System and method for security information normalization

US 20050015623A1
Filed: 02/13/2004
Published: 01/20/2005
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. A network auditing method comprising:

retrieving network information gathered by a plurality of heterogeneous information sources;

identifying a network policy to be applied to the retrieved information;

identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources; and

uniformly applying the network policy to the information identified as being semantically equivalent.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes an audit repository storing network information gathered by a plurality of heterogeneous information sources. A semantic normalization module identifies semantic equivalencies in the gathered information, and generates a map listing for each fact gathered by an information source, an equivalent fact or set of facts gathered by each of the other information sources. A network policy is then uniformly applied to the information that is identified as being semantically equivalent.

Citations

16 Claims

1. A network auditing method comprising:
- retrieving network information gathered by a plurality of heterogeneous information sources;
  
  identifying a network policy to be applied to the retrieved information;
  
  identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources; and
  
  uniformly applying the network policy to the information identified as being semantically equivalent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein each semantic equivalence is associated with an identifier.
  - 3. The method of claim 2, wherein the identifier is used for generating a network policy rule independently of a source type.
  - 4. The method of claim 1, wherein the identifier is associated with computer code parsing the information gathered by each heterogeneous information source.
  - 5. The method of claim 1, wherein the identifying of semantic equivalencies comprises:
    - identifying a list of facts gathered by each information source;
      
      identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and
      
      storing the semantic equivalence information.
  - 6. The method of claim 1 further comprising:
    - determining compliance with the network policy; and
      
      making a recommendation for modifying a network feature based on the compliance determination.
  - 7. The method of claim 6, wherein the recommendation is a change to the network policy.
  - 8. The method of claim 6, wherein the recommendation is task associated with the network feature.

9. A server in a network auditing system, the server comprising:
- a data store storing network information gathered by a plurality of heterogeneous information sources;
  
  a semantic normalization module coupled to the data store, the module identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources; and
  
  means for uniformly applying a network policy to the information identified as being semantically equivalent.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The server of claim 9, wherein each semantic equivalence is associated with an identifier.
  - 11. The server of claim 9 further comprising means for generating a network policy rule independently of a source type based on the identifier.
  - 12. The server of claim 9, wherein the identifier is associated with computer code parsing the information gathered by each heterogeneous information source.
  - 13. The server of claim 9, wherein the semantic normalization module identifies a list of facts gathered by each information source, identifies for each fact on the list one or more equivalent facts gathered by each of the other information sources, and stores the semantic equivalence information.
  - 14. The server of claim 9 further comprising:
    - means for determining compliance with the network policy; and
      
      means for making a recommendation for modifying a network feature based on the compliance determination.
  - 15. The server of claim 14, wherein the recommendation is a change to the network policy.
  - 16. The server of claim 14, wherein the recommendation is task associated with the network feature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Costello, Brian, Pelly, John, Walpole, Thomas Paul, Ravenel, John Patrick, Williams, John Leslie, Nakawatase, Ryan Tadashi

Granted Patent

US 7,624,422 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for security information normalization

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for security information normalization

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links