Visualizing security incidents in a computer network
First Claim
1. A method of visualizing information about the security of a network, the method comprising:
- providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device, said tool for accessing a database which relationally associates security events with network elements, wherein said database includes;
temporal information reflecting a time at which each said security event occurred;
information relating to a first property of each network element; and
information relating to a second property of each network element;
wherein each said security event is associated with at least one of a plurality of categories of security events;
wherein said network elements are represented by geometric objects;
visually depicting at least some of said categories of security events in a first section of said simulated 3-D space;
wherein said first section of simulated 3-D space displays a first graph having a security event category axis and a temporal axis, each said displayed security event being visually indicated at a position on said graph corresponding to the category and time of the security event;
visually depicting at least some of said network elements in a second section of said simulated 3-D space;
wherein said second section of simulated 3-D space displays a second graph having an axis pertaining to said first property and an axis pertaining to said second property, said graphical objects representing said network elements being displayed on the graph at axes positions corresponding to the first and second properties thereof; and
displaying association lines in said 3-D simulated space between one or more displayed categories of security events and one or more displayed network elements;
wherein said association lines being drawn between said first graph and said second graph.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of visualizing the impact of security flaws or breaches in a network. A 3-D visualization tool that simulates 3-D space on a monitor interfaces with a security database which relationally associates security events with the network elements affected thereby. The security events are visually depicted in a first section of simulated 3-D space and the network elements are depicted in a second section of simulated 3-D space. Relationship lines are drawn between displayed categories of security events and the displayed network elements in order to aid an analyst to visualize the impact of security breaches on the organization. Various other properties of the network elements may also be displayed such as the role of the network device within the organization, and the business functions of the organization.
124 Citations
17 Claims
-
1. A method of visualizing information about the security of a network, the method comprising:
-
providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device, said tool for accessing a database which relationally associates security events with network elements, wherein said database includes;
temporal information reflecting a time at which each said security event occurred;
information relating to a first property of each network element; and
information relating to a second property of each network element;
wherein each said security event is associated with at least one of a plurality of categories of security events;
wherein said network elements are represented by geometric objects;
visually depicting at least some of said categories of security events in a first section of said simulated 3-D space;
wherein said first section of simulated 3-D space displays a first graph having a security event category axis and a temporal axis, each said displayed security event being visually indicated at a position on said graph corresponding to the category and time of the security event;
visually depicting at least some of said network elements in a second section of said simulated 3-D space;
wherein said second section of simulated 3-D space displays a second graph having an axis pertaining to said first property and an axis pertaining to said second property, said graphical objects representing said network elements being displayed on the graph at axes positions corresponding to the first and second properties thereof; and
displaying association lines in said 3-D simulated space between one or more displayed categories of security events and one or more displayed network elements;
wherein said association lines being drawn between said first graph and said second graph. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of visualizing information about the security of a network, the method comprising:
-
recording security events and the network elements affected thereby;
associating each security event with at least one of a plurality of categories of security events;
providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device and using said tool;
visually depicting at least some of the categories of security events in a first section of simulated 3-D space;
visually depicting at least some of the network elements in a second section of simulated 3-D space;
drawing association lines between one or more displayed categories of security events and one or more displayed network elements affected thereby recording a time at which each security event occurred;
associating each network element with at least two properties;
displaying in the first section of simulated 3-D space a first grid of cells, each cell being associated with a security event category and a temporal value, the security events being visually indicated by the cells of the first grid; and
displaying in the second section of simulated 3-D space a second grid of cells, each cell being associated with an instance of the first property and an instance of the second property, wherein each displayed network element is represented by a geometric object disposed at a cell of the second grid that corresponds to the first and second properties of the network system;
said association lines being drawn between cells of the first grid and cells of the second grid. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of visualizing information about the security of a network, the method comprising:
-
recording security events and the network elements affected thereby;
recording a time at which each security event occurred;
associating each security event with at least one of a plurality of categories of security events;
associating each network element with one or more additional properties;
providing a 3-D visualization tool for simulating 3-D space on a two dimensional display device, and using said tool;
displaying a first grid of cells in the simulated 3-D space, each cell being associated with a security event category and a temporal value, the security events being visually indicated by the cells of the first grid;
displaying a second grid of cells in the simulated 3-D space, each cell being associated with at least one of said properties, wherein each displayed network element is represented by a geometric object disposed at a cell of the second grid that corresponds to the value of said at least one property; and
drawing association lines between one or more displayed security events and one or more displayed network elements affected thereby. - View Dependent Claims (16)
-
-
17. Software for visualizing information stored in a database about the security of a network, wherein said database records:
-
security events and the network elements associated therewith, each security event being associated with at least one of a plurality of categories of security events, each network element being associated with at least one property; and
a time at which each security event occurred;
the software including code for;
simulating 3-D space on a two dimensional display device;
displaying a first grid of cells in the simulated 3-D space, each cell being associated with a security event category and a temporal value, the security events being visually indicated by the cells of the first grid;
displaying a second grid of cells in the simulated 3-D space, each cell being associated with an instance of a said at least one property, wherein a geometric object representing a displayed network element is disposed at a corresponding cell of the second grid; and
drawing association lines between one or more displayed security events and one or more displayed network elements associated therewith.
-
Specification