Security infrastructure
First Claim
Patent Images
1. A method for operating an automated security infrastructure, comprising:
- receiving data in response to a first event in the security infrastructure;
formatting the data into an event-message having a common format within the security infrastructure; and
distributing the event-message to at least one processing entity of one or more processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein each of the one or more processing entities is assigned to a different security issue, comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.
4 Assignments
0 Petitions
Accused Products
Abstract
An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept informed based on notification subscription lists. Assigned security personnel'"'"'s progress in resolving outstanding security issues is monitored until those issues are resolved.
30 Citations
20 Claims
-
1. A method for operating an automated security infrastructure, comprising:
-
receiving data in response to a first event in the security infrastructure; formatting the data into an event-message having a common format within the security infrastructure; and distributing the event-message to at least one processing entity of one or more processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein each of the one or more processing entities is assigned to a different security issue, comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer readable medium comprising a program that when executed by a processor operates an automated security infrastructure, comprising:
-
an event-message formatter that formats received data generated in response to a first event into an event-message having a common format within the security infrastructure; and an event-message distributor that distributes the event-message to at least one security agent of one or more security agents of the security infrastructure, wherein said at least one security agent is assigned to analyze a topic of the event-message, wherein each of the one or more security agents is assigned to a different security issue, comprises a computing device and uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages. - View Dependent Claims (16, 17, 18, 19)
-
-
20. An automated security infrastructure, comprising:
-
means for detecting a first event and generating an event-message in a common format for interoperable use within the security infrastructure; means for searching for one or more associated tickets associated with the event-message; means for opening a new ticket based on the event-message; means for collecting further events occurring after the first event, wherein said means for collecting is assigned to analyze a topic of the first and further events to identify one or more patterns associated with known security issues, wherein said means for analyzing comprises a computing device and one or more security agents that are assigned to a different security issue and, wherein each of the one or more security agents uses at least one inference engine, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages; means for identifying and performing containment actions; means for assessing an impact of the first event; means for analyzing a ticket history of an associated ticket to identify patterns associated with one or more dribble attacks and for containment of the one or more dribble attacks; means for notifying personnel of a new ticket being opened or of information of a ticket being updated; means for sending a new ticket to one or more assigned security personnel; and means for escalating the new ticket and monitoring the new ticket until the new ticket is resolved.
-
Specification