System and method for security information normalization

US 7,624,422 B2
Filed: 02/13/2004
Issued: 11/24/2009
Est. Priority Date: 02/14/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A network auditing method comprising:

retrieving network information gathered by a plurality of heterogeneous information sources;

identifying a network policy to be applied to the retrieved information, utilizing a policy and vulnerability engine;

identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources, utilizing the policy and vulnerability engine;

uniformly applying the network policy to the information identified as being semantically equivalent, utilizing the policy and vulnerability engine;

determining compliance with the network policy, utilizing the policy and vulnerability engine; and

making a recommendation for modifying a network feature based on the compliance determination, utilizing the policy and vulnerability engine;

wherein the identifying semantic equivalencies comprises;

identifying a list of facts gathered by each information source;

identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and

storing the semantic equivalences;

wherein the recommendation is a list of network policy rules to include in the network policy;

wherein the network policy rules are ranked based on a number of times that a network policy rule was applied, a severity meter set for the network policy rule, and assets that are affected;

wherein an identifier is used for generating the network policy rule independently of a source type.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes an audit repository storing network information gathered by a plurality of heterogeneous information sources. A semantic normalization module identifies semantic equivalencies in the gathered information, and generates a map listing for each fact gathered by an information source, an equivalent fact or set of facts gathered by each of the other information sources. A network policy is then uniformly applied to the information that is identified as being semantically equivalent.

225 Citations

16 Claims

1. A network auditing method comprising:
- retrieving network information gathered by a plurality of heterogeneous information sources;
  
  identifying a network policy to be applied to the retrieved information, utilizing a policy and vulnerability engine;
  
  identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources, utilizing the policy and vulnerability engine;
  
  uniformly applying the network policy to the information identified as being semantically equivalent, utilizing the policy and vulnerability engine;
  
  determining compliance with the network policy, utilizing the policy and vulnerability engine; and
  
  making a recommendation for modifying a network feature based on the compliance determination, utilizing the policy and vulnerability engine;
  
  wherein the identifying semantic equivalencies comprises;
  
  identifying a list of facts gathered by each information source;
  
  identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and
  
  storing the semantic equivalences;
  
  wherein the recommendation is a list of network policy rules to include in the network policy;
  
  wherein the network policy rules are ranked based on a number of times that a network policy rule was applied, a severity meter set for the network policy rule, and assets that are affected;
  
  wherein an identifier is used for generating the network policy rule independently of a source type.
- View Dependent Claims (2, 3, 4, 5, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein each semantic equivalence is associated with the identifier.
  - 3. The method of claim 2, wherein the identifier is associated with computer code parsing the information gathered by each heterogeneous information source.
  - 4. The method of claim 1, wherein the recommendation is a change to the network policy.
  - 5. The method of claim 1, wherein the recommendation is a task associated with the network feature.
  - 12. The method of claim 1, wherein the information gathered by the plurality of heterogeneous information sources is converted into a machine-processable language format normalized for structure.
  - 13. The method of claim 1, wherein the plurality of heterogeneous information sources include at least one of a scanner, a camera, and manually entered data.
  - 14. The method of claim 1, wherein the network policy rules include at least one of the network policy rules to find violations of the network policies;
    - the network policy rules to gather information about a network;
      
      the network policy rules to identify compromised hosts; and
      
      the network policy rules to identify vulnerabilities in the network.
  - 15. The method of claim 1, wherein the severity meter quantifies the network policy rule as a severity from a severity range of 1 to 100, and allows the network policy rule to be weighted relative to other network policy rules in the list of network policy rules.
  - 16. The method of claim 1, wherein the making of the recommendation includes generating a remediation task for the network policy, the remediation task including information indicating the remediation task is for a network policy violation, a name of the network policy or a name of the network policy rule, a severity measure for the network policy rule, an address of a host in which the network policy violation was noted, and a date in which the network policy violation was detected.

6. A server in a network auditing system, the server comprising:
- a data store storing network information gathered by a plurality of heterogeneous information sources;
  
  a semantic normalization module coupled to the data store, the module identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources;
  
  means for uniformly applying a network policy to the information identified as being semantically equivalent;
  
  means for determining compliance with the network policy; and
  
  means for making a recommendation for modifying a network feature based on the compliance determination;
  
  wherein the identifying semantic equivalencies comprises;
  
  identifying a list of facts gathered by each information source;
  
  identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and
  
  storing the semantic equivalences;
  
  wherein the recommendation is a list of network policy rules to include in the network policy;
  
  wherein the network policy rules are ranked based on a number of times that a network policy rule was applied, a severity meter set for the network policy rule, and assets that are affected;
  
  wherein an identifier is used for generating the network policy rule independently of a source type.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The server of claim 6, wherein each semantic equivalence is associated with the identifier.
  - 8. The server of claim 7, further comprising means for generating the network policy rule independently of the source type based on the identifier.
  - 9. The server of claim 7, wherein the identifier is associated with computer code parsing the information gathered by each heterogeneous information source.
  - 10. The server of claim 6, wherein the recommendation is a change to the network policy.
  - 11. The server of claim 6, wherein the recommendation is a task associated with the network feature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Walpole, Thomas Paul, Costello, Brian, Pelly, John, Ravenel, John Patrick, Williams, John Leslie, Nakawatase, Ryan Tadashi
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US10/778,837
Publication Number

US 20050015623A1
Time in Patent Office

2,111 Days
Field of Search

726 1- 6, 726 22- 25
US Class Current

726/1
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for security information normalization

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

225 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

System and method for security information normalization

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

225 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others