System and method for automatic service discovery and protection
First Claim
1. A computer-implemented method for discovering unknown services operating on a network and securing the network, the method comprising:
- collecting known service characterization data comprising characteristics of known services operating on the network, wherein known services include services identified as having an associated service identification that is known to the network;
detecting one or more unknown services operating on the network, wherein unknown services include services without a service identification that is known to the network; and
for each of the one or more detected unknown services;
in response to detecting the unknown service operating on the network, collecting unknown service characterization data comprising characteristics of the detected unknown service operating on the network;
analyzing the unknown service characterization data based on a set of expected characteristics for the unknown service, wherein analyzing the unknown service characterization data includes evaluating the unknown service characterization data using a machine learning model trained on at least the set of expected characteristics for the unknown service as a training set;
generating a service identity probability value for the unknown service based on the analysis of the unknown service characterization data, wherein the service identity probability value indicates a likelihood that an unknown service to the network has a service identification that is known to the network; and
in response to identifying the service identity probability value for the unknown service, applying a security measure to the unknown service based at least in part on the service identity probability value generated for the unknown service and at least one particular associated service identification that is known to the network, wherein the security measure comprises at least generating one or more security recommendations for the unknown service based at least on;
the unknown service characterization data, a security measure required to be implemented by at least one service having the at least one particular associated service identification that is known to the network for the at least one service to continue operating on the network or for accessing the network at a future time, and a determination of whether the one or more security recommendations can be implemented with the unknown service.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for automatically discovering services operating on a network including a service discovery database configured to store expected service behavioral characteristics and service identities of the services operating on the network, a set of service discovery modules configured to collect service behavioral data of the services operating on the network, and a service discovery module controller communicatively coupled to the service discovery module database and the set of service discovery modules, the service discovery module controller configured to generate service behavioral characteristics from the service behavioral data, analyze the service behavioral characteristics using the expected service behavioral characteristics, resulting in a first behavioral analysis, identify a first service identity of at least one service operating on the network from the first behavioral analysis and an association of the first service identity and the expected service behavioral characteristics.
-
Citations
20 Claims
-
1. A computer-implemented method for discovering unknown services operating on a network and securing the network, the method comprising:
-
collecting known service characterization data comprising characteristics of known services operating on the network, wherein known services include services identified as having an associated service identification that is known to the network; detecting one or more unknown services operating on the network, wherein unknown services include services without a service identification that is known to the network; and for each of the one or more detected unknown services; in response to detecting the unknown service operating on the network, collecting unknown service characterization data comprising characteristics of the detected unknown service operating on the network; analyzing the unknown service characterization data based on a set of expected characteristics for the unknown service, wherein analyzing the unknown service characterization data includes evaluating the unknown service characterization data using a machine learning model trained on at least the set of expected characteristics for the unknown service as a training set; generating a service identity probability value for the unknown service based on the analysis of the unknown service characterization data, wherein the service identity probability value indicates a likelihood that an unknown service to the network has a service identification that is known to the network; and in response to identifying the service identity probability value for the unknown service, applying a security measure to the unknown service based at least in part on the service identity probability value generated for the unknown service and at least one particular associated service identification that is known to the network, wherein the security measure comprises at least generating one or more security recommendations for the unknown service based at least on;
the unknown service characterization data, a security measure required to be implemented by at least one service having the at least one particular associated service identification that is known to the network for the at least one service to continue operating on the network or for accessing the network at a future time, and a determination of whether the one or more security recommendations can be implemented with the unknown service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform a method, the method comprising:
-
collecting known service characterization data comprising characteristics of known services operating on a network, wherein known services include services identified as having an associated service identification that is known to the network; detecting one or more unknown services operating on the network, wherein unknown services include services without a service identification that is known to the network; and for each of the one or more detected unknown services; in response to detecting the unknown service operating on the network, collecting unknown service characterization data comprising characteristics of the detected unknown service operating on the network; analyzing the unknown service characterization data based on a set of expected characteristics for the unknown service, wherein analyzing the unknown service characterization data includes evaluating the unknown service characterization data using a machine learning model trained on at least the set of expected characteristics for the unknown service as a training set; generating a service identity probability value for the unknown service based on the analysis of the unknown service characterization data, wherein the service identity probability value indicates a likelihood that an unknown service to the network has a service identification that is known to the network; and in response to identifying the service identity probability value for the unknown service, applying a security measure to the unknown service based at least in part on the service identity probability value generated for the unknown service and at least one particular associated service identification that is known to the network, wherein the security measure comprises at least generating one or more security recommendations for the unknown service based at least on;
the unknown service characterization data, a security measure required to be implemented by at least one service having the at least one particular associated service identification that is known to the network for the at least one service to continue operating on the network or for accessing the network at a future time, and a determination of whether the one or more security recommendations can be implemented with the unknown service. - View Dependent Claims (16, 17)
-
-
18. A system for automatically discovering unknown services operating on a network and securing the network, the system comprising:
-
one or more computer processors; a system controller comprising a non-transitory computer-readable storage medium comprising instructions that, when executed by the one or more computer processors, cause the system controller to perform operations including; collecting known service characterization data comprising characteristics of known services operating on the network, wherein known services include services identified as having an associated service identification that is known to the network; detecting one or more unknown services operating on the network, wherein unknown services include services without a service identification that is known to the network; and for each of the one or more detected unknown services; in response to detecting the unknown service operating on the network, collecting unknown service characterization data comprising characteristics of the detected unknown service operating on the network; analyzing the unknown service characterization data based on a set of expected characteristics for the unknown service, wherein analyzing the unknown service characterization data includes evaluating the unknown service characterization data using a machine learning model trained on at least the set of expected characteristics for the unknown service as a training set; generating a service identity probability value for the unknown service based on the analysis of the unknown service characterization data, wherein the service identity probability value indicates a likelihood that an unknown service to the network has a service identification that is known to the network; and in response to identifying the service identity probability value for the unknown service, applying a security measure to the unknown service based at least in part on the service identity probability value generated for the unknown service and at least one particular associated service identification that is known to the network, wherein the security measure comprises at least generating one or more security recommendations for the unknown service based at least on;
the unknown service characterization data, a security measure required to be implemented by at least one service having the at least one particular associated service identification that is known to the network for the at least one service to continue operating on the network or for accessing the network at a future time, and a determination of whether the one or more security recommendations can be implemented with the unknown service. - View Dependent Claims (19, 20)
-
Specification