Security actions for computing assets based on enrichment information
First Claim
1. A method comprising:
- identifying an incident associated with an asset in a computing environment, the computing environment comprising a plurality of assets;
identifying properties associated with the incident;
obtaining, using the properties, enrichment information associated with the incident from one or more internal or external sources;
identifying a criticality rating associated with the asset, wherein the criticality rating is based on an operation provided by the asset for the computing environment;
determining one or more actions to respond to the incident based at least on the enrichment information and the criticality rating; and
initiating implementation of at least one action in the computing environment from the one or more actions.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.
100 Citations
30 Claims
-
1. A method comprising:
-
identifying an incident associated with an asset in a computing environment, the computing environment comprising a plurality of assets; identifying properties associated with the incident; obtaining, using the properties, enrichment information associated with the incident from one or more internal or external sources; identifying a criticality rating associated with the asset, wherein the criticality rating is based on an operation provided by the asset for the computing environment; determining one or more actions to respond to the incident based at least on the enrichment information and the criticality rating; and initiating implementation of at least one action in the computing environment from the one or more actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
one or more non-transitory computer readable storage media; a processing system operatively coupled to the one or more non-transitory computer readable storage media; and processing instructions stored on the one or more non-transitory computer readable storage media that, when executed by the processing system, direct the processing system to; identify an incident associated with an asset in a computing environment, the computing environment comprising a plurality of assets; identify properties associated with the incident; obtain, using the properties, enrichment information associated with the incident from one or more internal or external sources; identify a criticality rating associated with the asset, wherein the criticality rating is based on an operation provided by the asset for the computing environment; determine one or more actions to respond to the incident based at least on the enrichment information and the criticality rating; and initiate implementation of at least one action in the computing environment from the one or more actions. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus comprising:
-
one or more non-transitory computer readable storage media; and processing instructions stored on the one or more non-transitory computer readable storage media that, when executed by a processing system, direct the processing system to; identify an incident associated with an asset in a computing environment, the computing environment comprising a plurality of assets; identify properties associated with the incident; obtain, using the properties, enrichment information associated with the incident from one or more internal or external sources; identify a criticality rating associated with the asset, wherein the criticality rating is based on an operation provided by the asset for the computing environment; determine one or more actions to respond to the incident based at least on the enrichment information and the criticality rating; and cause display of the one or more actions; receive input indicative of a request to implement at least one action from the one or more actions; and initiate implementation of the at least one action in the computing environment. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification