System and method for interfacing with heterogeneous network data gathering tools

US 8,789,140 B2
Filed: 12/06/2011
Issued: 07/22/2014
Est. Priority Date: 02/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving network scan results from information sources in heterogeneous formats;

converting the network scan results into structurally normalized scan results using a plurality of first tags and a second tag nested in the first tags, the first tags indicating a test, the second tag indicating a result of the test;

identifying semantically equivalent network scan results in the structurally normalized scan results; and

comparing at least a portion of the semantically equivalent network scan results with a network policy to determine a compliance with the network policy.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A prevention-based network auditing system includes a plurality of heterogeneous information sources gathering information about the network. An audit server invokes the heterogeneous information sources via a uniform communications interface to gather information about the network, and converts the information gathered by the information sources into a normalized data format such as, for example, into XML (Extensible Markup Language). The converted information is then stored in an audit repository for security and regulatory policy assessment, network vulnerability analysis, report generation, and security improvement recommendations.

279 Citations

20 Claims

1. A method, comprising:
- receiving network scan results from information sources in heterogeneous formats;
  
  converting the network scan results into structurally normalized scan results using a plurality of first tags and a second tag nested in the first tags, the first tags indicating a test, the second tag indicating a result of the test;
  
  identifying semantically equivalent network scan results in the structurally normalized scan results; and
  
  comparing at least a portion of the semantically equivalent network scan results with a network policy to determine a compliance with the network policy.
- View Dependent Claims (2, 3, 4, 5, 6, 18)
- - 2. The method of claim 1, wherein the network scan results include a list of wireless access point devices and associated parameters for accessing one or more wireless networks, and a location for each of the wireless access points is determined.
  - 3. The method of claim 1, further comprisinggenerating a remediation task for a violation of the network policy.
  - 4. The method of claim 1, further comprisinggenerating a remediation task for a violation of the network policy, wherein the remediation task identifies the violation by a severity and an address of a host associated with the violation.
  - 5. The method of claim 1, wherein the identifying the semantically equivalent network scan results comprises associating a symbolic reference with at least two of the information sources in a reference map.
  - 6. The method of claim 5, wherein the symbolic reference is mapped to corresponding test identifiers produced by the information sources.
  - 18. The method of claim 1, wherein the information sources are associated with a plurality of scanners for which meta-information is provided, the meta-information relates to capabilities for each of the scanners and how each of the scanners maps to scanners that can perform similar testing operations, and the converting comprises utilizing a conversion table that maps fields of the heterogeneous formats into fields in the normalized scan results.

7. Logic encoded in one or more non-transitory media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
- receiving network scan results from information sources in heterogeneous formats;
  
  converting the network scan results into structurally normalized scan results using a plurality of first tags and a second tag nested in the first tags, the first tags indicating a test, the second tag indicating a result of the test;
  
  identifying semantically equivalent network scan results in the structurally normalized scan results; and
  
  comparing at least a portion of the semantically equivalent network scan results with a network policy to determine a compliance with the network policy.
- View Dependent Claims (8, 9, 10, 11, 12, 19)
- - 8. The encoded logic of claim 7, wherein the network scan results include a list of wireless access point devices and associated parameters for accessing one or more wireless networks, and a location for each of the wireless access points is determined.
  - 9. The encoded logic of claim 7, wherein the operations further comprisegenerating a remediation task for a violation of the network policy.
  - 10. The encoded logic of claim 7, wherein the operations further comprisegenerating a remediation task for a violation of the network policy, wherein the remediation task identifies the violation by a severity and an address of a host associated with the violation.
  - 11. The encoded logic of claim 7, wherein the identifying the semantically equivalent network scan results comprises associating a symbolic reference with at least two of the information sources in a reference map.
  - 12. The encoded logic of claim 11, wherein the symbolic reference is mapped to corresponding test identifiers produced by the information sources.
  - 19. The encoded logic of claim 7, wherein the information sources are associated with a plurality of scanners for which meta-information is provided, the meta-information relates to capabilities for each of the scanners and how each of the scanners maps to scanners that can perform similar testing operations, and the converting comprises utilizing a conversion table that maps fields of the heterogeneous formats into fields in the normalized scan results.

13. A system, comprising:
- one or more processors operable to execute instructions stored on a memory such that the one or more processorsreceive network scan results from information sources in heterogeneous formats;
  
  convert the network scan results into structurally normalized scan results using a plurality of first tags and a second tag nested in the first tags, the first tags indicating a test, the second tag indicating a result of the test;
  
  identify semantically equivalent network scan results in the structurally normalized scan results; and
  
  compare at least a portion of the semantically equivalent network scan results with a network policy to determine a compliance with the network policy.
- View Dependent Claims (14, 15, 16, 17, 20)
- - 14. The system of claim 13, wherein the network scan results include a list of wireless access point devices and associated parameters for accessing one or more wireless networks, and a location for each of the wireless access points is determined.
  - 15. The system of claim 13, wherein the one or more processors are operable to generate a remediation task for a violation of the network policy.
  - 16. The system of claim 13, wherein the one or more processors are operable to generate a remediation task for a violation of the network policy, and the remediation task identifies the violation by a severity and an address of a host associated with the violation.
  - 17. The system of claim 13, wherein the one or more processors identify the semantically equivalent network scan results by associating a symbolic reference with at least two of the information sources in a reference map.
  - 20. The system of claim 13, wherein the information sources are associated with a plurality of scanners for which meta-information is provided, the meta-information relates to capabilities for each of the scanners and how each of the scanners maps to scanners that can perform similar testing operations, and the one or more processors are operable to utilize a conversion table that maps fields of the heterogeneous formats into fields in the normalized scan results.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
Preventsys, Inc. (McAfee, LLC)
Inventors
Williams, John Leslie, Costello, Brian, Ravenel, John Patrick, Walpole, Thomas Paul
Primary Examiner(s)
Kyle, Tamara T

Application Number

US13/312,963
Publication Number

US 20120079106A1
Time in Patent Office

959 Days
Field of Search

726/3
US Class Current

726/3
CPC Class Codes

H04L 41/0853   by actively collecting conf...

H04L 41/0856   by backing up or archiving ...

H04L 41/0859   by keeping history of diffe...

H04L 43/00   Arrangements for monitoring...

H04L 43/045   for graphical visualisation...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

System and method for interfacing with heterogeneous network data gathering tools

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

279 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for interfacing with heterogeneous network data gathering tools

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

279 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links