Incident Response Bus for Data Security Incidents
First Claim
1. A system for responding to data security incidents in an enterprise network, the system comprising:
- devices responsible for security on the enterprise network;
an incident manager that stores information concerning the data security incidents; and
an incident response bus that communicates with the incident manager and the devices, wherein the incident response bus accesses messages from the incident manager concerning the data security incidents.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for responding to data security incidents in enterprise networks using an incident response bus (IR bus) within an incident management system is disclosed. An Incident Manager (IM) application of the system stores objects that include information concerning data security incidents that occur in enterprise networks managed by the incident management system. Users configure action conditions on the IM, the satisfaction of which cause the IM to send messages that include the information concerning the incidents to message queues, or destinations. Correspondingly, the IR bus includes plugins associated with the devices in each client'"'"'s enterprise network, where each plugin can access the message destinations for the messages. The plugins, in one embodiment, also configure one or more chains of plugins that process the messages. The plugins then execute the chains of plugins to specify actions for the devices to execute to provide a response to the incidents.
81 Citations
21 Claims
-
1. A system for responding to data security incidents in an enterprise network, the system comprising:
-
devices responsible for security on the enterprise network; an incident manager that stores information concerning the data security incidents; and an incident response bus that communicates with the incident manager and the devices, wherein the incident response bus accesses messages from the incident manager concerning the data security incidents. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for responding to data security incidents in an enterprise network, the method comprising:
-
an incident manager storing information concerning the data security incidents; and an incident response bus communicating with the incident manager and with devices responsible for security on the enterprise network, the incident response bus accessing messages concerning the data security incidents from the incident manager for the devices. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification