RULE-BASED ASSIGNMENT OF CRITICALITY SCORES TO ASSETS AND GENERATION OF A CRITICALITY RULES TABLE

US 20200137102A1
Filed: 10/26/2018
Published: 04/30/2020
Est. Priority Date: 10/26/2018
Status: Active Grant

First Claim

Patent Images

1. A method for asset-centric management, comprising:

receiving, at a management system, information that characterizes one or more attributes of one or more assets in communication with a managed network;

loading a criticality rules table that includes a plurality of rules, each rule mapping an individual attribute and/or a group of attributes to a corresponding criticality score, wherein each criticality score is configured to indicate a level of risk in the event that an associated asset is compromised by a third party; and

assigning one or more criticality scores to the one or more assets based on (i) the one or more attributes of one or more assets, and (ii) the criticality rules table.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a management system obtains a criticality rules table that includes a plurality of rules mapped to corresponding criticality scores indicative of a level of risk in the event that an associated asset of a managed network is compromised by a third party. The one embodiment, the criticality rules table is updated based upon machine learning and/or feedback from an operator of the managed network. In another embodiment, the criticality rules table is used to assign one or more criticality scores to one or more assets based on one or more attributes of one or more assets, and the criticality rules table.

13 Citations

28 Claims

1. A method for asset-centric management, comprising:
- receiving, at a management system, information that characterizes one or more attributes of one or more assets in communication with a managed network;
  
  loading a criticality rules table that includes a plurality of rules, each rule mapping an individual attribute and/or a group of attributes to a corresponding criticality score, wherein each criticality score is configured to indicate a level of risk in the event that an associated asset is compromised by a third party; and
  
  assigning one or more criticality scores to the one or more assets based on (i) the one or more attributes of one or more assets, and (ii) the criticality rules table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the assigning for a given asset includes:
    - determining whether the given asset is local or remote with respect to a firewall of the managed network;
      
      if the given asset is determined to be remote, assigning a first criticality score to the given asset in accordance with a first rule for remotely located assets.
  - 3. The method of claim 2,wherein the given asset is determined to be local, andwherein the assigning for the given asset further includes:
    - determining a given device type of the given asset; and
      
      if the given device type is determined is above a threshold priority, assigning a second criticality score to the given asset in accordance with a second rule based on the given device type.
  - 4. The method of claim 3,wherein the given device type is not above the threshold priority, andwherein the assigning for the given asset further includes:
    - determining one or more device capabilities of the given asset; and
      
      assigning a third criticality score to the given asset in accordance with a second rule based on the one or more device capabilities.
  - 5. The method of claim 1,wherein the level of risk corresponds to a level of economic risk to an operator of the managed network in the event that the associated asset is compromised by the third party, orwherein the level of risk corresponds to a level of risk to a personal safety of one or more humans in the event that the associated asset is compromised by the third party, or,any combination thereof.
  - 6. The method of claim 1,wherein the information is contained in a set a scan records from one or more scanners in communication with the managed network, orwherein the information is received from an operator of the managed network, orwherein the information is received from a configuration management database (CMDB) maintained by the operator of the managed network, orany combination thereof.
  - 7. The method of claim 1, further comprising:
    - determining one or more vulnerability characteristics associated with the managed network based on the one or more assigned criticality scores.
  - 8. The method of claim 1, wherein at least one of the plurality of rules is based upon asset location.
  - 9. The method of claim 8, wherein a given rule maps a location-based attribute of being remotely connected to the managed network to a given criticality score.
  - 10. The method of claim 1, wherein at least one of the plurality of rules is based upon device type.
  - 11. The method of claim 1, wherein at least one of the plurality of rules is based upon device capability.
  - 12. The method of claim 1, further comprising:
    - repeating the receiving, the loading, and the assigning to selectively update the assignments of the one or more criticality scores based on changes to the criticality rules table and/or the one or more attributes.
  - 13. The method of claim 1,wherein a first subset of the plurality of rules is manually configured by an operator of the management system,wherein a second subset of the plurality of rules is based at least in part upon feedback from the operator of the managed network,wherein a third subset of the plurality of rules is based at least in part upon one or more machine-learning refinements, orany combination thereof.
  - 14. The method of claim 1,wherein multiple rules are associated with attributes of a particular asset, andwherein the assigning assigns a criticality score to the particular asset based on a multi-rule score calculation scheme.
  - 15. The method of claim 1,wherein the multi-rule score calculation scheme assigns a highest criticality score associated of the multiple rules, orwherein the multi-rule score calculation scheme assigns an average or weighted average of criticality scores of the multiple rules, orwherein the multi-rule score calculation scheme assigns a given criticality score in accordance with a tiered evaluation of the multiple rules based on their associated attribute classes.

16. A method for asset-centric management of one or more assets of a managed network, comprising:
- obtaining, by a management system, a criticality rules table that includes a plurality of rules, each rule mapping an individual attribute and/or a group of attributes to a corresponding criticality score, wherein each criticality score is configured to indicate a level of risk in the event that an associated asset is compromised by a third party; and
  
  updating, by the management system, the criticality rules table based upon machine learning and/or feedback from an operator of the managed network, wherein the updating adds one or more rules to the criticality rules table, removes one or more rules to the criticality rules table, and/or modifies one or more of the plurality of rules of the criticality rules table.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The method of claim 16, wherein the updating updates the based on the feedback from the operator of the managed network.
  - 18. The method of claim 17, wherein, for a given rule, a given criticality score that is specified by the feedback is configured to override one or more other criticality scores for the given rule.
  - 19. The method of claim 18, wherein the one or more other criticality scores include a default criticality score from the obtained criticality rules table and/or a machine-learned criticality score based upon the machine learning.
  - 20. The method of claim 16, wherein the updating updates the based on the machine learning.
  - 21. The method of claim 20, wherein the machine learning characterizes an asset attribute in terms of an attribute vector that is based upon multiple attributes of the asset.
  - 22. The method of claim 16,wherein the level of risk corresponds to a level of economic risk to an operator of the managed network in the event that the associated asset is compromised by the third party, orwherein the level of risk corresponds to a level of risk to a personal safety of one or more humans in the event that the associated asset is compromised by the third party, orany combination thereof.
  - 23. The method of claim 16, wherein at least one of the plurality of rules is based upon asset location.
  - 24. The method of claim 23, wherein a given rule maps a location-based attribute of being remotely connected to the managed network to a given criticality score.
  - 25. The method of claim 16, wherein at least one of the plurality of rules is based upon device type.
  - 26. The method of claim 16, wherein at least one of the plurality of rules is based upon device capability.

27. A management system for asset-centric management, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  receive information that characterizes one or more attributes of one or more assets in communication with a managed network;
  
  load a criticality rules table that includes a plurality of rules, each rule mapping an individual attribute and/or a group of attributes to a corresponding criticality score, wherein each criticality score is configured to indicate a level of risk in the event that an associated asset is compromised by a third party; and
  
  assign one or more criticality scores to the one or more assets based on (i) the one or more attributes of one or more assets, and (ii) the criticality rules table.

28. A management system for asset-centric management of one or more assets of a managed network, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  obtain a criticality rules table that includes a plurality of rules, each rule mapping an individual attribute and/or a group of attributes to a corresponding criticality score, wherein each criticality score is configured to indicate a level of risk in the event that an associated asset is compromised by a third party; and
  
  update the criticality rules table based upon machine learning and/or feedback from an operator of the managed network, wherein the updating adds one or more rules to the criticality rules table, removes one or more rules to the criticality rules table, and/or modifies one or more of the plurality of rules of the criticality rules table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tenable, Inc. (Tenable Holdings, Inc.)
Original Assignee
Tenable, Inc. (Tenable Holdings, Inc.)
Inventors
SHERIDAN, Barry, GILCREEST, Vincent, BETTINI, Anthony, EVERSON, Matthew Ray, TAI, Wei, DERAISON, Renaud

Granted Patent

US 11,258,817 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06N 20/00   Machine learning

H04L 41/28   Restricting access to netwo...

H04L 63/02   for separating internal fro...

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

RULE-BASED ASSIGNMENT OF CRITICALITY SCORES TO ASSETS AND GENERATION OF A CRITICALITY RULES TABLE

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

RULE-BASED ASSIGNMENT OF CRITICALITY SCORES TO ASSETS AND GENERATION OF A CRITICALITY RULES TABLE

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links