Security countermeasure management platform

US 20120210434A1
Filed: 02/11/2012
Published: 08/16/2012
Est. Priority Date: 02/11/2011
Status: Active Grant

First Claim

Patent Images

1. Apparatus for use in association with a computing environment, comprising:

a hardware processor;

computer memory holding computer program instructions executed by the processor to perform the following operations;

receiving risk data from one or more sources;

processing the received risk data against a vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable to potentially address the particular vulnerability;

with respect to the particular vulnerability, presenting information regarding the one or more discovered countermeasures, the information identifying (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment; and

receiving additional data defining a policy-based countermeasure workflow associated with a particular countermeasure of the one or more discovered countermeasures to attempt to address the particular vulnerability.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management platform that allows security and compliance users to view risks and vulnerabilities in their environment with the added context of what other mitigating security countermeasures are associated with that vulnerability and that are applicable and/or available within the overall security architecture. Additionally, the platform allows users to take one or more actions from controlling the operation of a security countermeasure for mitigation purposes to documenting the awareness of a security countermeasure that is in place.

Citations

26 Claims

1. Apparatus for use in association with a computing environment, comprising:
- a hardware processor;
  
  computer memory holding computer program instructions executed by the processor to perform the following operations;
  
  receiving risk data from one or more sources;
  
  processing the received risk data against a vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable to potentially address the particular vulnerability;
  
  with respect to the particular vulnerability, presenting information regarding the one or more discovered countermeasures, the information identifying (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment; and
  
  receiving additional data defining a policy-based countermeasure workflow associated with a particular countermeasure of the one or more discovered countermeasures to attempt to address the particular vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 25)
- - 2. The apparatus as described in claim 1 wherein the operations further include implementing the policy-based countermeasure workflow to attempt to address the particular vulnerability using the particular countermeasure.
  - 3. The apparatus as described in claim 1 wherein the policy-based countermeasure workflow provides for one of:
    - control of the particular countermeasure for remediation or mitigation of the vulnerability risk, documentation of the particular countermeasure for awareness purposes, and documentation of the particular countermeasure for configuration, compliance, audit and reporting purposes.
  - 4. The apparatus as described in claim 1 wherein the vulnerability-to-countermeasure knowledge base comprises a set of countermeasure data that is organized as a taxonomy.
  - 5. The apparatus as described in claim 1 wherein the one or more discovered countermeasures are presented according to a ranking of effectiveness.
  - 6. The apparatus as described in claim 1 wherein the one or more sources are located within a same layer of a multi-layer OSI-protocol stack.
  - 7. The apparatus as described in claim 6 wherein at least two of the sources are located across multiple layers of the multi-layer OSI protocol stack.
  - 8. The apparatus as described in claim 7 wherein the operations further include correlating the received risk data from each of the two sources into aggregate risk data prior to processing against the vulnerability-to-countermeasures knowledge base.
  - 9. The apparatus as described in claim 8 wherein the aggregate risk data is structured according to a machine-readable markup language.
  - 10. The apparatus as described in claim 9 wherein the markup language is MAEC.
  - 11. The apparatus as described in claim 1 wherein the processing operation normalizes the received risk data prior to applying the data against the vulnerability-to-countermeasures knowledge base.
  - 12. The apparatus as described in claim 1 wherein the operations further include receiving discovery or data entry identifying countermeasures that are present in the computing environment.
  - 13. The apparatus as described in claim 1 wherein the computing environment is located remote from the hardware processor.
  - 14. The apparatus as described in claim 1 wherein the hardware processor is located within the computing environment.
  - 15. The apparatus as described in claim 1 wherein one or more of the operations are implemented in a software-as-a-service model.
  - 16. The apparatus as described in claim 1 wherein the information is presenting via a display interface.
  - 17. The apparatus as described in claim 16 wherein the display interface juxtaposes the information identifying the expected cost of implementing the countermeasure, and the information identifying the expected effectiveness of implementing the countermeasure.
  - 25. The apparatus as described in claim 2 wherein the policy-based countermeasure workflow automates a process of discovering a risk and addressing the risk using one of the available countermeasures based on a defined policy.

18. A method of countermeasure awareness and control with respect to a computing environment, comprising:
- receiving risk data from one or more sources;
  
  processing, using at least one hardware element, the received risk data against a vulnerability-to-countermeasures knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable to potentially address the particular vulnerability;
  
  with respect to the particular vulnerability, presenting information regarding the one or more discovered countermeasures, the information identifying (i) an expected cost of implementing the countermeasure, (ii) an expected effectiveness of implementing the countermeasure, and (iii) an indication of whether the countermeasure is available in the computing environment; and
  
  receiving additional data defining a policy-based countermeasure workflow associated with a particular countermeasure of the one or more discovered countermeasures to attempt to address the particular vulnerability.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 26)
- - 19. The method as described in claim 18 further including implementing the policy-based countermeasure workflow to attempt to address the particular vulnerability using the particular countermeasure.
  - 20. The method as described in claim 19 wherein the policy-based countermeasure workflow provides for one of:
    - control of the particular countermeasure for remediation or mitigation of the vulnerability risk, documentation of the particular countermeasure for awareness purposes, and documentation of the particular countermeasure for configuration, compliance, audit and reporting purposes.
  - 21. The method as described in claim 18 wherein at least one of the operations is implemented via a software-as-a-service model.
  - 22. The method as described in claim 18 wherein the vulnerability-to-countermeasures knowledge base comprises a set of countermeasure data that is organized as a taxonomy.
  - 23. The method as described in claim 18 wherein the one or more discovered countermeasures are presented according to a ranking of effectiveness.
  - 24. The method as described in claim 18 further including receiving discovery or data entry identifying countermeasures that are present in the computing environment.
  - 26. The method as described in claim 19 wherein the policy-based countermeasure workflow automates a process of discovering a risk and addressing the risk using one of the available countermeasures based on a defined policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alert Logic Incorporated
Original Assignee
Achilles Guard, Inc. (Alert Logic Incorporated)
Inventors
Curtis, Michael S., Paxson, Audian H., Bunker, Eva E., Bunker, Nelson W., Mitchell, Kevin M.

Granted Patent

US 8,800,045 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2151   Time stamp

H04L 63/0263   Rule management

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Security countermeasure management platform

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Security countermeasure management platform

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links