Network risk analysis

US 20040143753A1
Filed: 01/21/2003
Published: 07/22/2004
Est. Priority Date: 01/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method of analyzing security risk in a computer network comprising:

constructing asset relationships among a plurality of objects in the computer network;

receiving an event associated with a selected object;

wherein the event has an event risk level;

propagating the event to objects related to the selected object if the event risk level exceeds a propagation threshold.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for analyzing security risks in a computer network. The system constructs asset relationships among a plurality of objects in the computer network and receives an event associated with a selected object, where the event has an event risk level. The system also propagates the event to objects related to the selected object if the event risk level exceeds a propagation threshold.

Citations

22 Claims

1. A method of analyzing security risk in a computer network comprising:
- constructing asset relationships among a plurality of objects in the computer network;
  
  receiving an event associated with a selected object;
  
  wherein the event has an event risk level;
  
  propagating the event to objects related to the selected object if the event risk level exceeds a propagation threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A method of analyzing security risk in a computer network as recited in claim 1 wherein constructing asset relationships includes creating an asset graph.
  - 3. A method of analyzing security risk in a computer network as recited in claim 1 wherein the selected object has a plurality of associated attributes.
  - 4. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object.
  - 5. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object based on the event received and a time function that changes the object risk level over time.
  - 6. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object based on the event received and a time function;
    - wherein the time function is a decay function that decreases the object risk level over time.
  - 7. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object based on the event received and a time function;
    - wherein the time function is an exponential decay function that decreases the event risk level over time.
  - 8. A method of analyzing security risk in a computer network as recited in claim 1 further comprising determining an object risk level for the selected object and triggering a reaction once the object risk level reaches a triggering level.
  - 9. A method of analyzing security risk in a computer network as recited in claim 1 further comprising:
    - determining an object risk level for the selected object; and
      
      triggering a reaction once the object risk level reaches a triggering level;
      
      wherein the reaction includes notifying a user.
  - 10. A method of analyzing security risk in a computer network as recited in claim 1 further comprising:
    - determining an object risk level for the selected object; and
      
      triggering a reaction once the object risk level reaches a triggering level;
      
      wherein the reaction includes logging the event.
  - 11. A method of analyzing security risk in a computer network as recited in claim 1 further comprising:
    - determining an object risk level for the selected object; and
      
      triggering a reaction once the object risk level reaches a triggering level;
      
      wherein the reaction includes producing an analysis trail.
  - 12. A method of analyzing security risk in a computer network as recited in claim 1 further comprising:
    - determining an object risk level for the selected object; and
      
      triggering a reaction once the object risk level reaches a triggering level;
      
      wherein the reaction includes producing an analysis trail comprising information for tracing event effects.
  - 13. A method of analyzing security risk in a computer network as recited in claim 1 further comprising:
    - determining an object risk level for the selected object; and
      
      triggering a reaction once the object risk level reaches a triggering level;
      
      wherein the reaction includes producing an analysis trail comprising information for tracing event effects and reconstructing a chain of events that occurred previously using the analysis trail.
  - 14. A method of analyzing security risk in a computer network as recited in claim 1 further comprising propagating the event to dependent objects that have a dependency on the selected object;
    - wherein propagating the event to the dependent objects includes determining whether the event has an event risk level that exceeds a propagation threshold.
  - 15. A method of analyzing security risk in a computer network as recited in claim 1 further comprising normalizing the event risk level based on a canonical scale.
  - 16. A method of analyzing security risk in a computer network as recited in claim 1 wherein the selected object is a target object of the event.
  - 17. A method of analyzing security risk in a computer network as recited in claim 1 wherein the event received is real time input or stored data.

18. A method of analyzing security risk in a computer network comprising:
- receiving an event associated with a selected object in the computer network;
  
  determining an object risk level for the selected object based on the event received and a time function that changes the object risk level over time.
- View Dependent Claims (19, 20)
- - 19. A method of analyzing security risk in a computer network as recited in claim 18 wherein the time function is a decay function that decreases the object risk level over time.
  - 20. A method of analyzing security risk in a computer network as recited in claim 18 wherein the time function is an exponential decay function.

21. A computer program product for analyzing security risk in a computer network, the computer program product being embodied in a computer readable medium and comprising computer instructions for:
- constructing asset relationships among a plurality of objects in the computer network;
  
  receiving an event associated with a selected object;
  
  wherein the event has an event risk level; and
  
  propagating the event to objects related to the selected object if the event risk level exceeds a propagation threshold.

22. A system for analyzing security risk in a computer network comprising:
- an input interface configured to receive an event associated with a selected object;
  
  a processor configured to construct asset relationships among a plurality of objects in the computer network and propagating the event to objects related to the selected object if the event risk level exceeds a propagation threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bennett, Jeremy, Hernacki, Brian

Granted Patent

US 7,409,721 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

H04L 63/02 for separating internal fro...

H04L 63/14 for detecting or protecting...

Network risk analysis

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Network risk analysis

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links