Incident response bus for data security incidents
First Claim
1. A system for responding to data security incidents in an enterprise network having devices responsible for security on the enterprise network, the system comprising:
- an incident manager that stores information concerning the data security incidents; and
an incident response bus that communicates with the incident manager and the devices, wherein the incident response bus accesses and processes messages from the incident manager concerning the data security incidents;
wherein the incident response bus is protocol-agnostic and device-independent and has associated therewith a set of components, wherein a component in the set of components is associated with a particular device and defines device-specific interfacing and protocol support for enabling communication with the particular device associated with the component via the incident response bus;
wherein processing messages from the incident manager includes obtaining a message, taking a first incident response action at a first component using the message, generating a modified version of the message, the modified version being in a format suited for processing by a second component, and taking a second incident response action associated with the first incident response action at the second component using the modified version of the message;
the incident manager and the incident response bus implemented as software executable in one or more hardware processors.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for responding to data security incidents in enterprise networks using an incident response bus (IR bus) within an incident management system is disclosed. An Incident Manager (IM) application of the system stores objects that include information concerning data security incidents that occur in enterprise networks managed by the incident management system. Users configure action conditions on the IM, the satisfaction of which cause the IM to send messages that include the information concerning the incidents to message queues, or destinations. Correspondingly, the IR bus includes plugins associated with the devices in each client'"'"'s enterprise network, where each plugin can access the message destinations for the messages. The plugins, in one embodiment, also configure one or more chains of plugins that process the messages. The plugins then execute the chains of plugins to specify actions for the devices to execute to provide a response to the incidents.
101 Citations
19 Claims
-
1. A system for responding to data security incidents in an enterprise network having devices responsible for security on the enterprise network, the system comprising:
-
an incident manager that stores information concerning the data security incidents; and an incident response bus that communicates with the incident manager and the devices, wherein the incident response bus accesses and processes messages from the incident manager concerning the data security incidents; wherein the incident response bus is protocol-agnostic and device-independent and has associated therewith a set of components, wherein a component in the set of components is associated with a particular device and defines device-specific interfacing and protocol support for enabling communication with the particular device associated with the component via the incident response bus; wherein processing messages from the incident manager includes obtaining a message, taking a first incident response action at a first component using the message, generating a modified version of the message, the modified version being in a format suited for processing by a second component, and taking a second incident response action associated with the first incident response action at the second component using the modified version of the message; the incident manager and the incident response bus implemented as software executable in one or more hardware processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for responding to data security incidents in an enterprise network having devices responsible for security on the enterprise network, the method comprising:
-
storing information concerning the data security incidents in an incident manager; and communicating with the incident manager and with the devices responsible for security on the enterprise network via an incident response bus, the incident response bus accessing and processing messages concerning the data security incidents from the incident manager for the devices; wherein the incident response bus is protocol-agnostic and device-independent and has associated therewith a set of components, wherein a component in the set of components is associated with a particular device and defines device-specific interfacing and protocol support for enabling communication with the particular device associated with the component via the incident response bus; wherein processing messages from the incident manager includes obtaining a message, taking a first incident response action at a first component using the message, generating a modified version of the message, the modified version being in a format suited for processing by a second component, and taking a second incident response action associated with the first incident response action at the second component using the modified version of the message. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification