Security force automation

US 20060191007A1
Filed: 02/24/2005
Published: 08/24/2006
Est. Priority Date: 02/24/2005
Status: Abandoned Application

First Claim

Patent Images

1. An automated security monitoring and management framework comprising:

(a) A central management center that provides visibility to an entire infrastructure and control of all modules in the framework;

(b) A security posture module that gathers hardware and software information into a centralized database;

(c) An auditing module that polls an environment for known security weaknesses;

(d) A threat analysis module that obtains and processes security advisories;

(e) An executive dashboard module for viewing overall network security health;

(f) A risk analysis module that provides predefined metrics to analyze system risks;

(g) A trouble ticketing module for the storage and tracking of current and historic security problems;

(h) A resolution module that analyzes and resolves problems in the infrastructure;

(i) A correlation engine module that compares data and ensures uniformity in the environment; and

(j) An incident discovery module that identifies techniques used by unauthorized persons in attempting to compromise a system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automated security monitoring and management framework which mimics the mind of a seasoned security expert and which is designed to provide security management, governance and compliance with business context risk assessment is described. The framework comprises of a central management center and a plurality of modules, whereby said framework has the ability to incorporate all security mechanisms into one cohesive solution. Our approach in management eliminates the human factor providing consistent, repeatable and scalable result in the enterprise. It is an agent-less, vendor-agnostic framework that is constantly working to maintain security and governance. Moreover, said framework is capable of correlating alerts and events from disparate systems providing a global view of one'"'"'s security status, and hence acts as a system that helps in identifying the patterns of threats as they develop. The framework simulates the tasks of a security engineer and automates a day in the life cycle of a security engineer.

56 Citations

View as Search Results

20 Claims

1. An automated security monitoring and management framework comprising:
- (a) A central management center that provides visibility to an entire infrastructure and control of all modules in the framework;
  
  (b) A security posture module that gathers hardware and software information into a centralized database;
  
  (c) An auditing module that polls an environment for known security weaknesses;
  
  (d) A threat analysis module that obtains and processes security advisories;
  
  (e) An executive dashboard module for viewing overall network security health;
  
  (f) A risk analysis module that provides predefined metrics to analyze system risks;
  
  (g) A trouble ticketing module for the storage and tracking of current and historic security problems;
  
  (h) A resolution module that analyzes and resolves problems in the infrastructure;
  
  (i) A correlation engine module that compares data and ensures uniformity in the environment; and
  
  (j) An incident discovery module that identifies techniques used by unauthorized persons in attempting to compromise a system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The framework of claim 1, wherein said central management center supports monitoring protocols, including SNMPv1, SNMPv2, SNMPv3 (RFC 1155, 1157, 1212, 1441-1452, 2263) and RMON (RFC 1757, 3577) among others to provide visibility to the entire infrastructure and control of all modules in said framework.
  - 3. The framework of claim 1, wherein said central management center gathers pertinent security information using Syslog, Microsoft Event Viewer and other log file analysis methods to monitor central processing units, Memory, Network Interfaces, Disk Statistics, System Processes, System Load and other information into a centralized database to provide a central point of management
  - 4. The framework of claim 1, wherein said security posture module incorporates network discovery tools and name resolution capability to identify systems throughout the environment and gather version and revision information for installed hardware and software, Media Access Control (MAC) addresses of devices, operating system information, IP addresses and other information into a centralized database.
  - 5. The framework of claim 1, wherein said auditing module audits said environment using a differential technique to minimize bandwidth and system resource use, contains a scheduler to perform a comprehensive audits at specified time intervals, and performs said vulnerability audits using data from said threat analysis module, causing said internal or third party trouble-ticketing system to generate trouble-tickets.
  - 6. The framework of claim 1, wherein said auditing module identifies an appropriate platform and performs application leveraging in said security posture module, generates alerts using E-mail, SNMP trap, and other electronic devices, and validates host identification performed in said security posture module.
  - 7. The framework of claim 1, wherein said threat analysis module obtains formatted security advisories and bulletins of vulnerabilities from providers using secure encrypted and authenticated transport at scheduled times or on demand, compares said advisories and bulletins with data from said security posture module for verification, provides said risk analysis module with information regarding said threat, and causes said trouble ticketing module to generate an action item ticket regarding said threat.
  - 8. The framework of claim 1, wherein said executive dashboard serves as a portal for senior IT staff or other executives of a company to view overall network security and make informed decisions to address any problems that have arisen.
  - 9. The framework of claim 1, wherein said risk analysis module produces real-time data based on predetermined criteria to analyze security risks and other system problems, allowing personnel to make decisions based on the information provided.
  - 10. An automated security monitoring and management framework of claim 1 wherein the risk assessment module provides proprietary risk metrics to place cost on assets for business context risk analysis.
  - 11. The framework of claim 1, wherein said trouble ticketing module tracks and stores all technical issues including security problems, allowing administrators to assign specific problems to the appropriate personnel if they are not resolved by the framework, while orchestrating the coordination of IT tasks, monitoring resource allocation, problem management, and historical changes for correlation purposes.
  - 12. The framework of claim 1, wherein said resolution module addresses a policy based resolution path, resolves security issues, and makes recommendations regarding how to react to specific problems using known policy based resolution processes supplied by a centralized database.
  - 13. The framework of claim 1, wherein said resolution module performs administrative tasks, including, but not limited to process and application restart functions.
  - 14. The framework of claim 1, wherein said resolution module works with said threat analysis module to affect vulnerability resolution and integrate connectors to third party products.
  - 15. The framework of claim 1, wherein said resolution module works in conjunction with said security posture module to provide policy based resolution.
  - 16. The framework of claim 1, wherein said resolution module coordinates with said risk analysis module to determine a course of action based on analysis of risk metrics.
  - 17. The framework of claim 1, wherein said correlation engine module compares relevant security data from various sources in said network to ensure uniformity in said environment.
  - 18. The framework of claim 1, wherein said correlation engine module correlates said threat events including compromised system integrity, invokes a computer incident response procedure to identify and resolve the threat and works in conjunction with said trouble ticketing module to generate alerts.
  - 19. The framework of claim 1, wherein said incident discovery module incorporates known and established IT industry methods of incident discovery analysis to identify techniques used by unauthorized persons in attempting to compromise said network, uses said auditing module and said security posture module to determine if said network contains any vulnerabilities that could be exploited, and queries logs;
    - identifies Trojans, rootkit, backdoors, hidden directories and other methods used by hackers to compromise a system.
  - 20. The framework of claim 1, wherein said incident discovery module will query for open Internet sockets, associate those with given applications and verify that system binaries have not been modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sanjiva Thielamay
Original Assignee
Sanjiva Thielamay
Inventors
Thielamay, Sanjiva

Application Number

US11/066,816
Publication Number

US 20060191007A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

Security force automation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security force automation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links