Method and system for configuring and scheduling security audits of a computer network
First Claim
Patent Images
1. A computer-implemented method for configuring and scheduling a security audit of a computer network comprising the steps of:
- a security audit system conducting a discovery scan to identify a first host of the computer network and assigning an asset value for the first host, wherein the asset value is based on information collected during the discovery scan and indicates the importance of the first host in the network;
the security audit system comprising an active scan engine, the active scan engine configuring an audit scan to perform on the first host by selecting a first scan policy based on the asset value and a first scan frequency based on the asset value, wherein the audit scan is more thorough than the discovery scan;
the active scan engine scheduling a time to perform the audit scan on the first host;
the security audit system running the audit scan according to the first scan policy and the first scan frequency at the scheduled time on the first host; and
the active scan engine calculating a security score for the first host based on the audit scan by summing one or more vulnerabilities associated with the first host.
1 Assignment
0 Petitions
Accused Products
Abstract
Managing the selection and scheduling of security audits run on a computing network. The computer network is surveyed by a security audit system to determine the function and relative importance of the elements in the network. Based on function and priority, a more thorough type of security audit is selected to run against each of the network elements by the security audit system. The security audit can also be automatically scheduled based on the information gathered from the survey. Once the system runs the security audit, a vulnerability assessment can be calculated for each element in the network. The vulnerability assessment can be presented in a format that facilitates interpretation and response by someone operating the system. The vulnerability assessment can also be used to configure and schedule future security audits.
295 Citations
21 Claims
-
1. A computer-implemented method for configuring and scheduling a security audit of a computer network comprising the steps of:
-
a security audit system conducting a discovery scan to identify a first host of the computer network and assigning an asset value for the first host, wherein the asset value is based on information collected during the discovery scan and indicates the importance of the first host in the network; the security audit system comprising an active scan engine, the active scan engine configuring an audit scan to perform on the first host by selecting a first scan policy based on the asset value and a first scan frequency based on the asset value, wherein the audit scan is more thorough than the discovery scan; the active scan engine scheduling a time to perform the audit scan on the first host; the security audit system running the audit scan according to the first scan policy and the first scan frequency at the scheduled time on the first host; and the active scan engine calculating a security score for the first host based on the audit scan by summing one or more vulnerabilities associated with the first host. - View Dependent Claims (2, 3, 18, 19)
-
-
4. A method for assessing the security of a network comprising the steps of:
-
a security audit system receiving an initial scan identifying a first network host and the function of the first network host and assigning an asset value for the first network host, wherein the asset value is based on information collected during the initial scan and indicates the importance of the first network host in the network; the security audit system comprising an active scan engine, the active scan engine selecting an audit scan to perform on the first network host, the audit scan comprising a first scan policy based on the asset value and a first scan frequency based on the asset value, wherein the audit scan is more thorough than the initial scan; the active scan engine scheduling the audit scan to perform on the first network host; the security audit system performing the audit scan according to the first scan policy and the first scan frequency on the first network host at the scheduled time; the active scan engine receiving data from the selected audit scan of the first network host; and the active scan engine computing a security score for the first network host from the selected audit scan by summing one or more vulnerabilities associated with the first network host. - View Dependent Claims (5, 6, 20, 21)
-
-
7. A computer program product for assessing the security of a network, the computer program product comprising:
-
a computer readable storage device; first program instructions for receiving an initial scan identifying a network host and assigning an asset value for the network host, wherein the asset value is based on information collected during the initial scan and indicates the importance of the network host; second program instructions for selecting an audit scan to perform on the network host, the audit scan comprising a first scan policy based on the asset value and a first scan frequency based on the asset value, wherein the audit scan is more thorough than the initial scan; third program instructions for performing the selected audit scan on the network in accordance with the first scan policy and the first scan frequency; fourth program instructions for receiving data from the selected audit scan of the network host; and fifth program instructions for computing a security score for the network host from the selected audit scan by summing one or more vulnerabilities associated with the network host; wherein the first, second third, fourth, and fifth program instructions are stored on the computer readable storage device. - View Dependent Claims (8, 9, 10)
-
-
11. A system for configuring and scheduling a security audit of a computer network comprising:
-
a security audit system comprising first program instructions for conducting a discovery scan to identify a host of a computer network and assigning an asset value for the host, wherein the asset value is based on information collected from the discovery scan and indicates the importance of the host in the network, the security audit system comprising an active scan engine, the active scan engine comprising second program instructions for configuring and scheduling an audit scan of the host, the audit scan comprising a scan policy based on the asset value and a scan frequency based on the asset value wherein the audit scan is more thorough than the discovery scan, and computing a security score for the host from the selected audit scan by summing one or more vulnerabilities associated with the host; a console comprising third program instructions for receiving information from the security audit system and transmitting information to the security audit system about the discovery scan and the audit scan; and a computer readable storage device on which the first, second, and third program instructions are stored. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsZobel, Robert David, Singer, Christopher S., Millar, Sharon A., Dodd, Timothy David, Nesfeder, David Gerald Jr.
-
Primary Examiner(s)Orgad; Edan
-
Assistant Examiner(s)SHAW, YIN CHEN
-
Application NumberUS11/821,194Publication NumberTime in Patent Office1,048 DaysField of Search726 22- 25, 713/188, 709224-225US Class Current726/25CPC Class CodesG06F 21/577 Assessing vulnerabilities a...G06F 2221/2101 Auditing as a secondary aspectH04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1433 Vulnerability analysis
