Network risk analysis
First Claim
Patent Images
1. A method of analyzing security risk in a computer network comprising:
- receiving an event associated with a selected object in the computer network;
identifying an intrinsic risk for the event depending at least in part on the event that is received;
identifying, using a computer processor, a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object;
determining an object risk level for the selected object based at least in part on an event risk level of the event received;
wherein the event risk level accounts for the intrinsic risk and the source risk; and
propagating, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship.
1 Assignment
0 Petitions
Accused Products
Abstract
Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.
37 Citations
18 Claims
-
1. A method of analyzing security risk in a computer network comprising:
-
receiving an event associated with a selected object in the computer network; identifying an intrinsic risk for the event depending at least in part on the event that is received; identifying, using a computer processor, a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object; determining an object risk level for the selected object based at least in part on an event risk level of the event received;
wherein the event risk level accounts for the intrinsic risk and the source risk; andpropagating, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18)
-
-
9. A system for analyzing security risk in a computer network comprising, comprising:
-
a processor configured to; receive an event associated with a selected object in the computer network; identify an intrinsic risk for the event depending at least in part on the event that is received; identify a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object; determine an object risk level for the selected object based at least in part on an event risk level of the event received;
wherein the event risk level accounts for the intrinsic risk and the source risk;propagate, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium for analyzing security risk in a computer network comprising computer instructions for:
-
receiving an event associated with a selected object in the computer network; identifying an intrinsic risk for the event depending at least in part on the event that is received; identifying, using a computer processor, a source risk for the event depending at least in part on a source from which the event originated, the source being a separate object from the selected object; determining an object risk level for the selected object based at least in part on an event risk level of the event received;
wherein the event risk level accounts for the intrinsic risk and the source risk; andpropagating, without requiring human intervention, the event to another object that is related to the selected object according to asset relationships in the computer network, in the event that the event risk level exceeds a propagation threshold, wherein the asset relationships do not require a dependency relationship. - View Dependent Claims (17)
-
Specification