Method and system for managing computer security information
1 Assignment
0 Petitions
Accused Products
Abstract
A security management system includes a fusion engine which “fuses” or assembles information from multiple data sources and analyzes this information in order to detect relationships between raw events that may indicate malicious behavior and to provide an organized presentation of information to consoles without slowing down the processing performed by the data sources. The multiple data sources can comprise sensors or detectors that monitor network traffic or individual computers or both. The sensors can comprise devices that may be used in intrusion detection systems (IDS). The data sources can also comprise firewalls, audit systems, and other like security or IDS devices that monitor data traffic in real-time. The present invention can identify relationships between one or more real-time, raw computer events as they are received in real- time. The fusion engine can also assess and rank the risk of real-time raw events as well as mature correlation events.
112 Citations
45 Claims
-
1-25. -25. (canceled)
-
26. A computer-implemented process for authenticating a workstation requesting a network service from a network server via a computer network, comprising the steps:
-
completing a vulnerability assessment comprising a scan of the workstation to identify at least one of security vulnerabilities that would compromise the secure operation of the workstation on the computer network and evidence of a compromise;
generating workstation security credentials based on the vulnerability assessment, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise;
comparing the workstation security credentials to a workstation security policy to determine whether the workstation should be granted access to the network service; and
authorizing access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy, otherwise denying access to the network service by the workstation. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A network security system for authenticating a workstation requesting a network service from a network server via a computer network, comprising:
-
a local workstation assessment service, operative on the workstation, for generating workstation security credentials by completing a vulnerability assessment of the workstation comprising a scan to identify at least one of security vulnerabilities that would compromise the secure operation of the workstation on the computer network and evidence of a compromise, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise; and
a workstation security policy, operative on the workstation, for defining security policy requirements for secure operations by the workstation;
the local workstation assessment service further operative for comparing the workstation security credentials to the workstation security policy to determine whether the workstation should be granted access to the network service, the local workstation assessment service further operative to authorize access to the network service by the workstation if the workstation security credentials satisfy the workstation security policy. - View Dependent Claims (36)
-
-
37. A network security system for authenticating a workstation requesting a network service from a network server via a computer network, comprising.
the network service operative to generate workstation security credentials by completing a vulnerability assessment comprising a scan of the workstation to identify at least one of security vulnerabilities that would compromise the secure operation of the workstation on the computer network and evidence of a compromise, the workstation security credentials comprising one of integrity information describing whether the workstation has been compromised, and security posture information describing the workstation'"'"'s potential for compromise; the network service further operative to determine whether the workstation should be granted access to a software service of the network based on the workstation security credentials. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
Specification