Method And Apparatus For Risk Visualization and Remediation

US 20110126111A1
Filed: 11/23/2010
Published: 05/26/2011
Est. Priority Date: 11/20/2009
Status: Active Grant

First Claim

Patent Images

1. A system for rapid risk identification, visualization, remediation, and role redesign, comprising:

a computer-implemented user interface processor for providing a common user interface that graphically displays one or more risks and access violations in a single screen session;

a computer-implemented risk engine for promoting alignment between different systems of an enterprise, including information technology (IT) functions;

a controls and risk repository for storing enterprise policy rules; and

a computer-implemented integration framework in communication with and for gathering data from one or more IT resources, one or more physical access systems, and one or more industrial control systems.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus provides techniques for providing complete solutions for role-based, rules-driven access enforcement. An embodiment addresses blended risk assessment and security across logical systems, IT applications, databases, and physical systems from a single analytic dashboard, with auto-remediation capabilities. Further, an embodiment provides capability and functionality for providing visual risk and event monitoring, alerting, mitigation, and analytics displayed on a geospatial map.

270 Citations

24 Claims

1. A system for rapid risk identification, visualization, remediation, and role redesign, comprising:
- a computer-implemented user interface processor for providing a common user interface that graphically displays one or more risks and access violations in a single screen session;
  
  a computer-implemented risk engine for promoting alignment between different systems of an enterprise, including information technology (IT) functions;
  
  a controls and risk repository for storing enterprise policy rules; and
  
  a computer-implemented integration framework in communication with and for gathering data from one or more IT resources, one or more physical access systems, and one or more industrial control systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein said gathered data comprises data from any of different enterprise resource planning (ERP) systems, identity and access management resources, provisioning and roles management systems, corporate directories, human resources (HR) systems, sources of threat detection, Gibson Research Corporation (GRC) systems, IT Security Automation and Physical Security/SCADA systems, process controls systems, and video surveillance systems.
  - 3. The system of claim 1, wherein the integration framework provides:
    - a messaging framework for sending an receiving messages;
      
      a connector framework for connecting with said one or more IT resources, one or more physical access systems, and one or more industrial control systems;
      
      an extraction framework for extracting data; and
      
      a meta data repository for storing metadata.
  - 4. The system of claim 1, wherein said user interface processor performs the operation of:
    - allowing any of IT security, compliance analysts and business managers to collaborate to arrive at a best remediation decision by providing a visualization of an impact prior to applying remediation actions.
  - 5. The system of claim 4, wherein said user interface processor further performs the operation of providing a visualization of segregation of duties (SoD) violations, roles and related risks within a same context, on said single screen.
  - 6. The system of claim 1, wherein said one or more risks comprises risks from IT applications, IT assets, corporate assets, critical assets, and physical access that users and administrators have thereto.
  - 7. The system of claim 1, wherein said user interface processor allows users to performs operations of remediating said one or more risks during said single screen session.
  - 8. The system of claim 1, wherein said user interface processor performs the operation of drilling down on a risk item of said one or more risks and presenting details of processes, transactions, roles with permissions and users, wherein said details, transactions, roles with permissions and user are associated with said risk item, and wherein said presenting is in a single screen.
  - 9. The system of claim 8, wherein said user interface processor initiating remediation actions that are associated with said risk item in response to a single click, thereby providing powerful actionable response to risks.
  - 10. The system of claim 1, wherein:
    - said user interface processor provides a presentation of a common set of data for aligning difference viewers from different organizations within an enterprise;
      
      said user interface processor provides a quick visualization of identified security and compliance violations and exposure points and means for remediating said violations;
      
      said integration framework provides automated security and compliance data extraction from said one or more IT resources, one or more physical access systems, and one or more industrial control systems;
      
      said user interface processor provides a visual representation with drill-down capability to allow users to search for various entities including other users, roles, risks, and controls and to view relationships thereof; and
      
      said user interface processor provides actionable visualization through which changes can be made to users, roles, and risks and simulated before said changes are performed in target systems.
  - 11. The system of claim 1, further comprising:
    - a setup processor that sends a create message to a connector processor, a configure message to an extractor processor, and a configure message to a scheduled job processor;
      
      a scheduled jobs processor that sends an extract message to the extractor processor and receives a message from the extractor processor, wherein the extractor processor sends a fetch user activity and risks message to an SAP/LDAP/CC processor, which sends a response back to the extractor processor, wherein the extractor processor also sends an enrich and store message to a repository;
      
      a visualization processor that sends to and receives from the repository the messages for obtaining data, wherein the visualization processor then causes a display message to execute, causes a perform remediation and mitigation message to execute, and sends a store remediation and mitigation message to a database and receives a return message therefrom;
      
      wherein, in response to the return message, said visualization processor executes a reflect remediation and mitigation for all affected entities message, and sends a commit remediation and mitigation message to the SAP/LDAP/CC processor and receives a return reply.
  - 12. The system of claim 1, further providing:
    - a logon interface to an end user consistent with other applications of an alert enterprise system;
      
      a customizable application homepage that provides a dashboard view on risks and a list of any outstanding tasks;
      
      an interactive role details visualization screen that visually displays risks associated with roles, users, and assets;
      
      a SAP role representation-technical view that provides a default technical view of transactions that form part of a role and a user that has the role;
      
      a SAP role relationships business view that simplifies the complex technical definitions into user friendly text for assimilation;
      
      a SAP role relationship actionable menu that provides ability to execute tasks on a role from an interactive screen;
      
      an actionable risk analysis screen at which root cause analysis is performed for highlighted risk and other associated actions, including add mitigation control and remove user from role;
      
      a risk analysis screen that shows the result of when risk analysis indicates the cause of risk due to transactions inherent in the role being analyzed;
      
      a risk remediation view, at which a user may remediate a risk identified, including removing transactions from the role being analyzed;
      
      a confirmation of the risk remediated and current risk status view, wherein the view is changed to indicate completed risk remediation;
      
      a user analysis view, wherein any user is searched for access, any relevant risks, or other user information;
      
      a user to corporate assets view, wherein the view provides detailed view of corporate assets owned by a user;
      
      a user to system access view, said view providing a detailed view of system accesses of a user;
      
      a user to access detailed view that offers a drill down level view of system access;
      
      a user supplemental information view that provides additional information about a user being analyzed, said information from corporate directories;
      
      a user to role within systems view, wherein associated roles of a user profile identifies a role with inherent risk;
      
      a risk mitigation view that is used for mitigating risk on account of a role interactively and provides a view that shows completed risk mitigation as reflected in highlighted changes on the roles of the user; and
      
      a reports view for out-of-the-box reports on risks, roles, users, and related accesses.

13. A computer-implemented method for rapid risk identification, visualization, remediation, and role redesign, comprising the steps of:
- providing a computer-implemented user interface processor for providing a common user interface that graphically displays one or more risks and access violations in a single screen session;
  
  providing a computer-implemented risk engine for promoting alignment between different systems of an enterprise, including information technology (IT) functions;
  
  providing a controls and risk repository for storing enterprise policy rules; and
  
  providing a computer-implemented integration framework in communication with and for gathering data from one or more IT resources, one or more physical access systems, and one or more industrial control systems.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The computer-implemented method of claim 13, wherein said gathered data comprises data from any of different enterprise resource planning (ERP) systems, identity and access management resources, provisioning and roles management systems, corporate directories, human resources (HR) systems, sources of threat detection, Gibson Research Corporation (GRC) systems, IT Security Automation and Physical Security/SCADA systems, process controls systems, and video surveillance systems.
  - 15. The computer-implemented method of claim 13, wherein the integration framework provides:
    - a messaging framework for sending an receiving messages;
      
      a connector framework for connecting with said one or more IT resources, one or more physical access systems, and one or more industrial control systems;
      
      an extraction framework for extracting data; and
      
      a meta data repository for storing metadata.
  - 16. The computer-implemented method of claim 13, wherein said user interface processor performs the operation of:
    - allowing any of IT security, compliance analysts and business managers to collaborate to arrive at a best remediation decision by providing a visualization of an impact prior to applying remediation actions.
  - 17. The computer-implemented method of claim 16, wherein said user interface processor further performs the operation of providing a visualization of segregation of duties (SoD) violations, roles and related risks within a same context, on said single screen.
  - 18. The computer-implemented method of claim 13, wherein said one or more risks comprises risks from IT applications, IT assets, corporate assets, critical assets, and physical access that users and administrators have thereto.
  - 19. The computer-implemented method of claim 13, wherein said user interface processor allows users to performs operations of remediating said one or more risks during said single screen session.
  - 20. The computer-implemented method of claim 13, wherein said user interface processor performs the operation of drilling down on a risk item of said one or more risks and presenting details of processes, transactions, roles with permissions and users, wherein said details, transactions, roles with permissions and user are associated with said risk item, and wherein said presenting is in a single screen.
  - 21. The computer-implemented method of claim 20, wherein said user interface processor initiating remediation actions that are associated with said risk item in response to a single click, thereby providing powerful actionable response to risks.
  - 22. The computer-implemented method of claim 13, wherein:
    - said user interface processor provides a presentation of a common set of data for aligning difference viewers from different organizations within an enterprise;
      
      said user interface processor provides a quick visualization of identified security and compliance violations and exposure points and means for remediating said violations;
      
      said integration framework provides automated security and compliance data extraction from said one or more IT resources, one or more physical access systems, and one or more industrial control systems;
      
      said user interface processor provides a visual representation with drill-down capability to allow users to search for various entities including other users, roles, risks, and controls and to view relationships thereof; and
      
      said user interface processor provides actionable visualization through which changes can be made to users, roles, and risks and simulated before said changes are performed in target systems.
  - 23. The computer-implemented method of claim 13, further comprising the step of:
    - providing a setup processor that sends a create message to a connector processor, a configure message to an extractor processor, and a configure message to a scheduled job processor;
      
      providing a scheduled jobs processor that sends an extract message to the extractor processor and receives a message from the extractor processor, wherein the extractor processor sends a fetch user activity and risks message to an SAP/LDAP/CC processor, which sends a response back to the extractor processor, wherein the extractor processor also sends an enrich and store message to a repository;
      
      providing a visualization processor that sends to and receives from the repository the messages for obtaining data, wherein the visualization processor then causes a display message to execute, causes a perform remediation and mitigation message to execute, and sends a store remediation and mitigation message to a database and receives a return message therefrom;
      
      wherein, in response to the return message, said visualization processor executes a reflect remediation and mitigation for all affected entities message, and sends a commit remediation and mitigation message to the SAP/LDAP/CC processor and receives a return reply.
  - 24. The computer-implemented method of claim 13, further comprising the steps of:
    - providing a logon interface to an end user consistent with other applications of an alert enterprise system;
      
      providing a customizable application homepage that provides a dashboard view on risks and a list of any outstanding tasks;
      
      providing an interactive role details visualization screen that visually displays risks associated with roles, users, and assets;
      
      providing a SAP role representation-technical view that provides a default technical view of transactions that form part of a role and a user that has the role;
      
      providing a SAP role relationships business view that simplifies the complex technical definitions into user friendly text for assimilation;
      
      providing a SAP role relationship actionable menu that provides ability to execute tasks on a role from an interactive screen;
      
      providing an actionable risk analysis screen at which root cause analysis is performed for highlighted risk and other associated actions, including add mitigation control and remove user from role;
      
      providing a risk analysis screen that shows the result of when risk analysis indicates the cause of risk due to transactions inherent in the role being analyzed;
      
      providing a risk remediation view, at which a user may remediate a risk identified, including removing transactions from the role being analyzed;
      
      providing a confirmation of the risk remediated and current risk status view, wherein the view is changed to indicate completed risk remediation;
      
      providing a user analysis view, wherein any user is searched for access, any relevant risks, or other user information;
      
      providing a user to corporate assets view, wherein the view provides detailed view of corporate assets owned by a user;
      
      providing a user to system access view, said view providing a detailed view of system accesses of a user;
      
      providing a user to access detailed view that offers a drill down level view of system access;
      
      providing a user supplemental information view that provides additional information about a user being analyzed, said information from corporate directories;
      
      providing a user to role within systems view, wherein associated roles of a user profile identifies a role with inherent risk;
      
      providing a risk mitigation view that is used for mitigating risk on account of a role interactively and provides a view that shows completed risk mitigation as reflected in highlighted changes on the roles of the user; and
      
      providing a reports view for out-of-the-box reports on risks, roles, users, and related accesses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AlertEnterprise Incorporated
Original Assignee
AlertEnterprise Incorporated
Inventors
Chunduru, Ravi, GILL, Jasvir Singh, Arora, Inderpal Ricky, Kakkera, Srinivasa

Granted Patent

US 8,769,412 B2
Time in Patent Office

Days
Field of Search
US Class Current

715/736
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/06   Resources, workflows, human...

H04L 63/1425   Traffic logging, e.g. anoma...

Method And Apparatus For Risk Visualization and Remediation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

270 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method And Apparatus For Risk Visualization and Remediation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

270 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links