METHOD OF INTEGRATING A SECURITY OPERATIONS POLICY INTO A THREAT MANAGEMENT VECTOR

US 20080263664A1
Filed: 04/17/2007
Published: 10/23/2008
Est. Priority Date: 04/17/2007
Status: Active Grant

First Claim

Patent Images

1. A method of integrating a security operations policy into a threat management vector, the method comprising:

receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC);

propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC;

refining at least one of the IDC, the IRC, or the VRC to conform to a security operations policy of the PMR; and

forwarding the refined TMV to a threat management domain controller (TMDC).

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to the integration of a security operations policy into a threat management vector. In one embodiment, a method according to the invention includes receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC); forwarding to the TMDC a TMV including only the root vulnerability vector, the at least one system vector, and the at least one system level vector; propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC; refining at least one of the IDC, the IRC, and the VRC to conform to a security operations policy of the PMR; forwarding the refined TMV to a threat management domain controller (TMDC); recording refinements made by each PMR to each of the IDC, the IRC, and the VRC; transferring the recorded refinements to a threat management control book (TMCB); and marking the refined TMV as having been refined by each PMR making a refinement.

35 Citations

8 Claims

1. A method of integrating a security operations policy into a threat management vector, the method comprising:
- receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC);
  
  propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC;
  
  refining at least one of the IDC, the IRC, or the VRC to conform to a security operations policy of the PMR; and
  
  forwarding the refined TMV to a threat management domain controller (TMDC).
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - forwarding to the TMDC a TMV including only the root vulnerability vector, the at least one system vector, and the at least one system level vector.
  - 3. The method of claim 1, wherein the hierarchy of PMRs includes at least one PMR selected from a group consisting of:
    - a corporate PMR, a business unit PMR, a geographic PMR, a site PMR, and a domain PMR.
  - 4. The method of claim 1, wherein refining includes:
    - collaborating refinements between at least one pairing selected from a group consisting of;
      
      a non-refined IDC and a refined IRC;
      
      a non-refined IDC and a refined VRC;
      
      a non-refined IRC and a refined IDC;
      
      a non-refined IRC and a refined VRC;
      
      a non-refined VRC and a refined IDC; and
      
      a non-refined VRC and a refined IRC;
      
      consolidating the refinements in a refined TMV; and
      
      passing the refined TMV to a PMR lower in the hierarchy.
  - 5. The method of claim 1, further comprising:
    - recording refinements made by each PMR to each of the IDC, the IRC, and the VRC;
      
      transferring the recorded refinements to a threat management control book (TMCB); and
      
      marking the refined TMV as having been refined by each PMR making a refinement.
  - 6. The method of claim 5, further comprising:
    - updating a security operations policy of at least one PMR;
      
      generating a superseding TMV based on the updated security operations policy; and
      
      forwarding the superseding TMV to the TMDC.

7. A method of supplying a computer system with a threat management vector, the method comprising:
- registering a computer system with a first threat management domain controller (TMDC); and
  
  in the case that the computer system was previously registered with a second TMDC;
  
  reporting to the first TMDC all threat management vector generation numbers (TMVGNs) received from the second TMDC;
  
  propagating each TMVGN upward through a policy mediation region (PMR) hierarchy;
  
  decomposing each TMVGN until an original source TMV is obtained;
  
  regenerating a refined TMV from the original source TMV by propagating the TMV downward through the PMR hierarchy; and
  
  forwarding the refined TMV to the first TMDC.

8. A program product stored on a computer-readable medium, which when executed, integrates a security operations policy into a threat management vector, the program product comprising:
- program code for receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC);
  
  program code for propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC;
  
  program code for refining at least one of the IDC, the IRC, and the VRC to conform to a security operations policy of the PMR; and
  
  program code for forwarding the refined TMV to a threat management domain controller (TMDC).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LinkedIn Corporation (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
McKenna, John J.

Granted Patent

US 7,770,203 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

METHOD OF INTEGRATING A SECURITY OPERATIONS POLICY INTO A THREAT MANAGEMENT VECTOR

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD OF INTEGRATING A SECURITY OPERATIONS POLICY INTO A THREAT MANAGEMENT VECTOR

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links