THREAT MANAGEMENT SYSTEM AND METHOD

US 20110239303A1
Filed: 09/23/2008
Published: 09/29/2011
Est. Priority Date: 09/23/2008
Status: Active Grant

First Claim

Patent Images

1. A method of automating network threat responses, the method comprising:

identifying, through a processing device, types of assets in a hosting area network susceptible to network attack, the assets comprising physical computing resources that are dynamically partitioned into virtual networks of different customers;

assigning an asset value to each of said types of assets for a plurality of customers based on a combination of customer specific and common valuation data;

identifying types of threats of network attack;

assigning a threat value to each of said types of threats for the plurality of customers based on the combination of customer specific and common valuation data; and

determining, through the processing device, for each of a plurality of customers, for at least some combinations of one of the types of assets and one of the types of threats, which of said combinations merits a threat response.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a threat management system and method for managed systems, leveraging of identifications and/or assessments of common threats, and/or valuation of assets which may be susceptible to common threats, can be applied to facilitate monitoring of customer compliance with policies needed to guard against threats to customer assets. Threat identification and response in managed systems may be tailored for different customers, in some instances without having to parse individual customer details, such as assets at risk and types of threats to those assets.

Citations

19 Claims

1. A method of automating network threat responses, the method comprising:
- identifying, through a processing device, types of assets in a hosting area network susceptible to network attack, the assets comprising physical computing resources that are dynamically partitioned into virtual networks of different customers;
  
  assigning an asset value to each of said types of assets for a plurality of customers based on a combination of customer specific and common valuation data;
  
  identifying types of threats of network attack;
  
  assigning a threat value to each of said types of threats for the plurality of customers based on the combination of customer specific and common valuation data; and
  
  determining, through the processing device, for each of a plurality of customers, for at least some combinations of one of the types of assets and one of the types of threats, which of said combinations merits a threat response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 18)
- - 2. A method as claimed in claim 1, further comprising:
    - selectively blocking access to said network in accordance with said determining.
  - 3. A method as claimed in claim 2, wherein said selectively blocking comprises blocking access to particular Internet ports.
  - 4. A method as claimed in claim 2, wherein said determining comprises assigning a threat value to each of said combinations, and comparing said threat value to a predetermined threshold.
  - 5. A method as claimed in claim 4, said selectively blocking being performed for each threat value exceeding said predetermined threshold.
  - 6. A method as claimed in claim 1, wherein said assigning an asset value comprises, for each said customer, assigning an asset value for each asset type associated with that customer.
  - 7. A method as claimed in claim 1, wherein different customers may have at least one common asset type, but different asset values assigned respectively to one common asset type.
  - 8. A method as claimed in claim 1, wherein different customers may have at least one common asset type, but different asset values assigned respectively to said at least one common asset type.
  - 9. A method as claimed in claim 1, wherein a managed services customer assigns the asset value.
  - 10. A method as claimed in claim 1, wherein a managed services customer assigns the threat value.
  - 11. A method as claimed in claim 1, wherein a managed services provider assigns the asset value by comparing characteristics of a managed services customer with characteristics of other managed services customers.
  - 18. A method as claimed in claim 1, wherein a managed services provider assigns the threat value by comparing characteristics of a managed services customer with characteristics of other managed services customers.

12. In a managed services system providing managed services to a plurality of customers, an automated network threat response system comprising:
- a processing device for executing instructions to instantiate a plurality of threat response modules including;
  
  a knowledge base module for retaining threat solutions associated with asset types and security threats;
  
  a correlation module for correlating, for each customer, assets comprising physical computing resources that are dynamically into virtual networks of different customers and threats that the customer'"'"'s assets face, to determine asset values and threat values for that customer based on a combination of customer specific and common valuation data;
  
  a management module, working with the correlation module, to manage responses to said security threats; and
  
  an incident resolution module, working with the correlation module, for resolving security threats in said managed services system.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. A system as claimed in claim 12, further comprising a visualization module for facilitating visualization of threats to the customers in the managed services system.
  - 14. A system as claimed in claim 12, further comprising a log data module for recording threat events in said managed services system.
  - 15. A system as claimed in claim 12, wherein a managed services provider develops the threat solutions contained in the knowledge base module.
  - 16. A system as claimed in claim 12, wherein the correlation module obtains said threat values from said customer, based on the customer'"'"'s own assessment.
  - 17. A system as claimed in claim 12, wherein the correlation module obtains said asset values from said customer, based on the customer'"'"'s own assessment.

19. A method of automating network threat responses, the method comprising:
- identifying types of assets in a hosting area network susceptible to network attack, the assets representing physical computing resources that are dynamically assigned to different customers to form virtual computing networks of the customers;
  
  assigning an asset value to each of said types of assets for a plurality of customers in each of the physical computing resources on a combination of customer specific and common valuation data;
  
  identifying types of threats of network attack;
  
  assigning a threat value to each of said types of threats for the plurality of customers based on the combination of customer specific and common valuation data;
  
  detecting, through a processing device, a threat to the hosting area network by applying a statistical algorithm to a data flow in the hosting area network;
  
  identifying physical computing resource(s) and asset(s) in the hosting area network affected by the threat;
  
  identifying customer(s) for whom a threat response is merited based on an analysis of the assigned threat value(s) and the assigned asset value(s) of the identified asset(s) in the identified physical computing resource(s) affected by the threat; and
  
  responding to the threat based on a policy(ies) for the identified customer(s) for whom the threat response is merited, the policy(ies) specifying an action to be taken for each identified customer based on the identified asset(s) of the customer affected by the threat.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Colorado WSC, LLC
Original Assignee
Savvis, Inc. (Lumen Technologies, Inc.)
Inventors
Owens, Kenneth R. JR.

Granted Patent

US 8,220,056 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

THREAT MANAGEMENT SYSTEM AND METHOD

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

THREAT MANAGEMENT SYSTEM AND METHOD

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links