Real-Time Identification of an Asset Model and Categorization of an Asset to Assist in Computer Network Security
First Claim
1. A method for determining a unique identifier associated with a network node, comprising:
- querying an Internet Protocol (IP) address lookup data structure using an IP address associated with the network node;
returning the unique identifier associated with the network node; and
performing one of;
using the returned unique identifier to obtain an asset model associated with the network node; and
using the returned unique identifier to determine whether the network node is a member of a category.
11 Assignments
0 Petitions
Accused Products
Abstract
A unique identifier is assigned to a network node and is used to obtain an “asset model” corresponding to the node and to determine whether the node is a member of a particular category. An asset model is a set of information about a node (e.g., the node'"'"'s role within the enterprise, software installed on the node, and known vulnerabilities/weaknesses of the node). An identifier lookup module determines a node'"'"'s identifier based on characteristics of the node (such as IP address, host name, network zone, and/or MAC address), which are used as keys into lookup data structures. A category lookup module determines whether a particular node is a member of (i.e., within) a particular category using a transitive closure to model the categories (properties) that can be attached to an asset model. A transitive closure for a particular asset category is stored as a bitmap, similar to bitmap indexing.
-
Citations
18 Claims
-
1. A method for determining a unique identifier associated with a network node, comprising:
-
querying an Internet Protocol (IP) address lookup data structure using an IP address associated with the network node;
returning the unique identifier associated with the network node; and
performing one of;
using the returned unique identifier to obtain an asset model associated with the network node; and
using the returned unique identifier to determine whether the network node is a member of a category. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for determining a unique identifier associated with a network node, comprising:
-
querying a first lookup table using a domain name associated with the network node, the first lookup table comprising one or more pairs, a pair comprising a domain name associated with particular network node and a reference to a second lookup table, the second lookup table comprising one or more pairs, a pair comprising a hostname associated with the particular network node and a unique identifier associated with the particular network node;
querying the second lookup table using a hostname associated with the network node;
returning the unique identifier associated with the network node; and
performing one of;
using the returned unique identifier to obtain an asset model associated with the network node; and
using the returned unique identifier to determine whether the network node is a member of a category.
-
-
17. A computer program product for determining a unique identifier associated with a network node, the computer program product comprising a computer-readable medium containing computer program code for performing a method, the method comprising:
-
querying an Internet Protocol (IP) address lookup table using an IP address associated with the network node, the IP address lookup table comprising one or more pairs, a pair comprising an IP address associated with a particular network node and a unique identifier associated with the particular network node;
returning the unique identifier associated with the network node; and
performing one of;
using the returned unique identifier to obtain an asset model associated with the network node; and
using the returned unique identifier to determine whether the network node is a member of a category.
-
-
18. An apparatus for determining a unique identifier associated with a network node, comprising:
-
a query module configured to query an Internet Protocol (IP) address lookup table using an IP address associated with the network node, the IP address lookup table comprising one or more pairs, a pair comprising an IP address associated with a particular network node and a unique identifier associated with the particular network node;
a return module configured to return the unique identifier associated with the network node; and
one of;
an asset model module configured to use the returned unique identifier to obtain an asset model associated with the network node; and
a category module configured to use the returned unique identifier to determine whether the network node is a member of a category.
-
Specification