Techniques for discovering and managing security of applications
First Claim
1. A computer-implemented method comprising, at a computer system of a security management system:
- obtaining a file including data about network activity associated with a client device on a network of an organization, wherein the network activity is generated when the client device is operating as part of the network of the organization;
identifying, using the data about the network activity, an application that has been accessed by the client device while the client device is operating as part of the network of the organization, wherein the application is provided to the client device from a network of a service provider, wherein the network of the organization and the network of the service provider are different networks;
determining, using the data about the network activity, access information associated with the application, wherein the access information includes network activity indicating an access of the application from the client device;
determining, using the access information, domain information about the application, wherein the domain information identifies the service provider;
determining, using the domain information, security information about the application, wherein the security information comprises a first value indicative of a first security threat associated with the application and a second value indicative of a second security threat associated with the application;
computing a first weighted value that is based on multiplying the first value by a first weight value;
computing a second weighted value that is based on multiplying the second value by a second weight value;
computing a first sum that is based on a summation of the first weighted value and the second weighted value;
computing a second sum that is based on a summation of the first weight value and the second weight value;
computing a measure of security based on dividing the first sum by the second sum; and
performing, by applying a security policy based on the measure of security, a remediation action for the application.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for discovery and management of applications in a computing environment of an organization are disclosed. A security management system discovers use of applications within a computing environment to manage access to applications for minimizing security threats and risks in a computing environment of the organization. The security management system can obtain network data about network traffic to identify unique applications. The security management system can perform analysis and correlation, including use of one or more data sources, to determine information about an application. The system can compute a measure of security for an application (“an application risk score”) and a user (“a user risk score”). The score may be analyzed to determine a threat of security posed by the application based on use of the application. The security system can perform one or more instructions to configure access permitted by an application, whether access is denied or restricted.
133 Citations
18 Claims
-
1. A computer-implemented method comprising, at a computer system of a security management system:
-
obtaining a file including data about network activity associated with a client device on a network of an organization, wherein the network activity is generated when the client device is operating as part of the network of the organization; identifying, using the data about the network activity, an application that has been accessed by the client device while the client device is operating as part of the network of the organization, wherein the application is provided to the client device from a network of a service provider, wherein the network of the organization and the network of the service provider are different networks; determining, using the data about the network activity, access information associated with the application, wherein the access information includes network activity indicating an access of the application from the client device; determining, using the access information, domain information about the application, wherein the domain information identifies the service provider; determining, using the domain information, security information about the application, wherein the security information comprises a first value indicative of a first security threat associated with the application and a second value indicative of a second security threat associated with the application; computing a first weighted value that is based on multiplying the first value by a first weight value; computing a second weighted value that is based on multiplying the second value by a second weight value; computing a first sum that is based on a summation of the first weighted value and the second weighted value; computing a second sum that is based on a summation of the first weight value and the second weight value; computing a measure of security based on dividing the first sum by the second sum; and performing, by applying a security policy based on the measure of security, a remediation action for the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A security management system comprising:
-
one or more processors; and a memory accessible to the one or more processors, wherein the memory stores one or more instructions which, upon execution by the one or more processors, causes the one or more processors to perform operations comprising; obtaining a file including data about network activity associated with a client device on a network of an organization, wherein the network activity is generated when the client device is operating as part of the network of the organization; identifying, using the data about the network activity, an application that has been accessed by the client device while the client device is operating as part of the network of the organization, wherein the application is provided to the client device from a network of a service provider, wherein the network of the organization and the network of the service provider are different networks; determining, using the data about the network activity, access information associated with the application, wherein the access information includes network activity indicating an access of the application from the client device; performing, using the access information, one or more queries for domain information associated with the application; determining security information about the application, the security information comprising a first value indicative of a first security threat associated with the application and a second value indicative of a second security threat associated with the application; computing a first weighted value that is based on multiplying the first value by a first weight value; computing a second weighted value that is based on multiplying the second value by a second weight value; computing a first sum that is based on a summation of the first weighted value and the second weighted value; computing a second sum that is based on a summation of the first weight value and the second weight value; computing a measure of security based on dividing the first sum by the second sum; and performing, by applying a security policy based on the measure of security, a remediation action for the application.
-
-
14. A computer-implemented method comprising, at a computer system of a security management system:
-
obtaining, from a first service provider system, first data about a first application, wherein the first application is accessed from the first service provider system, and wherein access of the first application is associated with a user; obtaining, from a second service provider system, second data about a second application, wherein the second application is accessed from the second service provider system, and wherein access of the second application is associated with the user; determining, using the first data and the second data, access information for a third application that has been accessed by the user; searching, using the access information, for domain information about a provider system that provides the third application; determining security information about the third application, the security information comprising a first value indicative of a first security threat associated with the third application and a second value indicative of a second security threat associated with the third application; computing a first weighted value that is based on multiplying the first value by a first weight value; computing a second weighted value that is based on multiplying the second value by a second weight value; computing a first sum that is based on a summation of the first weighted value and the second weighted value; computing a second sum that is based on a summation of the first weight value and the second weight value; computing a measure of security based on dividing the first sum by the second sum; and performing, by applying a security policy based on the measure of security, a remediation action for the third application. - View Dependent Claims (15, 16, 17, 18)
-
Specification