Systems and Methods for Sensitive Data Remediation

US 20100281543A1
Filed: 04/16/2010
Published: 11/04/2010
Est. Priority Date: 04/30/2009
Status: Active Grant

First Claim

Patent Images

1. A computer network auditing method, comprising:

deploying agents on respective computers among a plurality of computers throughout a network;

using the agents to collect information about the type of data stored on the respective computers and the programs running on the respective computers;

receiving the information from the agents at a central location;

for each computer for which the information has been received, calculating a risk score, where the risk score is based on the type of data stored on said each computer and a security of said each computer;

comparing, at the central location, calculated risk scores of multiple computers and ranking the multiple computers in a risk score order; and

for a given one of the multiple computers in the risk score order, performing a remediation technique that has the effect of reducing the risk score for the given computer.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for sensitive data remediation include calculating a Probability of Loss of data on a given computer based on measures of control, integrity, and potential avenues of exploitation of the given computer, determining an Impact of Loss of the data on the given computer based on a type, volume, and nature of the data, and correlating the Probability of Loss with the Impact of Loss to generate a risk score for the given computer that can be compared to other computers in the network. The computers with higher risk scores can then be subjected to data remediation activity.

41 Citations

View as Search Results

20 Claims

1. A computer network auditing method, comprising:
- deploying agents on respective computers among a plurality of computers throughout a network;
  
  using the agents to collect information about the type of data stored on the respective computers and the programs running on the respective computers;
  
  receiving the information from the agents at a central location;
  
  for each computer for which the information has been received, calculating a risk score, where the risk score is based on the type of data stored on said each computer and a security of said each computer;
  
  comparing, at the central location, calculated risk scores of multiple computers and ranking the multiple computers in a risk score order; and
  
  for a given one of the multiple computers in the risk score order, performing a remediation technique that has the effect of reducing the risk score for the given computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising pushing the agents from a server to the respective computers.
  - 3. The method of claim 1, further comprising receiving the information from the agents via a secure encrypted tunnel.
  - 4. The method of claim 1, further comprising applying weights to variables associated with the type of data stored on respective computers and associated with metrics of security for the respective computer.
  - 5. The method of claim 4, wherein the variables or metrics include at least one of number of pieces of malware, number of rootkits, number of hidden files, days since last audit, running programs, network connections, potential network connections, confirmed signature-based vulnerabilities, confirmed mis-configurations, type/sensitivity of data, or network location/role of the computer.
  - 6. The method of claim 1, wherein the remediation technique comprises at least one of deleting, encrypting, or moving data on or from the given one of the multiple computers.
  - 7. The method of claim 1, wherein the remediation technique comprises changing a configuration, uninstalling an application, installing an application, executing an application, or disabling a running service on the given one of the multiple computers.
  - 8. The method of claim 1, further comprising notifying a user of the given one of the multiple computers that data has been removed from the computer.

9. A method of increasing security of data on a network, comprising:
- categorizing data stored on a first computer to obtain categories of data;
  
  determining potential avenues of exploitation of the first computer to obtain a list of potential avenues of exploitation;
  
  sending to a server computer information including the categories of data and the list of potential avenues of exploitation associated with the first computer;
  
  categorizing data stored on a second computer to obtain categories of data;
  
  determining potential avenues of exploitation of the second computer to obtain a list of potential avenues of exploitation;
  
  sending to the server computer information including the categories of data and the list of potential avenues of exploitation associated with the second computer;
  
  generating a risk score for each of the first computer and the second computer, the risk score being based on the respective categories of data and list of potential avenues of exploitation of the first and second computers;
  
  causing a given category of data on the first computer to be removed from the first computer in light of the first computer having a higher risk score than the second computer.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, wherein the steps of categorizing data and determining potential avenues of exploitation are performed by respective agents operating on the first and second computers.
  - 11. The method of claim 9, wherein the step of generating a risk score comprises weighting variables representing the categories of data and the potential avenues of exploitation.
  - 12. The method of claim 11, wherein the variables include at least one of number of pieces of malware, number of rootkits, number of hidden files, days since last audit, running programs, network connections, potential network connections, confirmed signature-based vulnerabilities, confirmed mis-configurations, type/sensitivity of data, or network location/role of the computer.
  - 13. The method of claim 9, further comprising notifying a user of the first computer that data has been removed from the first computer.

14. A method of monitoring a network of computers, comprising;
- receiving, from respective computers in the network, an indication of the types of information stored thereon;
  
  receiving, from the respective computers in the network, an indication of a level of security thereof;
  
  receiving, from the respective computers in the network, an indication of configuration of the respective computer;
  
  calculating a risk score for each respective computer based on the types of information, security and configuration of each respective computer; and
  
  ranking the computers based on their respective risk scores.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising performing a remediation technique on a highest ranking computer of the computers subjected to ranking.
  - 16. The method of claim 14, wherein the remediation technique comprises at least one of deleting, encrypting, or moving data on the highest ranking computer.
  - 17. The method of claim 14, wherein the remediation technique comprises changing a configuration, uninstalling an application, installing an application, executing an application, or disabling a running service on the highest ranking computer.
  - 18. The method of claim 14, further comprising notifying a user of the highest ranking computer that data has been removed from the computer.

19. A method, comprising:
- calculating a Probability of Loss of data on a given computer based on measures of control, integrity, and potential avenues of exploitation of the given computer;
  
  determining an Impact of Loss of the data on the given computer based on a type, volume, and nature of the data; and
  
  correlating the Probability of Loss with the Impact of Loss to generate a risk score for the given computer that can be compared to other computers in the network.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising performing a remediation technique on the given computer when the risk score is greater than the risk scores of the other computers in the network, wherein the remediation technique results in a lowered risk score for the given computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Netwitness Corporation (Dell Technologies Inc.)
Inventors
Girardi, Brian P., Douglas, Kevin T., Golomb, Gary J.

Granted Patent

US 8,549,649 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Systems and Methods for Sensitive Data Remediation

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and Methods for Sensitive Data Remediation

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links