Method and system for managing computer security information

US 20060265746A1
Filed: 05/11/2006
Published: 11/23/2006
Est. Priority Date: 04/27/2001
Status: Abandoned Application

First Claim

Patent Images

1-25. -25. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security management system includes a fusion engine which “fuses” or assembles information from multiple data sources and analyzes this information in order to detect relationships between raw events that may indicate malicious behavior and to provide an organized presentation of information to consoles without slowing down the processing performed by the data sources. The multiple data sources can comprise sensors or detectors that monitor network traffic or individual computers or both. The sensors can comprise devices that may be used in intrusion detection systems (IDS). The data sources can also comprise firewalls, audit systems, and other like security or IDS devices that monitor data traffic in real-time. The present invention can identify relationships between one or more real-time, raw computer events as they are received in real- time. The fusion engine can also assess and rank the risk of real-time raw events as well as mature correlation events.

112 Citations

45 Claims

1-25. -25. (canceled)

26. A computer-implemented process for authenticating a workstation requesting a network service from a network server via a computer network, comprising the steps:
- completing a vulnerability assessment comprising a scan of the workstation to identify at least one of security vulnerabilities that would compromise the secure operation of the workstation on the computer network and evidence of a compromise;
  
  generating workstation security credentials based on the vulnerability assessment, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise;
  
  comparing the workstation security credentials to a workstation security policy to determine whether the workstation should be granted access to the network service; and
  
  authorizing access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy, otherwise denying access to the network service by the workstation.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
- - 27. The computer-implemented process of claim 26, further comprising the step of authorizing access to a predetermined level of the network service if the workstation security credentials satisfy a portion of the workstation security policy.
  - 28. The computer-implemented process of claim 26, wherein completing the vulnerability assessment comprising the scan of the workstation further comprises calculating a score associated with vulnerability of the workstation and assigning a level of the network service based on the score.
  - 29. The computer-implemented process of claim 26, wherein the step of generating the workstation security credentials comprises completing the vulnerability assessment of the workstation by a network workstation assessment service maintained on an assessment server coupled to the computer network, the assessment server operating as a remote server different from the network server, the network workstation assessment service operative to generate the workstation security credentials.
  - 30. The computer-implemented process of claim 26, wherein the step of generating the workstation security credentials comprises completing the vulnerability assessment of the workstation by a local workstation assessment service maintained on the workstation, the local workstation assessment service operative to generate the workstation security credentials.
  - 31. The computer-implemented process of claim 26, wherein the workstation security policy is maintained on the network server, the process further comprising the steps of:
    - transmitting the workstation security credentials from the network workstation assessment service on an assessment server to the network service on the network server via the computer network; and
      
      comparing at the network server the workstation security credentials to the workstation security policy to determine whether the workstation should be granted access to the network service.
  - 32. The computer-implemented process of claim 26, fixer comprising the step of communicating a service decision from the network server to the workstation via the computer network, the service decision defining whether the workstation is allowed to access the network service or a degraded form of the network service.
  - 33. The computer-implemented process of claim 26, wherein the step of generating the workstation security credentials comprises completing the vulnerability assessment of the workstation by the network service on the network server in response to receiving a request for the network service from the workstation via the computer network.
  - 34. The computer-implemented process of claim 26, wherein the workstation security policy is maintained on the network server, the process further comprising step of comparing at the network server the workstation security credentials to the workstation security policy to determine whether the workstation should be granted access to the network service or a degraded form of the network service.

35. A network security system for authenticating a workstation requesting a network service from a network server via a computer network, comprising:
- a local workstation assessment service, operative on the workstation, for generating workstation security credentials by completing a vulnerability assessment of the workstation comprising a scan to identify at least one of security vulnerabilities that would compromise the secure operation of the workstation on the computer network and evidence of a compromise, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise; and
  
  a workstation security policy, operative on the workstation, for defining security policy requirements for secure operations by the workstation;
  
  the local workstation assessment service further operative for comparing the workstation security credentials to the workstation security policy to determine whether the workstation should be granted access to the network service, the local workstation assessment service further operative to authorize access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy.
- View Dependent Claims (36)
- - 36. The computer-implemented process of claim 35, further comprising the step of authorizing access to a predetermined level of the network service if the workstation security credentials satisfy a portion of the workstation security policy.

37. A network security system for authenticating a workstation requesting a network service from a network server via a computer network, comprising. the network service operative to generate workstation security credentials by completing a vulnerability assessment comprising a scan of the workstation to identify at least one of security vulnerabilities that would compromise the secure operation of the workstation on the computer network and evidence of a compromise, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise;
- the network service further operative to determine whether the workstation should be granted access to a software service of the network based on the workstation security credentials.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
- - 38. The network security system of claim 37, further comprising a workstation security policy at the network server, the workstation security policy operative to define security requirements for secure operation of the workstation on the computer network.
  - 39. The network security system of claim 37, wherein the network service is further operative to compare the workstation security credentials to a workstation security policy to determine whether the workstation should be granted access to the software service, the network service operative to authorize access to the software service by the workstation if the workstation security credentials satisfy the workstation security policy.
  - 40. The computer-implemented process of claim 37, further comprising the step of authorizing access to a predetermined level of the software service if the workstation security credentials satisfy a portion of a workstation security policy.
  - 41. The computer-implemented process of claim 37, further comprising the step of communicating a service decision from the network server to the workstation via the computer network, the service decision defining whether the workstation is allowed to access the software service or a degraded form of the software service.
  - 42. The computer-implemented process recited of claim 37, wherein a workstation security policy is maintained on the network server, the process further comprising the step of comparing at the network server the workstation security credentials to the workstation security policy to determine whether the workstation should be granted access to the software service or a degraded form of the software service.
  - 43. The computer-implemented process of claim 37, comprising the step of communicating a service decision from the network server to the workstation via the computer network, the service decision defining a degraded form of the software service.
  - 44. The computer-implemented process of claim 37, wherein completing a vulnerability assessment comprising the scan of the workstation further comprises calculating a score associated with vulnerability of the workstation.
  - 45. The computer-implemented process of claim 37, wherein completing a vulnerability assessment comprising a scan of the workstation further comprises calculating a score associated with vulnerability of the workstation and assigning a level of the network service based on the score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Internet Security Systems Incorporated (International Business Machines Corporation)
Inventors
Williams, Bryan Douglas, Mezack, Derek John, Brass, Philip Charles, Farley, Timothy P., Young, George C., Hammer, John M.

Application Number

US11/432,737
Publication Number

US 20060265746A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/1433   Vulnerability analysis

H04L 63/1458   Denial of Service

Method and system for managing computer security information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

45 Claims

Specification

Use Cases

Quick Links

Others

Method and system for managing computer security information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

45 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others