Systems and methods for computer environment situational awareness

US 10,645,102 B2
Filed: 12/17/2018
Issued: 05/05/2020
Est. Priority Date: 10/31/2016
Status: Active Grant

First Claim

Patent Images

1. A system for monitoring states of operation of assets in a network of computer devices, the system comprising:

one or more servers communicatively coupled to a computer network, the one or more servers include;

a controller engine executed on one or more processors, coupled to a memory, and configured to;

detect that a specification associated with operation of the computer network is violated;

identify one or more assets of the computer network associated with the specification; and

an asset profiling engine configured to, for each asset of the one or more identified assets;

determine a first set of parameters for profiling the asset based on detected violation of the specification;

transmit a first query for the first set of parameters to a computing device associated with the asset;

receive, from the computing device, one or more first parameter values corresponding to the first set of parameters responsive to the first query;

compare the one or more first parameter values to one or more first criteria or threshold values; and

determine a state of operation of the asset based on comparing the one or more first parameter values to the one or more first criteria or threshold values, the state of operation indicative of a normal or an abnormal behavior associated with the asset,the controller engine configured to determine a cause of violating the specification based on one or more determined states of operation of the one or more identified assets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for monitoring states of operation of a computer environment can include one or more computer servers identifying a target asset of the computer environment and establishing a communication link with a computing device associated with the target asset. The one or more computer servers can determine a first set of parameters for profiling the target asset, transmit a first query for the first set of parameters to the computing device via the communication link, and receive one or more first parameter values corresponding to the first set of parameters responsive to the query. The one or more computer servers can compare the one or more first parameter values to one or more first criteria or threshold values, an determine a state of operation of the target asset based on the comparison. The state of operation can be indicative of an abnormal behavior associated with the target asset.

Citations

20 Claims

1. A system for monitoring states of operation of assets in a network of computer devices, the system comprising:
- one or more servers communicatively coupled to a computer network, the one or more servers include;
  
  a controller engine executed on one or more processors, coupled to a memory, and configured to;
  
  detect that a specification associated with operation of the computer network is violated;
  
  identify one or more assets of the computer network associated with the specification; and
  
  an asset profiling engine configured to, for each asset of the one or more identified assets;
  
  determine a first set of parameters for profiling the asset based on detected violation of the specification;
  
  transmit a first query for the first set of parameters to a computing device associated with the asset;
  
  receive, from the computing device, one or more first parameter values corresponding to the first set of parameters responsive to the first query;
  
  compare the one or more first parameter values to one or more first criteria or threshold values; and
  
  determine a state of operation of the asset based on comparing the one or more first parameter values to the one or more first criteria or threshold values, the state of operation indicative of a normal or an abnormal behavior associated with the asset,the controller engine configured to determine a cause of violating the specification based on one or more determined states of operation of the one or more identified assets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the asset profiling engine is further configured to:
    - determine a second set of parameters based on the comparing, for each of the one or more identified assets, of the one or more first parameter values to the one or more first criteria or threshold values;
      
      transmit, for each asset of the one or more identified assets, a second query for the second set of parameters to the computing device associated with the asset;
      
      receive, from each asset of the one or more identified assets, one or more second parameter values corresponding to the second set of parameters, responsive to the second query;
      
      compare, for each asset of the one or more identified assets, the one or more second parameter values to one or more second criteria or threshold values; and
      
      determine, for each asset of the one or more assets, the state of operation of the asset further based on comparing the one or more second parameter values to the one or more second criteria or threshold values.
  - 3. The system of claim 1, wherein determining a first set of parameters for profiling the asset includes selecting a respective profiling template from a plurality of profiling templates.
  - 4. The system of claim 1, wherein the controller engine is further configured to:
    - provide an indication of an abnormal behavior of at least one asset of the one or more identified assets or an indication of the cause of violating the specification for display on a display device.
  - 5. The system of claim 1, wherein the asset is a first asset and wherein the controller engine is further configured to:
    - identify a second asset; and
      
      upon determining that the second asset is not responding to one or more requests, transmit the first query for the first set of parameters to the first asset, the first set of parameters associated with the second asset.
  - 6. The system of claim 1, wherein detecting that the specification associated with the operation of the computer network is violated includes detecting access of the network of computer devices by an electronic device associated with an Internet Protocol (IP) address that is blocked from accessing the network of computer devices.
  - 7. The system of claim 6, wherein the one or more identified assets include a firewall, a gateway or a router.
  - 8. The system of claim 1, wherein the cause of violating the specification includes a misconfiguration or a modified configuration of an asset of the one or more identified assets.
  - 9. The system of claim 1, wherein detecting that the specification associated with the operation of the computer network is violated includes detecting an attempt to access a blocked website or blocked database from the computer network.
  - 10. The system of claim 1, wherein the controller is configured to update a state parameter of an asset of the one or more identified assets based on the state of operation of the asset.

11. A method of monitoring states of operation of assets in a network of computer devices, the method comprising:
- detecting by a controller engine executed on one or more processors, coupled to a memory, that a specification associated with operation of theidentifying, by the controller engine, one or more assets of the computer network associated with the specification;
  
  determining, by the asset profiling engine, for each asset of the one or more identified assets, a first set of parameters for profiling the asset based on detected violation of the specification;
  
  transmitting, by the asset profiling engine, for each asset of the one or more identified assets, a first query for the first set of parameters to a computing device associated with the asset;
  
  receiving, by the asset profiling engine, for each asset of the one or more identified assets, one or more first parameter values corresponding to the first set of parameters responsive to the first query;
  
  comparing, by the asset profiling engine, for each asset of the one or more identified assets, the one or more first parameter values to one or more first criteria or threshold values;
  
  determining, by the asset profiling engine, for each asset of the one or more identified assets, a state of operation of the asset based on comparing the one or more first parameter values to the one or more first criteria or threshold values, the state of operation indicative of an abnormal behavior associated with the asset; and
  
  determining, by the controller engine, a cause of violating the specification based on one or more determined states of operation of the one or more identified assets.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 further comprising:
    - determining, by the asset profiling engine, a second set of parameters based on the comparing, for each of the one or more identified assets, of the one or more first parameter values to the one or more first criteria or threshold values;
      
      transmitting, by the asset profiling engine, for each of the one or more identified assets, a second query for the second set of parameters to the computing device associated with the asset;
      
      receiving, by the asset profiling engine, from each of the one or more identified assets, one or more second parameter values corresponding to the second set of parameters from the computing device associated with the asset, responsive to the second query;
      
      comparing, by the asset profiling engine, for each of the one or more identified assets, the one or more second parameter values to one or more second criteria or threshold values; and
      
      determining, for each asset of the one or more assets, the state of operation of the asset further based on comparing the one or more second parameter values to the one or more second criteria or threshold values.
  - 13. The method of claim 11, wherein determining a first set of parameters for profiling the asset includes selecting a respective profiling template from a plurality of profiling templates.
  - 14. The method of claim 11 further comprising:
    - providing, by the controller engine, an indication of an abnormal behavior of at least one asset of the one or more identified assets or an indication of the cause of violating the specification for display on a display device.
  - 15. The method of claim 11, wherein detecting that the specification associated with the operation of the computer network is violated includes detecting access of the network of computer devices by an electronic device associated with an Internet Protocol (IP) address that is blocked from accessing the network of computer devices.
  - 16. The method of claim 15, wherein the one or more identified assets include a firewall, a gateway or a router.
  - 17. The method of claim 15, wherein the cause of violating the specification includes a misconfiguration or a modified configuration of an asset of the one or more identified assets.
  - 18. The method of claim 15, wherein detecting that the specification associated with the operation of the computer network is violated includes detecting an attempt to access a blocked website or blocked database from the computer network.
  - 19. The method of claim 15, further comprising updating a state parameter of an asset of the one or more identified assets based on the state of operation of the asset.

20. A non-transitory computer-readable medium with computer code instructions stored thereon, the computer code instructions when executed by one or more processors cause the one or more processors to:
- detect that a specification associated with operation of the computer network;
  
  identify one or more assets of the computer network associated with the specification;
  
  determine, for each asset of the one or more identified assets, a first set of parameters for profiling the asset based on detected violation of the specification;
  
  transmit, for each asset of the one or more identified assets, a first query for the first set of parameters to a computing device associated with the asset;
  
  receive, for each asset of the one or more identified assets, one or more first parameter values corresponding to the first set of parameters responsive to the first query;
  
  compare, for each asset of the one or more identified assets, the one or more first parameter values to one or more first criteria or threshold values;
  
  determine, for each asset of the one or more identified assets, a state of operation of the asset based on comparing the one or more first parameter values to the one or more first criteria or threshold values, the state of operation indicative of an abnormal behavior associated with the asset, anddetermine a cause of violating the specification based on one or more determined states of operation of the one or more identified assets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acentium Inc.
Original Assignee
Acentium Inc.
Inventors
Hamdi, Amine
Primary Examiner(s)
Lemma, Samson B

Application Number

US16/222,573
Publication Number

US 20190141063A1
Time in Patent Office

505 Days
Field of Search

726 22
US Class Current
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/3013   where the computing system ...

G06F 11/3051   Monitoring arrangements for...

G06F 11/3055   Monitoring arrangements for...

G06F 11/3058   Monitoring arrangements for...

G06F 11/323   Visualisation of programs o...

G06F 11/3428   Benchmarking

G06F 11/3452   Performance evaluation by s...

G06F 11/3466   Performance evaluation by t...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2201/81   Threshold

H04L 41/0853   by actively collecting conf...

H04L 43/0817   by checking functioning

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 67/30   Profiles

Systems and methods for computer environment situational awareness

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for computer environment situational awareness

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links