Quantitative Security Improvement System Based on Crowdsourcing
First Claim
1. A computer implemented method for quantifying the efficacy of security products and practices, based on monitored activities and conditions on a plurality of computing devices over time, the method comprising the steps of:
- defining metrics that specify what criteria concerning computer security systems are to be quantified;
collecting telemetry data concerning defined metrics from different ones of the plurality of computing devices;
monitoring security configuration information concerning different ones of the plurality of computing devices;
correlating collected telemetry data with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security actions occur on specific ones of the plurality of computing devices;
amalgamating correlations of telemetry data with security configuration information;
analyzing the amalgamated correlations of telemetry data with security configuration information; and
quantifying efficacy of specific security products and configurations, based on the analysis of the amalgamated correlations of telemetry data with security configuration information.
2 Assignments
0 Petitions
Accused Products
Abstract
The efficacy of security products and practices is quantified, based on monitored activities and conditions on multiple computers over time. A set of metrics is defined, specifying what criteria concerning computer security systems are to be quantified. Telemetry data concerning the defined metrics are collected from multiple computers, such as the customer base of a security product vendor. Security configuration information such as the deployments and settings of security systems on computing devices is monitored. This monitored information tracks what security products are deployed on which machines, and how these products are configured and used. Collected telemetry is correlated with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security incidents, operations and other types of actions occur. The determined correlations are amalgamated, amalgamated correlation information is analyzed, and the efficacy of specific security products and configurations is quantified.
21 Citations
20 Claims
-
1. A computer implemented method for quantifying the efficacy of security products and practices, based on monitored activities and conditions on a plurality of computing devices over time, the method comprising the steps of:
-
defining metrics that specify what criteria concerning computer security systems are to be quantified; collecting telemetry data concerning defined metrics from different ones of the plurality of computing devices; monitoring security configuration information concerning different ones of the plurality of computing devices; correlating collected telemetry data with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security actions occur on specific ones of the plurality of computing devices; amalgamating correlations of telemetry data with security configuration information; analyzing the amalgamated correlations of telemetry data with security configuration information; and quantifying efficacy of specific security products and configurations, based on the analysis of the amalgamated correlations of telemetry data with security configuration information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one non-transitory computer readable medium for quantifying the efficacy of security products and practices, based on monitored activities and conditions on a plurality of computing devices over time, the at least one non-transitory computer readable medium storing computer executable instructions that, when loaded into computer memory and executed by at least one processor of at least one computing device, cause the at least one computing device to perform the following steps:
-
defining metrics that specify what criteria concerning computer security systems are to be quantified; collecting telemetry data concerning defined metrics from different ones of the plurality of computing devices; monitoring security configuration information concerning different ones of the plurality of computing devices; correlating collected telemetry data with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security actions occur on specific ones of the plurality of computing devices; amalgamating correlations of telemetry data with security configuration information; analyzing the amalgamated correlations of telemetry data with security configuration information; and quantifying efficacy of specific security products and configurations, based on the analysis of the amalgamated correlations of telemetry data with security configuration information.
-
-
20. A computer system for quantifying the efficacy of security products and practices, based on monitored activities and conditions on a plurality of computing devices over time, the computer system comprising:
-
at least one processor; system memory; a metric defining module residing in the system memory, the metric defining module being programmed to define metrics that specify what criteria concerning computer security systems are to be quantified; a telemetry data collecting module residing in the system memory, the telemetry data collecting module being programmed to collect telemetry data concerning defined metrics from different ones of the plurality of computing devices; a configuration monitoring module residing in the system memory, the configuration monitoring module being programmed to monitor security configuration information concerning different ones of the plurality of computing devices; a correlating module residing in the system memory, the correlating module being programmed to correlate collected telemetry data with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security actions occur on specific ones of the plurality of computing devices; an amalgamating module residing in the system memory, the amalgamating module being programmed to amalgamate correlations of telemetry data with security configuration information; an analyzing module residing in the system memory, the analyzing module being programmed to analyze the amalgamated correlations of telemetry data with security configuration information; and a quantifying module residing in the system memory, the quantifying module being programmed to quantify efficacy of specific security products and configurations, based on the analysis of the amalgamated correlations of telemetry data with security configuration information
-
Specification