THREAT MANAGEMENT SYSTEM AND METHOD
First Claim
Patent Images
1. A method of automating network threat responses, the method comprising:
- identifying, through a processing device, types of assets in a hosting area network susceptible to network attack, the assets comprising physical computing resources that are dynamically partitioned into virtual networks of different customers;
assigning an asset value to each of said types of assets for a plurality of customers based on a combination of customer specific and common valuation data;
identifying types of threats of network attack;
assigning a threat value to each of said types of threats for the plurality of customers based on the combination of customer specific and common valuation data; and
determining, through the processing device, for each of a plurality of customers, for at least some combinations of one of the types of assets and one of the types of threats, which of said combinations merits a threat response.
8 Assignments
0 Petitions
Accused Products
Abstract
In a threat management system and method for managed systems, leveraging of identifications and/or assessments of common threats, and/or valuation of assets which may be susceptible to common threats, can be applied to facilitate monitoring of customer compliance with policies needed to guard against threats to customer assets. Threat identification and response in managed systems may be tailored for different customers, in some instances without having to parse individual customer details, such as assets at risk and types of threats to those assets.
-
Citations
19 Claims
-
1. A method of automating network threat responses, the method comprising:
-
identifying, through a processing device, types of assets in a hosting area network susceptible to network attack, the assets comprising physical computing resources that are dynamically partitioned into virtual networks of different customers; assigning an asset value to each of said types of assets for a plurality of customers based on a combination of customer specific and common valuation data; identifying types of threats of network attack; assigning a threat value to each of said types of threats for the plurality of customers based on the combination of customer specific and common valuation data; and determining, through the processing device, for each of a plurality of customers, for at least some combinations of one of the types of assets and one of the types of threats, which of said combinations merits a threat response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 18)
-
-
12. In a managed services system providing managed services to a plurality of customers, an automated network threat response system comprising:
a processing device for executing instructions to instantiate a plurality of threat response modules including; a knowledge base module for retaining threat solutions associated with asset types and security threats; a correlation module for correlating, for each customer, assets comprising physical computing resources that are dynamically into virtual networks of different customers and threats that the customer'"'"'s assets face, to determine asset values and threat values for that customer based on a combination of customer specific and common valuation data; a management module, working with the correlation module, to manage responses to said security threats; and an incident resolution module, working with the correlation module, for resolving security threats in said managed services system. - View Dependent Claims (13, 14, 15, 16, 17)
-
19. A method of automating network threat responses, the method comprising:
-
identifying types of assets in a hosting area network susceptible to network attack, the assets representing physical computing resources that are dynamically assigned to different customers to form virtual computing networks of the customers; assigning an asset value to each of said types of assets for a plurality of customers in each of the physical computing resources on a combination of customer specific and common valuation data; identifying types of threats of network attack; assigning a threat value to each of said types of threats for the plurality of customers based on the combination of customer specific and common valuation data; detecting, through a processing device, a threat to the hosting area network by applying a statistical algorithm to a data flow in the hosting area network; identifying physical computing resource(s) and asset(s) in the hosting area network affected by the threat; identifying customer(s) for whom a threat response is merited based on an analysis of the assigned threat value(s) and the assigned asset value(s) of the identified asset(s) in the identified physical computing resource(s) affected by the threat; and responding to the threat based on a policy(ies) for the identified customer(s) for whom the threat response is merited, the policy(ies) specifying an action to be taken for each identified customer based on the identified asset(s) of the customer affected by the threat.
-
Specification