Network risk analysis

US 7,984,504 B2
Filed: 06/24/2008
Issued: 07/19/2011
Est. Priority Date: 01/21/2003
Status: Active Grant

First Claim

Patent Images

1. A method of analyzing security risk in a computer network comprising:

receiving an event associated with a selected object in the computer network;

identifying an intrinsic risk for the event depending at least in part on the event that is received;

identifying, using a computer processor, a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object;

determining an object risk level for the selected object based at least in part on an event risk level of the event received;

wherein the event risk level accounts for the intrinsic risk and the source risk; and

propagating, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.

37 Citations

View as Search Results

18 Claims

1. A method of analyzing security risk in a computer network comprising:
- receiving an event associated with a selected object in the computer network;
  
  identifying an intrinsic risk for the event depending at least in part on the event that is received;
  
  identifying, using a computer processor, a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object;
  
  determining an object risk level for the selected object based at least in part on an event risk level of the event received;
  
  wherein the event risk level accounts for the intrinsic risk and the source risk; and
  
  propagating, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18)
- - 2. The method of claim 1, wherein the event risk level depends at least in part on a detecting device that detects the event and provides the event risk level.
  - 3. The method of claim 1, wherein the intrinsic risk depends at least in part on event type and intensity.
  - 4. The method of claim 1, wherein the object risk level is further based at least in part on a time function that changes the object risk level over time.
  - 5. The method of claim 4, wherein the time function includes a decay function that is defined differently for different event types.
  - 6. The method of claim 4, wherein the time function indicates a time dependent risk level following a probing event.
  - 7. The method of claim 4, wherein the time function changes the object risk level regardless of risk origin.
  - 8. The method of claim 1, wherein the source risk level depends at least in part on a connection between the source and the selected object that receives the event.
  - 18. The method of claim 1, further comprising propagating the event to the source object.

9. A system for analyzing security risk in a computer network comprising, comprising:
- a processor configured to;
  
  receive an event associated with a selected object in the computer network;
  
  identify an intrinsic risk for the event depending at least in part on the event that is received;
  
  identify a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object;
  
  determine an object risk level for the selected object based at least in part on an event risk level of the event received;
  
  wherein the event risk level accounts for the intrinsic risk and the source risk;
  
  propagate, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship; and
  
  a memory coupled to the processor and configured to provide the processor with instructions.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the event risk level depends at least in part on a detecting device that detects the event and provides the event risk level.
  - 11. The system of claim 9, wherein the intrinsic risk depends at least in part on event type and intensity.
  - 12. The system of claim 9, wherein the object risk level is further based at least in part on a time function that changes the object risk level over time.
  - 13. The system of claim 12, wherein the time function includes a decay function that is defined differently for different event types.
  - 14. The system of claim 12, wherein the time function indicates a time dependent risk level following a probing event.
  - 15. The system of claim 9, wherein the source risk level depends at least in part on a connection between the source and the selected object that receives the event.

16. A non-transitory computer readable storage medium for analyzing security risk in a computer network comprising computer instructions for:
- receiving an event associated with a selected object in the computer network;
  
  identifying an intrinsic risk for the event depending at least in part on the event that is received;
  
  identifying, using a computer processor, a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object;
  
  determining an object risk level for the selected object based at least in part on an event risk level of the event received;
  
  wherein the event risk level accounts for the intrinsic risk and the source risk; and
  
  propagating, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship.
- View Dependent Claims (17)
- - 17. The non-transitory computer readable storage medium recited in claim 16, wherein the object risk level is further based at least in part on a time function that changes the object risk level over time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Bennett, Jeremy, Hernacki, Brian
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tran; Tongoc

Application Number

US12/215,112
Publication Number

US 20080289043A1
Time in Patent Office

1,120 Days
Field of Search

726/23, 726/25, 713/151, 713165-167, 709/224
US Class Current

726/25
CPC Class Codes

H04L 63/02 for separating internal fro...

H04L 63/14 for detecting or protecting...

Network risk analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network risk analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links