System and Method for Definition and Automated Analysis of Computer Security Threat Models
First Claim
1. A system for analyzing security related network activity comprising:
- a common data event database configured to store device event data in a common data event format; and
a threat model analysis engine configured to;
read common event data from the common data event database;
analyze the common event data by comparing the common event data to a threat model definition; and
generate a threat model instance corresponding to the threat model definition if a set of requirements of the definition is met by the common event data.
1 Assignment
0 Petitions
Accused Products
Abstract
A network security analysis tool and related systems and methods are disclosed. The disclosed invention can accept user input to define network security threat models. The system can collect event data from one or more network devices and analyze that data for the existence of activity matching the defined threat models. The collected data can be translated into a common format for storage in a database of the invented system. The system can create threat models to track network threats found in the collected data that both partially and completely match one or more threat model definitions. The resulting threat models can be displayed on a console to show threat progression in near real time.
-
Citations
46 Claims
-
1. A system for analyzing security related network activity comprising:
-
a common data event database configured to store device event data in a common data event format; and a threat model analysis engine configured to; read common event data from the common data event database; analyze the common event data by comparing the common event data to a threat model definition; and generate a threat model instance corresponding to the threat model definition if a set of requirements of the definition is met by the common event data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system for creating a threat model definition comprising:
-
a processor; a computer readable memory; an interface console; and instructions for making the processor operable to; prompt a user for threat model definition parameters; receive threat model definition parameters from the user; generate a threat model definition based on the threat model definition parameters received from the user. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46)
-
Specification