Security infrastructure

US 7,663,479 B1
Filed: 12/21/2005
Issued: 02/16/2010
Est. Priority Date: 12/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method for operating an automated security infrastructure, comprising:

receiving data in response to a first event in the security infrastructure;

formatting the data into an event-message having a common format within the security infrastructure; and

distributing the event-message to at least one processing entity of one or more processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein each of the one or more processing entities is assigned to a different security issue, comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept informed based on notification subscription lists. Assigned security personnel'"'"'s progress in resolving outstanding security issues is monitored until those issues are resolved.

30 Citations

View as Search Results

20 Claims

1. A method for operating an automated security infrastructure, comprising:
- receiving data in response to a first event in the security infrastructure;
  
  formatting the data into an event-message having a common format within the security infrastructure; and
  
  distributing the event-message to at least one processing entity of one or more processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein each of the one or more processing entities is assigned to a different security issue, comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - searching a ticket repository for one or more associated tickets that are associated with the event-message if the event-message corresponds to one or more security issues; and
      
      updating information in the one or more associated tickets based on the event-message.
  - 3. The method of claim 2, further comprising:
    - opening a new ticket based on the event-message if an associated ticket is not found in the ticket repository; and
      
      initializing parameters of the new ticket based on one or more corresponding security issues.
  - 4. The method of claim 3, further comprising:
    - collecting further events occurring after the first event.
  - 5. The method of claim 4, further comprising:
    - identifying containment actions if said assigned security issues are identified in the analyzing said one or more assigned security issues; and
      
      performing the containment actions.
  - 6. The method of claim 5, further comprising:
    - assessing an impact of the first event if no containment actions are identified; and
      
      updating information in the new ticket and/or an associated ticket.
  - 7. The method of claim 4, further comprising:
    - analyzing a ticket history of an associated ticket to identify patterns associated with one or more dribble attacks;
      
      identifying containment actions if one or more dribble attacks are identified in the analyzing of said ticket history;
      
      performing the containment actions; and
      
      updating information in the associated ticket.
  - 8. The method of claim 3, further comprising:
    - notifying first personnel when either a ticket is opened or when information of a ticket is updated; and
      
      closing a ticket if the ticket has a lowest priority.
  - 9. The method of claim 8, further comprising:
    - sending the new ticket to one or more assigned security personnel based on parameters of the new ticket; and
      
      monitoring to confirm receipt of the new ticket by the one or more assigned security personnel.
  - 10. The method of claim 9, further comprising:
    - escalating the new ticket by alerting other one or more personnel until receipt of the new ticket is confirmed; and
      
      monitoring the new ticket until a status of the ticket indicates that the ticket is resolved.
  - 11. The method of claim 10, further comprising:
    - a. delaying a predetermined amount of time;
      
      b. checking if the one or more assigned security personnel has received the new ticket;
      
      c. alerting the other one or more personnel if the new ticket is not received; and
      
      d. repeating steps a-c until the new ticket is received.
  - 12. The method of claim 11, further comprising:
    - changing the predetermined amount of time for each iteration; and
      
      alerting different ones of the other one or more personnel for each iteration.
  - 13. The method of claim 10, further comprising:
    - a. delaying a predetermined amount of time;
      
      b. checking if the new ticket has been resolved;
      
      c. alerting one or more personnel if the new ticket is not resolved; and
      
      d. repeating steps a-c until the new ticket is resolved.
  - 14. The method of claim 13, further comprising:
    - changing the predetermined amount of time for each iteration; and
      
      alerting different ones of the other one or more personnel for each iteration.

15. A computer readable medium comprising a program that when executed by a processor operates an automated security infrastructure, comprising:
- an event-message formatter that formats received data generated in response to a first event into an event-message having a common format within the security infrastructure; and
  
  an event-message distributor that distributes the event-message to at least one security agent of one or more security agents of the security infrastructure, wherein said at least one security agent is assigned to analyze a topic of the event-message, wherein each of the one or more security agents is assigned to a different security issue, comprises a computing device and uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer readable medium of claim 15, the security agent performing a process comprising:
    - searching a ticket repository for one or more associated tickets that are associated with the event-message if the event-message corresponds to one or more security issues;
      
      updating information in the one or more associated tickets based on the event-message;
      
      opening a new ticket based on the event-message if an associated ticket is not found in the ticket repository; and
      
      initializing parameters of the new ticket based on one or more corresponding security issues.
  - 17. The computer readable medium of claim 16, the security agent performing a process further comprising:
    - collecting further events occurring after the first event;
      
      analyzing the first event and the further events to identify one or more patterns associated with known security issues;
      
      identifying containment actions if known security issues are identified in the analyzing the first event step;
      
      performing the containment actions;
      
      assessing an impact of the first event if no containment actions are identified; and
      
      updating information in the new ticket and/or an associated ticket.
  - 18. The computer readable medium of claim 17, the security agent performing a process further comprising:
    - analyzing a ticket history of an associated ticket to identify patterns associated with dribble attacks;
      
      identifying containment actions if one or more dribble attacks are identified in the analyzing of said ticket history;
      
      performing the containment actions; and
      
      updating information in the associated ticket.
  - 19. The computer readable medium of claim 17, further comprising a ticket tracker, the ticket tracker performing a process comprising:
    - notifying first personnel when either a ticket is opened or when information of a ticket is updated;
      
      closing a ticket if the ticket has a lowest priority;
      
      sending the new ticket to one or more assigned security personnel based on parameters of the new ticket;
      
      monitoring to confirm receipt of the new ticket by the one or more assigned security personnel;
      
      escalating the new ticket by alerting other one or more personnel until receipt of the new ticket is confirmed; and
      
      monitoring the new ticket until a status of the ticket indicates that the ticket is resolved.

20. An automated security infrastructure, comprising:
- means for detecting a first event and generating an event-message in a common format for interoperable use within the security infrastructure;
  
  means for searching for one or more associated tickets associated with the event-message;
  
  means for opening a new ticket based on the event-message;
  
  means for collecting further events occurring after the first event, wherein said means for collecting is assigned to analyze a topic of the first and further events to identify one or more patterns associated with known security issues, wherein said means for analyzing comprises a computing device and one or more security agents that are assigned to a different security issue and, wherein each of the one or more security agents uses at least one inference engine, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages;
  
  means for identifying and performing containment actions;
  
  means for assessing an impact of the first event;
  
  means for analyzing a ticket history of an associated ticket to identify patterns associated with one or more dribble attacks and for containment of the one or more dribble attacks;
  
  means for notifying personnel of a new ticket being opened or of information of a ticket being updated;
  
  means for sending a new ticket to one or more assigned security personnel; and
  
  means for escalating the new ticket and monitoring the new ticket until the new ticket is resolved.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Bajpay, Paritosh, Liu, Jackson, Bienfait, Roberta, Stokes, Denise, Cast, Ginny, Chiang, Wan-Ping, Hanechak, Kim
Primary Examiner(s)
Crosland; Donnie L

Application Number

US11/312,402
Time in Patent Office

1,518 Days
Field of Search

340/506
US Class Current

340/506
CPC Class Codes

G08B 25/08 using communication transmi...

Security infrastructure

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security infrastructure

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links