System and method for security information normalization
First Claim
Patent Images
1. A network auditing method comprising:
- retrieving network information gathered by a plurality of heterogeneous information sources;
identifying a network policy to be applied to the retrieved information, utilizing a policy and vulnerability engine;
identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources, utilizing the policy and vulnerability engine;
uniformly applying the network policy to the information identified as being semantically equivalent, utilizing the policy and vulnerability engine;
determining compliance with the network policy, utilizing the policy and vulnerability engine; and
making a recommendation for modifying a network feature based on the compliance determination, utilizing the policy and vulnerability engine;
wherein the identifying semantic equivalencies comprises;
identifying a list of facts gathered by each information source;
identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and
storing the semantic equivalences;
wherein the recommendation is a list of network policy rules to include in the network policy;
wherein the network policy rules are ranked based on a number of times that a network policy rule was applied, a severity meter set for the network policy rule, and assets that are affected;
wherein an identifier is used for generating the network policy rule independently of a source type.
12 Assignments
0 Petitions
Accused Products
Abstract
A prevention-based network auditing system includes an audit repository storing network information gathered by a plurality of heterogeneous information sources. A semantic normalization module identifies semantic equivalencies in the gathered information, and generates a map listing for each fact gathered by an information source, an equivalent fact or set of facts gathered by each of the other information sources. A network policy is then uniformly applied to the information that is identified as being semantically equivalent.
225 Citations
16 Claims
-
1. A network auditing method comprising:
-
retrieving network information gathered by a plurality of heterogeneous information sources; identifying a network policy to be applied to the retrieved information, utilizing a policy and vulnerability engine; identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources, utilizing the policy and vulnerability engine; uniformly applying the network policy to the information identified as being semantically equivalent, utilizing the policy and vulnerability engine; determining compliance with the network policy, utilizing the policy and vulnerability engine; and making a recommendation for modifying a network feature based on the compliance determination, utilizing the policy and vulnerability engine; wherein the identifying semantic equivalencies comprises; identifying a list of facts gathered by each information source; identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and storing the semantic equivalences; wherein the recommendation is a list of network policy rules to include in the network policy; wherein the network policy rules are ranked based on a number of times that a network policy rule was applied, a severity meter set for the network policy rule, and assets that are affected; wherein an identifier is used for generating the network policy rule independently of a source type. - View Dependent Claims (2, 3, 4, 5, 12, 13, 14, 15, 16)
-
-
6. A server in a network auditing system, the server comprising:
-
a data store storing network information gathered by a plurality of heterogeneous information sources; a semantic normalization module coupled to the data store, the module identifying semantic equivalencies in the information gathered by the plurality of heterogeneous information sources; means for uniformly applying a network policy to the information identified as being semantically equivalent; means for determining compliance with the network policy; and means for making a recommendation for modifying a network feature based on the compliance determination; wherein the identifying semantic equivalencies comprises; identifying a list of facts gathered by each information source; identifying for each fact on the list one or more equivalent facts gathered by each of the other information sources; and storing the semantic equivalences; wherein the recommendation is a list of network policy rules to include in the network policy; wherein the network policy rules are ranked based on a number of times that a network policy rule was applied, a severity meter set for the network policy rule, and assets that are affected; wherein an identifier is used for generating the network policy rule independently of a source type. - View Dependent Claims (7, 8, 9, 10, 11)
-
Specification