

G06F 21/50   Monitoring users, programs ...

G06F 21/56   Computer malware detection ...

G06F 2221/034   Test or assess a computer o...

G06T 11/60   Editing figures and text; C...

H04L 41/00   Arrangements for maintenanc...

H04L 41/06   Management of faults, event...

H04L 41/0893   Assignment of logical group...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 67/52   specially adapted for the l...

Geo-mapping system security events

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Geo-mapping system security events

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links