Management of security actions based on computing asset classification
First Claim
1. A method of operating an advisement system to respond to security threats in a computing environment, the method comprising:
- identifying a security threat for an asset in the computing environment, wherein the asset comprises one of a virtual or physical computing element;
obtaining supplemental information related to the security threat from one or more websites and/or databases;
in response to identifying the security threat, identifying one or more classifications for the asset in relation to other assets within the computing environment, wherein a classification of the one or more classifications comprising one of a consumer classification or a provider classification based on incoming and outgoing connections of the asset prior to the identification of the security threat is determined by;
determining a ratio of incoming connections to outgoing connections for the asset at a time prior to the security threat;
when the ratio indicates a greater number of incoming connections in comparison to outgoing connections, classifying the asset as a consumer classification; and
when the ratio indicates a lesser number of incoming connections in comparison to outgoing connections, classifying the asset as a provider classification;
identifying a criticality rating for the asset;
determining a rule set for the security threat based on the one or more classifications for the asset, the criticality rating for the asset, and the supplemental information, wherein the rule set defines a response to the security threat, the response comprising an automated action for implementation in the asset; and
initiating the response to the security threat based on the rule set.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein provide for responding to security threats in a computing environment based on the classification of computing assets in the environment. In one example, a method of operating an advisement computing system includes identifying a security threat for an asset in the computing environment, and identifying a classification for the asset in relation to other assets within the computing environment. The method further provides determining a rule set for the security threat based on the classification for the asset and initiating a response to the security threat based on the rule set.
-
Citations
14 Claims
-
1. A method of operating an advisement system to respond to security threats in a computing environment, the method comprising:
-
identifying a security threat for an asset in the computing environment, wherein the asset comprises one of a virtual or physical computing element; obtaining supplemental information related to the security threat from one or more websites and/or databases; in response to identifying the security threat, identifying one or more classifications for the asset in relation to other assets within the computing environment, wherein a classification of the one or more classifications comprising one of a consumer classification or a provider classification based on incoming and outgoing connections of the asset prior to the identification of the security threat is determined by; determining a ratio of incoming connections to outgoing connections for the asset at a time prior to the security threat; when the ratio indicates a greater number of incoming connections in comparison to outgoing connections, classifying the asset as a consumer classification; and when the ratio indicates a lesser number of incoming connections in comparison to outgoing connections, classifying the asset as a provider classification; identifying a criticality rating for the asset; determining a rule set for the security threat based on the one or more classifications for the asset, the criticality rating for the asset, and the supplemental information, wherein the rule set defines a response to the security threat, the response comprising an automated action for implementation in the asset; and initiating the response to the security threat based on the rule set. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus to respond to security threats in a computing environment, the apparatus comprising:
-
a processing system; one or more non-transitory computer readable media; and processing instructions stored on the one or more non-transitory computer readable media that, when executed by the processing system, direct the processing system to; identify a security threat for an asset in the computing environment, wherein the asset comprises one of a virtual or physical computing asset; obtaining supplemental information related to the security threat from one or more websites and/or databases; in response to identifying the security threat, identify one or more classifications for the asset in relation to other assets within the computing environment, wherein a classification of the one or more classifications comprising one of a consumer classification or a provider classification based on incoming and outgoing connections of the asset prior to the identification of the security threat is determined by; determining a ratio of incoming connections to outgoing connections for the asset at a time prior to the security threat; when the ratio indicates a greater number of incoming connections in comparison to outgoing connections, classifying the asset as a consumer classification; and when the ratio indicates a lesser number of incoming connections in comparison to outgoing connections, classifying the asset as a provider classification; identify a criticality rating for the asset; determine a rule set for the security threat based on the one or more classifications for the asset, the criticality rating for the asset, and the supplemental information, wherein the rule set defines a response to the security threat, the response comprising an automated action for implementation in the asset; and initiate the response to the security threat based on the rule set. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system comprising:
-
a plurality of assets; an advisement system configured to; receive a notification of a security threat for an asset of the plurality of assets, wherein the asset comprises one of a virtual or physical computing element; obtain supplemental information related to the security threat from one or more websites and/or databases; identify one or more classifications of the asset in relation to the security threat, wherein a classification of the one or more classifications comprising one of a consumer classification or a provider classification based on incoming and outgoing connections of the asset prior to the identification of the security threat is determined by; determining a ratio of incoming connections to outgoing connections for the asset at a time prior to the security threat; when the ratio indicates a greater number of incoming connections in comparison to outgoing connections, classifying the asset as a consumer classification; and when the ratio indicates a lesser number of incoming connections in comparison to outgoing connections, classifying the asset as a provider classification; identify a criticality rating for the asset; determine a rule set for the security threat based on the one or more classifications of the asset, the criticality rating for the asset, and the supplemental information related to the security threat, wherein the rule set defines a response to the security threat, the response comprising an automated action for implementation in the asset; and initiate the response to the security threat based on the rule set. - View Dependent Claims (12, 13, 14)
-
Specification