Assessing security control quality and state in an information technology infrastructure

US 10,693,902 B1
Filed: 06/04/2018
Issued: 06/23/2020
Est. Priority Date: 09/27/2013
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:

displaying a user interface that indicates a security control status of assets in an information technology (IT) infrastructure that are monitored by two or more security controls,wherein the user interface includes at least a first portion of the user interface that displays a security control status of a first set of the assets monitored by a first security control, the first portion of the user interface displaying two or more security states monitored by the first security control and further indicating the number of assets in each of the two or more security states monitored by the first security control, and wherein the method further comprises allowing a user to select one of the two or more security states in the first portion of the user interface,wherein the user interface further includes at least a second portion of the user interface that displays a security control status of a second set of the assets monitored by a second security control, at least some of the second set of the assets monitored by the second security control overlapping with the first set of the assets monitored by the first security control, the second portion of the user interface displaying two or more security states monitored by the second security control and further indicating the number of assets in each of the two or more security states monitored by the second security control, andwherein the method further comprises, upon user selection of the one of the two or more security states in the first portion, automatically highlighting one or more of the security states in the second portion of the user interface monitored by the second security control and having overlapping assets with the selected one of the security states from the first portion,wherein the first security control is a vulnerability assessment security control, and wherein the first portion of the user interface comprises a two-dimensional vulnerability risk matrix comprising multiple indicators that form the matrix, one or more of the indicators indicating the number of assets monitored by the vulnerability assessment security control having the corresponding vulnerability risk represented by the respective indicator, andwherein the second security control is one of a policy compliance security control, a change data security control, or a log event data security control.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from one or more security control tools, such as a security configuration management tool, a vulnerability management tool, an event logging tool, or other IT infrastructure security or monitoring tool that is used to monitor, secure, and/or control assets in an IT infrastructure. For example, in some embodiments, user interfaces are disclosed that allow a user to quickly view, filter, and evaluate the degree of security control coverage in selected assets of an enterprise. In further embodiments, user interfaces are disclosed that allow a user to view and evaluate the current security state for selected assets in across a variety of categories and, in some cases, as guided by a two-dimensional vulnerability risk matrix.

35 Citations

12 Claims

1. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:
- displaying a user interface that indicates a security control status of assets in an information technology (IT) infrastructure that are monitored by two or more security controls,wherein the user interface includes at least a first portion of the user interface that displays a security control status of a first set of the assets monitored by a first security control, the first portion of the user interface displaying two or more security states monitored by the first security control and further indicating the number of assets in each of the two or more security states monitored by the first security control, and wherein the method further comprises allowing a user to select one of the two or more security states in the first portion of the user interface,wherein the user interface further includes at least a second portion of the user interface that displays a security control status of a second set of the assets monitored by a second security control, at least some of the second set of the assets monitored by the second security control overlapping with the first set of the assets monitored by the first security control, the second portion of the user interface displaying two or more security states monitored by the second security control and further indicating the number of assets in each of the two or more security states monitored by the second security control, andwherein the method further comprises, upon user selection of the one of the two or more security states in the first portion, automatically highlighting one or more of the security states in the second portion of the user interface monitored by the second security control and having overlapping assets with the selected one of the security states from the first portion,wherein the first security control is a vulnerability assessment security control, and wherein the first portion of the user interface comprises a two-dimensional vulnerability risk matrix comprising multiple indicators that form the matrix, one or more of the indicators indicating the number of assets monitored by the vulnerability assessment security control having the corresponding vulnerability risk represented by the respective indicator, andwherein the second security control is one of a policy compliance security control, a change data security control, or a log event data security control.
- View Dependent Claims (2, 3, 4)
- - 2. The one or more non-transitory computer-readable media of claim 1, wherein the user interface includes one or more additional portions of the user interface for displaying two or more security states monitored by one or more additional respective security controls, andwherein the method further comprises, upon selection of the one of the security states monitored by the first security control, automatically highlighting one or more of the security states monitored by the additional respective security controls having overlapping assets with the selected one of the security states monitored by the first security control.
  - 3. The one or more non-transitory computer-readable media of claim 1, wherein the second security control is a policy compliance security control, and wherein the user interface comprises one or more binning diagrams corresponding to policies evaluated by the policy compliance security control.
  - 4. The one or more non-transitory computer-readable media of claim 3, wherein each of the one or more binning diagrams is divided into indicators, each indicator representing a percentage range of passing tests in the respective compliance policy for one or more respective assets.

5. A computer-implemented method, comprising:
- displaying a user interface that indicates a security control status of assets in an information technology (IT) infrastructure that are monitored by two or more security controls,wherein the user interface includes at least a first portion of the user interface that displays a security control status of a first set of the assets monitored by a first security control, the first portion of the user interface displaying two or more security states monitored by the first security control and further indicating the number of assets in each of the two or more security states monitored by the first security control, and wherein the method further comprises allowing a user to select one of the two or more security states in the first portion of the user interface,wherein the user interface further includes at least a second portion of the user interface that displays a security control status of a second set of the assets monitored by a second security control, at least some of the second set of the assets monitored by the second security control overlapping with the first set of the assets monitored by the first security control, the second portion of the user interface displaying two or more security states monitored by the second security control and further indicating the number of assets in each of the two or more security states monitored by the second security control, andwherein the method further comprises, upon user selection of the one of the two or more security states in the first portion, automatically highlighting one or more of the security states in the second portion of the user interface monitored by the second security control and having overlapping assets with the selected one of the security states from the first portion,wherein the first security control is a vulnerability assessment security control, and wherein the first portion of the user interface comprises a two-dimensional vulnerability risk matrix comprising multiple indicators that form the matrix, one or more of the indicators indicating the number of assets monitored by the vulnerability assessment security control having the corresponding vulnerability risk represented by the respective indicator, andwherein the second security control is one of a policy compliance security control, a change data security control, or a log event data security control.
- View Dependent Claims (6, 7, 8)
- - 6. The computer-implemented method of claim 5, wherein the user interface includes one or more additional portions of the user interface for displaying two or more security states monitored by one or more additional respective security controls, andwherein the method further comprises, upon selection of the one of the security states monitored by the first security control, automatically highlighting one or more of the security states monitored by the additional respective security controls having overlapping assets with the selected one of the security states monitored by the first security control.
  - 7. The computer-implemented method of claim 5, wherein the second security control is a policy compliance security control, and wherein the user interface comprises one or more binning diagrams corresponding to policies evaluated by the policy compliance security control.
  - 8. The computer-implemented method of claim 7, wherein each of the one or more binning diagrams is divided into indicators, each indicator representing a percentage range of passing tests in the respective compliance policy for one or more respective assets.

9. A system, comprising:
- a processor; and
  
  a memory storing instructions, which when executed by the processor cause the processor to perform a method, the method comprising;
  
  displaying a user interface that indicates a security control status of assets in an information technology (IT) infrastructure that are monitored by two or more security controls,wherein the user interface includes at least a first portion of the user interface that displays a security control status of a first set of the assets monitored by a first security control, the first portion of the user interface displaying two or more security states monitored by the first security control and further indicating the number of assets in each of the two or more security states monitored by the first security control, and wherein the method further comprises allowing a user to select one of the two or more security states in the first portion of the user interface,wherein the user interface further includes at least a second portion of the user interface that displays a security control status of a second set of the assets monitored by a second security control, at least some of the second set of the assets monitored by the second security control overlapping with the first set of the assets monitored by the first security control, the second portion of the user interface displaying two or more security states monitored by the second security control and further indicating the number of assets in each of the two or more security states monitored by the second security control, andwherein the method further comprises, upon user selection of the one of the two or more security states in the first portion, automatically highlighting one or more of the security states in the second portion of the user interface monitored by the second security control and having overlapping assets with the selected one of the security states from the first portion,wherein the first security control is a vulnerability assessment security control, and wherein the first portion of the user interface comprises a two-dimensional vulnerability risk matrix comprising multiple indicators that form the matrix, one or more of the indicators indicating the number of assets monitored by the vulnerability assessment security control having the corresponding vulnerability risk represented by the respective indicator, andwherein the second security control is one of a policy compliance security control, a change data security control, or a log event data security control.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein the user interface includes one or more additional portions of the user interface for displaying two or more security states monitored by one or more additional respective security controls, andwherein the method further comprises, upon selection of the one of the security states monitored by the first security control, automatically highlighting one or more of the security states monitored by the additional respective security controls having overlapping assets with the selected one of the security states monitored by the first security control.
  - 11. The system of claim 9, wherein the second security control is a policy compliance security control, and wherein the user interface comprises one or more binning diagrams corresponding to policies evaluated by the policy compliance security control.
  - 12. The system of claim 11, wherein each of the one or more binning diagrams is divided into indicators, each indicator representing a percentage range of passing tests in the respective compliance policy for one or more respective assets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
Haverty, Marsha, Schuh, Ted
Primary Examiner(s)
Khan, Sher A

Application Number

US15/997,535
Time in Patent Office

750 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 21/554   involving event detection a...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 43/08   Monitoring or testing based...

H04L 63/0236   Filtering by address, proto...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

Assessing security control quality and state in an information technology infrastructure

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Assessing security control quality and state in an information technology infrastructure

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links