Human-assisted entity mapping

US 10,341,370 B2
Filed: 08/17/2016
Issued: 07/02/2019
Est. Priority Date: 09/09/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically;

enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities; and

invoking external crowd-sourced services to aid in generating the map.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Among other things, traces are received of activities of an online user who is associated with an entity. By analysis of the traces a security state of the entity is inferred. Also, a map is generated between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets. At least part of the generating of the map is done automatically. A user can be engaged to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities.

53 Citations

View as Search Results

22 Claims

1. A method comprising:
- generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically;
  
  enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities; and
  
  invoking external crowd-sourced services to aid in generating the map.

2. A method comprising:
- generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically;
  
  enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities; and
  
  enabling a separate review and approval of entities proposed to be included in the map.

3. A method comprising:
- generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically;
  
  enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities; and
  
  providing the map to an application for joining to event data or scoring a security state of the entities.

4. A method comprising:
- generating graphs of relationships among entities based on their association with technical assets;
  
  generating a map between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets, at least part of the generating of the map being done automatically; and
  
  enabling a user to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 5. The method of claim 4 comprising presenting to the user non-technical-asset information through the user interface.
  - 6. The method of claim 5 in which the non-technical-asset information comprises information about the entities.
  - 7. The method of claim 6 in which the information about the entities comprises at least one of descriptions of entities, industry classifications, and employee counts.
  - 8. The method of claim 4 in which the tool enables the user to assign a technical asset to an entity.
  - 9. The method of claim 4 in which the part of the generating of the map that is done automatically comprises at least one of collecting information about technical assets and about entities, associating technical assets with entities, and approving proposed portions of the map.
  - 10. The method of claim 4 in which the technical assets comprise network-related information.
  - 11. The method of claim 10 in which the technical assets further comprise at least one of blocks of Internet Protocol addresses, mail server configurations, domain names, social media handles, third-party data hosting, internet service providers, Domain Name System services, Autonomous System numbers, and Border Gateway Protocol advertisements.
  - 12. The method of claim 10 in which generating the map comprises online discovery of information about the technical assets.
  - 13. The method of claim 12 in which the information about the technical assets is discovered from an Internet Assigned Numbers Authority or a Regional Internet Registry.
  - 14. The method of claim 12 in which the information about the technical assets is discovered through passive DNS queries.
  - 15. The method of claim 14 comprising identifying from the passive DNS queries associations between domain names and network addresses.
  - 16. The method of claim 15 comprising tracking changes over time in the Internet Protocol addresses that are associated with the host names.
  - 17. The computer-implemented method of claim 15 in which identifying from the passive DNS queries associations between domain names and network addresses comprises:
    - receiving a first domain name for an entity from the entities;
      
      sending a first passive domain name system (DNS) query to identify first name servers for the first domain name;
      
      receiving a list of the first name servers for the first domain name;
      
      sending a second passive DNS query, for each of the first name servers, to identify second domain names for which the first name server is authoritative;
      
      receiving a list, for each of the first name servers, of the second domain names for which the first name server is authoritative;
      
      sending a third passive DNS query, for each of the second domain names, to identify host names for hosts of the second domain name and Internet Protocol addresses for the host names;
      
      receiving a list of the host names and the Internet Protocol addresses for the host names; and
      
      mapping each of the Internet Protocol addresses to an attribute for the entity.
  - 18. The method of claim 17 wherein receiving the first domain name for the entity comprises:
    - receiving, by an analysis system from a user interface, the first domain name for the entity.

19. The method 18 wherein sending the first passive DNS query to identify first name servers for the first domain name comprises:
- sending, by the analysis system to a DNS server, the first passive DNS query to identify first name servers for the first domain name.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19 wherein receiving the list of the first name servers for the first domain name comprises:
    - receiving, by the analysis system from the DNS server, the list of the first name servers for the first domain name.
  - 21. The method of claim 20 wherein sending the second passive DNS query comprises:
    - sending, by the analysis system to the DNS server, the second passive DNS query, for each of the first name servers, to identify second domain names for which the first name server is authoritative.
  - 22. The method of claim 21 wherein sending the third passive DNS query comprises:
    - sending, by the analysis system to the DNS server, the third passive DNS query, for each of the second domain names, to identify host names for hosts of the second domain name and Internet Protocol addresses for the host names.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BitSight Technologies, Inc.
Original Assignee
BitSight Technologies, Inc.
Inventors
Gladstone, Philip John Steuart, Kirby, Alan Joseph, Truelove, John Matthew, Feinzeig, David, Venna, Nagarjuna, Boyer, Stephen
Primary Examiner(s)
Abdul-Ali, Omar R

Application Number

US15/239,063
Publication Number

US 20170093901A1
Time in Patent Office

1,049 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0484   for the control of specific...

G06Q 30/0277   Online advertisement

G06Q 50/01   Social networking

H04L 61/4511   using domain name system [DNS]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Human-assisted entity mapping

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Human-assisted entity mapping

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links