SYSTEM AND METHOD FOR NETWORK-BASED ASSET OPERATIONAL DEPENDENCE SCORING

US 20130031634A1
Filed: 07/27/2011
Published: 01/31/2013
Est. Priority Date: 07/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying an asset with at least one vulnerability risk;

identifying at least one service running on at least one port on the asset;

identifying at least one connection to the at least one port;

calculating an operational dependence role of the asset as a function of the at least one service and the at least one connection; and

modifying the vulnerability risk based on the operational dependence role.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method in one embodiment includes modules for identifying an asset with a vulnerability risk, identifying a service running on a port on the asset, identifying a connection to the port, calculating an operational dependence role of the asset as a function of the service and the connection, and modifying the vulnerability risk based on the operational dependence role. Other embodiments include identifying a protocol of a data packet at the port, classifying the protocol into a protocol category with a protocol importance score, calculating a connection average for the asset, classifying the connection average into a connection category with a connection score, and calculating a service dependence score. Other embodiments include calculating a host dependence score, assigning a data importance score to data communicated by the asset, and calculating the operational dependence role as a function of the host dependence score and data importance score.

Citations

20 Claims

1. A method comprising:
- identifying an asset with at least one vulnerability risk;
  
  identifying at least one service running on at least one port on the asset;
  
  identifying at least one connection to the at least one port;
  
  calculating an operational dependence role of the asset as a function of the at least one service and the at least one connection; and
  
  modifying the vulnerability risk based on the operational dependence role.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein modifying the vulnerability risk comprises marking the vulnerability risk up by the operational dependence role.
  - 3. The method of claim 1, wherein modifying the vulnerability risk comprises marking the vulnerability risk down by the operational dependence role.
  - 4. The method of claim 1, wherein calculating the operational dependence role comprises:
    - identifying a protocol of a data packet at the at least one port;
      
      determining a protocol importance score of the protocol;
      
      calculating a connection average for the asset;
      
      determining a connection score of the connection average; and
      
      calculating a service dependence score for the at least one service as a function of the connection score and the protocol importance score.
  - 5. The method of claim 4, wherein the function is a weighted sum of the connection score and the protocol importance score.
  - 6. The method of claim 4, wherein calculating a connection average comprises:
    - identifying a number of connections to the asset over time;
      
      identifying a number of clients connected to the asset; and
      
      dividing the number of connections by the number of clients.
  - 7. The method of claim 4, further comprising:
    - calculating a respective service dependence score for each service running on the asset;
      
      sorting the respective service dependence scores; and
      
      calculating a host dependence score as a function of the respective service dependence scores.
  - 8. The method of claim 7, further comprising:
    - assigning a data importance score to a data communicated by the asset; and
      
      calculating the operational dependence role as a function of the host dependence score and the data importance score.
  - 9. The method of claim 8, wherein assigning the data importance score comprises presenting to a user a pull-down menu with a plurality of data importance scores.

10. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- identifying an asset with at least one vulnerability risk;
  
  identifying at least one service running on at least one port on the asset;
  
  identifying at least one connection to the at least one port;
  
  calculating an operational dependence role of the asset as a function of the at least one service and the at least one connection; and
  
  modifying the vulnerability risk based on the operational dependence role.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The logic of claim 10, wherein calculating the operational dependence role comprises:
    - identifying a protocol of a data packet at the at least one port;
      
      determining a protocol importance score of the protocol;
      
      calculating a connection average for the asset;
      
      determining a connection score of the connection average; and
      
      calculating a service dependence score for the at least one service as a function of the connection score and the protocol importance score.
  - 12. The logic of claim 11, wherein calculating a connection average comprises:
    - identifying a number of connections to the asset;
      
      identifying a number of clients connected to the asset; and
      
      dividing the number of connections by the number of clients.
  - 13. The logic of claim 11, the processor being operable to perform further instructions comprising:
    - calculating a respective service dependence score for each service running on the asset;
      
      sorting the respective service dependence scores; and
      
      calculating a host dependence score as a function of the respective service dependence scores.
  - 14. The logic of claim 13, the processor being operable to perform further instructions comprising:
    - assigning a data importance score to a data communicated by the asset; and
      
      calculating the operational dependence role as a function of the host dependence score and the data importance score.

15. An apparatus comprising:
- a memory element configured to store data; and
  
  a computing processor operable to execute instructions associated with the data, including;
  
  identifying an asset with at least one vulnerability risk;
  
  identifying at least one service running on at least one port on the asset;
  
  identifying at least one connection to the at least one port;
  
  calculating an operational dependence role of the asset as a function of the at least one service and the at least one connection; and
  
  modifying the vulnerability risk based on the operational dependence role.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the apparatus is connected to a network comprising the asset.
  - 17. The apparatus of claim 16, wherein the apparatus is configured to monitor network traffic on the network.
  - 18. The apparatus of claim 15, wherein calculating the operational dependence role comprises:
    - identifying a protocol of a data packet at the at least one port;
      
      determining a protocol importance score of the protocol;
      
      calculating a connection average for the asset;
      
      determining a connection score of the connection average; and
      
      calculating a service dependence score for the at least one service as a function of the connection score and the protocol importance score.
  - 19. The apparatus of claim 18, the processor being operable to execute further instructions comprising:
    - calculating a respective service dependence score for each service running on the asset;
      
      sorting the respective service dependence scores; and
      
      calculating a host dependence score as a function of the respective service dependence scores.
  - 20. The apparatus of claim 19, the processor being operable to execute further instructions comprising:
    - assigning a data importance score to a data communicated by the asset; and
      
      calculating the operational dependence role as a function of the host dependence score and the data importance score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
McClure, Stuart, Price, Michael Morgan

Granted Patent

US 8,997,234 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

H04L 41/147   for predicting network beha...

H04L 43/091   Measuring contribution of i...

H04L 63/1425   Traffic logging, e.g. anoma...

SYSTEM AND METHOD FOR NETWORK-BASED ASSET OPERATIONAL DEPENDENCE SCORING

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR NETWORK-BASED ASSET OPERATIONAL DEPENDENCE SCORING

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links