Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system; and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines.
23 Citations
32 Claims
-
1. (canceled)
-
2. (canceled)
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
6. (canceled)
-
7. (canceled)
-
8. (canceled)
-
9. (canceled)
-
10. (canceled)
-
11. (canceled)
-
12. An apparatus for automatically identifying one or more network resources affected by a computer intrusion, the apparatus comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to; collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating said information with internal information about internal systems that interacted with said external system; and identifying one or more user accounts associated with said one or more affected internal systems. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An article of manufacture for automatically identifying one or more network resources affected by a computer intrusion, comprising a tangible machine readable recordable medium containing one or more programs which when executed implement the steps of:
-
collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating said information with internal information about internal systems that interacted with said external system; and identifying one or more user accounts associated with said one or more affected internal systems. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification