Automated asset criticality assessment

US 10,320,830 B2
Filed: 04/23/2018
Issued: 06/11/2019
Est. Priority Date: 12/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying a set of attributes of an asset of a computing environment, wherein the set of attributes identifies one or more users and a context of use of the asset by the one or more users;

determining, using at least one processor device, a criticality rating value for the asset based at least in part on the one or more users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the asset, and the criticality rating value is determined in response to a countermeasure deployment involving the asset or an attempt to launch the asset or an application hosted by or interacting with the asset;

calculating a risk measure for the asset from the criticality rating value, vulnerability detection data identifying vulnerabilities of the asset, and countermeasure detection data identifying countermeasures deployed on the asset; and

causing a security activity to be performed based at least in part on the risk measure for the asset.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

28 Citations

View as Search Results

20 Claims

1. A method, comprising:
- identifying a set of attributes of an asset of a computing environment, wherein the set of attributes identifies one or more users and a context of use of the asset by the one or more users;
  
  determining, using at least one processor device, a criticality rating value for the asset based at least in part on the one or more users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the asset, and the criticality rating value is determined in response to a countermeasure deployment involving the asset or an attempt to launch the asset or an application hosted by or interacting with the asset;
  
  calculating a risk measure for the asset from the criticality rating value, vulnerability detection data identifying vulnerabilities of the asset, and countermeasure detection data identifying countermeasures deployed on the asset; and
  
  causing a security activity to be performed based at least in part on the risk measure for the asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the set of attributes are determined from data collected using an agent deployed on a computing device of the asset.
  - 3. The method of claim 1, wherein the security activity includes a risk assessment using the criticality rating value as an input.
  - 4. The method of claim 1, wherein the causing the security activity to be performed includes determining a priority for the security activity based on the criticality rating value.
  - 5. The method of claim 1, wherein the criticality rating value is based on a detection that the asset is monitored, locked, encrypted, secured, or is protected.
  - 6. The method of claim 1, wherein the criticality rating value is based on a whitelist used by, entrusted with, deployed on, or identifying the asset or a host thereof.
  - 7. The method of claim 1, further comprising:
    - determining that the criticality rating value does not exist for the asset based on an event involving the asset, wherein the set of attributes is determined from data collected by one or more utilities in the computing environment.

8. At least one non-transitory storage medium having instructions stored thereon, wherein the instructions, when executed on a machine, cause the machine to perform a method comprising:
- identifying a set of attributes of an asset of a computing environment, wherein the set of attributes identifies one or more users and a context of use of the asset by the one or more users;
  
  determining, using at least one processor device, a criticality rating value for the asset based at least in part on the one or more users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the asset, and the criticality rating value is determined in response to a countermeasure deployment involving the asset or an attempt to launch the asset or an application hosted by or interacting with the asset;
  
  calculating a risk measure for the asset from the criticality rating value, vulnerability detection data identifying vulnerabilities of the asset, and countermeasure detection data identifying countermeasures deployed on the asset; and
  
  causing a security activity to be performed based at least in part on the risk measure for the asset.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The medium of claim 8, wherein the set of attributes are determined from data collected using an agent deployed on a computing device of the asset.
  - 10. The medium of claim 8, wherein the security activity includes a risk assessment using the criticality rating value as an input.
  - 11. The medium of claim 8, wherein the causing the security activity to be performed includes determining a priority for the security activity based on the criticality rating value.
  - 12. The medium of claim 8, wherein the criticality rating value is based on a detection that the asset is monitored, locked, encrypted, secured, or is protected.
  - 13. The medium of claim 8, wherein the criticality rating value is based on a whitelist used by, entrusted with, deployed on, or identifying the asset or a host thereof.
  - 14. The medium of claim 8, the method further comprising:
    - determining that the criticality rating value does not exist for the asset based on an event involving the asset, wherein the set of attributes is determined from data collected by one or more utilities in the computing environment.

15. A system, comprising:
- at least one memory element that stores instructions; and
  
  at least one processor device that executes the instructions toidentify a set of attributes of an asset of a computing environment, wherein the set of attributes identifies one or more users and a context of use of the asset by the one or more users;
  
  determine a criticality rating value for the asset based at least in part on the one or more users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the asset, and the criticality rating value is determined in response to a countermeasure deployment involving the asset or an attempt to launch the asset or an application hosted by or interacting with the asset;
  
  calculate a risk measure for the asset from the criticality rating value, vulnerability detection data identifying vulnerabilities of the asset, and countermeasure detection data identifying countermeasures deployed on the asset; and
  
  cause a security activity to be performed based at least in part on the risk measure for the asset.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the set of attributes are determined from data collected using an agent deployed on a computing device of the asset.
  - 17. The system of claim 15, wherein the security activity includes a risk assessment using the criticality rating value as an input.
  - 18. The system of claim 15, wherein the causing the security activity to be performed includes determining a priority for the security activity based on the criticality rating value.
  - 19. The system of claim 15, wherein the criticality rating value is based on a detection that the asset is monitored, locked, encrypted, secured, or is protected.
  - 20. The system of claim 15, wherein the at least one processor device executes the instructions to determine that the criticality rating value does not exist for the asset based on an event involving the asset, and the set of attributes is determined from data collected by one or more utilities in the computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Ahuja, Ratinder Paul Singh, Schrecker, Sven
Primary Examiner(s)
Parsons, Theodore C

Application Number

US15/959,946
Publication Number

US 20180351988A1
Time in Patent Office

414 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Automated asset criticality assessment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated asset criticality assessment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links