Uniquely identifying attacked assets
First Claim
Patent Images
1. A computer-implemented method comprising:
- maintaining, by at least one data processing apparatus, asset data for each asset in a system of assets, each of the assets being identified by a corresponding unique identifier and at least one non-unique identifier, wherein each non-unique identifier can be shared with at least one other asset in the system of assets and each unique identifier is unique within the system of assets;
maintaining, by at least one data processing apparatus, protection data for each of a plurality of sensors, wherein the protection data for each sensor associates one or more assets in the system of assets to a corresponding sensor by mapping an identifier for the corresponding sensor to each unique identifier of the assets associated with the corresponding sensor;
receiving, at least one data processing apparatus, attack data specifying a plurality of attacks detected by sensors in the plurality of sensors as attacks on assets in the system of assets, wherein the attack data specifies, for each attack, an identification of the attack, an identification of the sensor that detected the attack, and the non-unique identifier of the asset that was attacked;
determining, by at least one data processing apparatus, for a particular one of the plurality of attacks detected by a particular one of the plurality of sensors as an attack on a particular one of the system of assets, the unique identifier of the particular asset, the determining including;
identifying the non-unique identifier of the particular asset and the particular sensor from the attack data;
identifying, from the protection data of the identified particular sensor, the unique identifiers of the assets associated with the particular sensor;
determining, from the asset data, that a particular unique identifier in the identified unique identifiers is mapped to the identified non-unique identifier of the particular asset; and
determining that the particular unique identifier is the unique identifier of the particular asset; and
updating a risk categorization for the particular asset to account for the determined particular attack on the particular asset.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for uniquely identifying attacked assets. One method includes maintaining asset data mapping unique asset identifiers to non-unique asset identifiers and maintaining protection data mapping identifiers of sensors to unique identifiers of assets protected by the sensor. Attack data specifying attacks on particular assets is received. The unique identifier of each asset attacked is determined from the attack data, the protection data and the asset data.
26 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
maintaining, by at least one data processing apparatus, asset data for each asset in a system of assets, each of the assets being identified by a corresponding unique identifier and at least one non-unique identifier, wherein each non-unique identifier can be shared with at least one other asset in the system of assets and each unique identifier is unique within the system of assets; maintaining, by at least one data processing apparatus, protection data for each of a plurality of sensors, wherein the protection data for each sensor associates one or more assets in the system of assets to a corresponding sensor by mapping an identifier for the corresponding sensor to each unique identifier of the assets associated with the corresponding sensor; receiving, at least one data processing apparatus, attack data specifying a plurality of attacks detected by sensors in the plurality of sensors as attacks on assets in the system of assets, wherein the attack data specifies, for each attack, an identification of the attack, an identification of the sensor that detected the attack, and the non-unique identifier of the asset that was attacked; determining, by at least one data processing apparatus, for a particular one of the plurality of attacks detected by a particular one of the plurality of sensors as an attack on a particular one of the system of assets, the unique identifier of the particular asset, the determining including; identifying the non-unique identifier of the particular asset and the particular sensor from the attack data; identifying, from the protection data of the identified particular sensor, the unique identifiers of the assets associated with the particular sensor; determining, from the asset data, that a particular unique identifier in the identified unique identifiers is mapped to the identified non-unique identifier of the particular asset; and determining that the particular unique identifier is the unique identifier of the particular asset; and updating a risk categorization for the particular asset to account for the determined particular attack on the particular asset. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor; and a computer storage medium coupled to the processor and including instructions, which, when executed by the processor, causes the processor to perform operations comprising; maintaining asset data for each asset in a system of assets, each of the assets being identified by a corresponding unique identifier, the asset data mapping the unique identifier and at least one non-unique identifier, wherein each non-unique identifier can be shared with at least one other asset in the system of assets and each unique identifier is unique within the system of assets; maintaining protection data for each of a plurality of sensors, wherein the protection data for each sensor associates one or more assets in the system of assets to a corresponding sensor by mapping an identifier for the corresponding sensor to each unique identifier of the assets associated with the corresponding sensor; receiving attack data specifying a plurality of attacks detected by sensors in the plurality of sensors as attacks on assets in the system of assets, wherein the attack data specifies, for each attack, an identification of the attack, an identification of the sensor that detected the attack, and the non-unique identifier of the asset that was attacked; determining, for a particular one of the plurality of attacks detected by a particular one of the plurality of sensors as an attack on a particular one of the system of assets, the unique identifier of the particular asset, the determining including; identifying the non-unique identifier of the particular asset and the particular sensor from the attack data; identifying, from the protection data of the identified particular sensor, the unique identifiers of the assets associated with the particular sensor; determining, from the asset data, that a particular unique identifier in the identified unique identifiers is mapped to the identified non-unique identifier of the particular asset; and determining that the particular unique identifier is the unique identifier of the particular asset; and updating a risk categorization for the particular asset to account for the determined particular attack on the particular asset. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-storage medium encoded with a computer program including instructions operable to cause at least one data processing apparatus to perform operations comprising:
-
maintaining asset data for each asset in a system of assets, each of the assets being identified by a corresponding unique identifier, the asset data mapping the unique identifier and at least one non-unique identifier, wherein each non-unique identifier can be shared with at least one other asset in the system of assets and each unique identifier is unique within the system of assets; maintaining protection data for each of a plurality of sensors, wherein the protection data for each sensor associates one or more assets in the system of assets to a corresponding sensor by mapping an identifier for the corresponding sensor to each unique identifier of the assets associated with the corresponding sensor; receiving attack data specifying a plurality of attacks detected by sensors in the plurality of sensors as attacks on assets in the system of assets, wherein the attack data specifies, for each attack, an identification of the attack, an identification of the sensor that detected the attack, and the non-unique identifier of the asset that was attacked; determining, for a particular one of the plurality of attacks detected by a particular one of the plurality of sensors as an attack on a particular one of the system of assets, the unique identifier of the particular asset, the determining including; identifying the non-unique identifier of the particular asset and the particular sensor from the attack data; identifying, from the protection data of the identified particular sensor, the unique identifiers of the assets associated with the particular sensor; determining, from the asset data, that a particular unique identifier in the identified unique identifiers is mapped to the identified non-unique identifier of the particular asset; and determining that the particular unique identifier is the unique identifier of the particular asset; and updating a risk categorization for the particular asset to account for the determined particular attack on the particular asset. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification