Incident Response Bus for Data Security Incidents

US 20170063926A1
Filed: 08/28/2015
Published: 03/02/2017
Est. Priority Date: 08/28/2015
Status: Active Grant

First Claim

Patent Images

1. A system for responding to data security incidents in an enterprise network, the system comprising:

devices responsible for security on the enterprise network;

an incident manager that stores information concerning the data security incidents; and

an incident response bus that communicates with the incident manager and the devices, wherein the incident response bus accesses messages from the incident manager concerning the data security incidents.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for responding to data security incidents in enterprise networks using an incident response bus (IR bus) within an incident management system is disclosed. An Incident Manager (IM) application of the system stores objects that include information concerning data security incidents that occur in enterprise networks managed by the incident management system. Users configure action conditions on the IM, the satisfaction of which cause the IM to send messages that include the information concerning the incidents to message queues, or destinations. Correspondingly, the IR bus includes plugins associated with the devices in each client'"'"'s enterprise network, where each plugin can access the message destinations for the messages. The plugins, in one embodiment, also configure one or more chains of plugins that process the messages. The plugins then execute the chains of plugins to specify actions for the devices to execute to provide a response to the incidents.

81 Citations

View as Search Results

21 Claims

1. A system for responding to data security incidents in an enterprise network, the system comprising:
- devices responsible for security on the enterprise network;
  
  an incident manager that stores information concerning the data security incidents; and
  
  an incident response bus that communicates with the incident manager and the devices, wherein the incident response bus accesses messages from the incident manager concerning the data security incidents.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system as claimed in claim 1, wherein each of the messages includes information associated with a specific data security incident.
  - 3. The system as claimed in claim 1, wherein the incident response bus includes plugin software components for the devices.
  - 4. The system as claimed in claim 3, wherein the plugin software components specify actions for the devices to execute.
  - 5. The system as claimed in claim 4, wherein the actions refer to the information concerning the data security incidents in the messages.
  - 6. The system as claimed in claim 3, wherein the plugin software components define device-specific interfacing and protocol support for communicating with the devices.
  - 7. The system as claimed in claim 3, wherein the plugin software components poll for the messages from the incident manager.
  - 8. The system as claimed in claim 3, wherein at least some of the plugin software components are configured trigger actions on other devices via the plugin software components of those other devices.
  - 9. The system as claimed in claim 3, wherein at least some of the plugin software components are configured together in a chain to implement complex functions and interactions in response to the data security incidents.
  - 10. The system as claimed in claim 1, further comprising one or more information systems that include information useful in the diagnosis or remediation of the data security incidents.
  - 11. The system as claimed in claim 10, wherein the incident response bus allows the incident manager to interact with the one or more information systems.

12. A method for responding to data security incidents in an enterprise network, the method comprising:
- an incident manager storing information concerning the data security incidents; and
  
  an incident response bus communicating with the incident manager and with devices responsible for security on the enterprise network, the incident response bus accessing messages concerning the data security incidents from the incident manager for the devices.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The method as claimed in claim 12, wherein each of the messages includes information associated with a specific data security incident.
  - 14. The method as claimed in claim 12, further comprising plugin software components of the incident response bus accessing the messages for the devices.
  - 15. The method as claimed in claim 14, wherein the plugin software components define device-specific interfacing and protocol support for communicating with the devices.
  - 16. The method as claimed in claim 14, wherein the plugin software components specify actions to be taken by the devices.
  - 17. The method as claimed in claim 16, wherein the actions refer to the information concerning the data security incidents in the messages.
  - 18. The method as claimed in claim 14, further comprising the plugin software components triggering actions on other devices via the plugin software components of those other devices.
  - 19. The method as claimed in claim 14, further comprising configuring at least some of the plugin software components together in a chain to process the messages concerning the data security incidents.
  - 20. The method as claimed in claim 14, further comprising configuring at least some of the plugin software components together in a chain to implement complex functions and interactions in response to the data security incidents.
  - 21. The method as claimed in claim 12, further comprising the incident manager accessing, via the incident response bus, one or more information systems that include information useful in the diagnosis or remediation of the data security incidents.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Green Market Square Limited
Original Assignee
Resilient Systems Inc. (International Business Machines Corporation)
Inventors
Rogers, Kenneth Allen, Hadden, Allen

Granted Patent

US 10,425,447 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/60   Protecting data

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

Incident Response Bus for Data Security Incidents

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Incident Response Bus for Data Security Incidents

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links