SYSTEM SECURITY EVALUATION

US 20130160129A1
Filed: 12/19/2011
Published: 06/20/2013
Est. Priority Date: 12/19/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving, by a computing device, external activity data corresponding to a target system,where the external activity data comprises information corresponding to network-side information relating to the target system;

identifying, by the computing device, suspicious external activity, corresponding to the external activity data, based on an activity watchlist,where the activity watchlist comprises information corresponding to external activity systems associated with known sources of malicious activity; and

generating, by the computing device, a system security report based on the suspicious external activity identified.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device may receive external activity data corresponding to a target system. The external activity data may include information corresponding to network-side information relating to the target system. The computing device may identify suspicious external activity, corresponding to the external activity data, based on an activity watchlist. The activity watchlist may include information corresponding to external activity systems associated with known sources of malicious activity. The computing device may generate a system security report based on the suspicious external activity identified.

35 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a computing device, external activity data corresponding to a target system,where the external activity data comprises information corresponding to network-side information relating to the target system;
  
  identifying, by the computing device, suspicious external activity, corresponding to the external activity data, based on an activity watchlist,where the activity watchlist comprises information corresponding to external activity systems associated with known sources of malicious activity; and
  
  generating, by the computing device, a system security report based on the suspicious external activity identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - detecting a potential system vulnerability corresponding to the target system; and
      
      verifying that the potential system vulnerability comprises an actual system vulnerability.
  - 3. The method of claim 2, where detecting the potential system vulnerability comprises:
    - executing a vulnerability scan operation directed at the target system.
  - 4. The method of claim 2, where the external activity data is limited to external activity data corresponding to the actual system vulnerability.
  - 5. The method of claim 1, further comprising:
    - identifying suspicious external activity, corresponding to the external activity data, based on a security evaluation mechanism, where the security evaluation mechanism comprises an operation to identify a suspicious characteristic corresponding to the external activity data.
  - 6. The method of claim 5, where the suspicious characteristic comprises at least one of:
    - a particular external activity system interacting with the target system from an atypical geographic location,external activity occurring at an atypical time of day for the target system,an external activity system interacting with the target system via a virtual private network,an external activity system interacting with the target system via a proxy server,an external activity system interacting with the target system via a remote desktop device,an atypical volume of interactions between an external activity system and the target system, oran atypical data transfer between an external activity system and the target system.
  - 7. The method of claim 1, where the system security report comprises information describing a level of security corresponding to the target system.
  - 8. The method of claim 1, further comprising:
    - providing the system security report to a reporting system to notify the reporting system of a level of security corresponding to the target system.

9. A computing device, comprising:
- a memory to store instructions; and
  
  a processor, connected to the memory, to execute the instructions to;
  
  receive external activity data corresponding to a target system,where the external activity data comprises informationcorresponding to network-side information relating to the target system,identify suspicious external activity, corresponding to the external activity data, based on an activity watchlist,where the activity watchlist comprises information corresponding to external activity systems associated with known sources of malicious activity;
  
  identify suspicious external activity, corresponding to the external activity data, based on a security evaluation mechanism,where the security evaluation mechanism comprises an operation to identify a suspicious characteristic corresponding to the external activity data; and
  
  generate a system security report based on the suspicious external activity identified.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computing device of claim 9, where the processor is further to:
    - detect a potential system vulnerability corresponding to the target system, andverify that the potential system vulnerability comprises an actual system vulnerability.
  - 11. The computing device of claim 10, where, to detect the potential system vulnerability, the processor is to:
    - execute a vulnerability scan operation directed at the target system.
  - 12. The computing device of claim 10, where the external activity data is limited to external activity data corresponding to the actual system vulnerability.
  - 13. The computing device of claim 9, where the suspicious characteristic comprises at least one of:
    - a particular external activity system interacting with the target system from an atypical geographic location,external activity occurring at an atypical time of day for the target system,an external activity system interacting with the target system via a virtual private network,an external activity system interacting with the target system via a proxy server,an external activity system interacting with the target system via a remote desktop device,an atypical volume of interactions between an external activity system and the target system, oran atypical data transfer between an external activity system and the target system.
  - 14. The computing device of claim 9, where the system security report comprises information describing a level of security corresponding to the target system.
  - 15. The computing device of claim 9, where the processor is further to:
    - provide the system security report to a reporting system to notify the reporting system of a level of security corresponding to the target system.

16. One or more non-transitory computer-readable storage media, comprising:
- one or more instructions that, when executed by a processor, cause the processor to;
  
  detect a potential system vulnerability corresponding to a target system,verify that the potential system vulnerability comprises an actual system vulnerability,receive external activity data corresponding to the target system,where the external activity data comprises informationcorresponding to network-side information relating to the target system,identify suspicious external activity, corresponding to the external activity data, based on an activity watchlist,where the activity watchlist comprises information corresponding to external activity systems associated with known sources of malicious activity;
  
  identify suspicious external activity, corresponding to the external activity data, based on a security evaluation mechanism,where the security evaluation mechanism comprises an operation to identify a suspicious characteristic corresponding to the external activity data; and
  
  generate a system security report based on the suspicious external activity identified.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable storage media of claim 16, where the one or more instructions cause the processor to:
    - execute a vulnerability scan operation directed at the target system to detect the potential system vulnerability.
  - 18. The computer-readable storage media of claim 16, where the external activity data is limited to external activity data corresponding to the actual system vulnerability.
  - 19. The computer-readable storage media of claim 16, where the suspicious characteristic comprises at least one of:
    - a particular external activity system interacting with the target system from an atypical geographic location,external activity occurring at an atypical time of day for the target system,an external activity system interacting with the target system via a virtual private network,an external activity system interacting with the target system via a proxy server,an external activity system interacting with the target system via a remote desktop device,an atypical volume of interactions between an external activity system and the target system, oran atypical data transfer between an external activity system and the target system.
  - 20. The computer-readable storage media of claim 16, where the system security report comprises information describing a level of security corresponding to the target system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
SARTIN, A. Bryan, GANLEY, Gina M., LONG, Kevin, JOELS, Jo Ann

Application Number

US13/329,920
Publication Number

US 20130160129A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/552 involving long-term monitor...

SYSTEM SECURITY EVALUATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM SECURITY EVALUATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links