Security countermeasure management platform

US 8,800,045 B2
Filed: 02/11/2012
Issued: 08/05/2014
Est. Priority Date: 02/11/2011
Status: Active Grant

First Claim

Patent Images

1. Apparatus for use in association with a computing environment, comprising:

a hardware processor;

computer memory holding computer program instructions executed by the processor to perform the following operations;

receiving information security risk data from one or more sources in each of two or more distinct risk categories, each risk category associated with a distinct type, the information security risk data from at least a source in a first risk category being distinct from and uncorrelated to the information security risk data from a source in a second risk category;

augmenting the received information security risk data from each source in each of two or more distinct risk categories with other data to generate an aggregate risk entity, the other data being one of;

information security standards data, and risk impact attribute data;

processing the aggregate risk entity against a vulnerability-to-countermeasure knowledge base that includes countermeasure attribute data to discover, with respect to the aggregate risk entity, a set of countermeasures applicable to potentially address a security exposure as represented in the aggregate risk entity, the countermeasure attribute data including a current configuration of at least one countermeasure; and

with respect to a particular security exposure represented in the aggregate risk entity, presenting information regarding the countermeasures that have been discovered, the information identifying (i) an expected cost of implementing the countermeasure, wherein the expected cost of implementing the countermeasure is based at least in part on a time spent to identify a security exposure and enact a configuration change, (ii) an expected effectiveness of implementing the countermeasure, (iii) an indication of whether the countermeasure is available in the computing environment, and (iv) a recommended change to at least one current configuration of at least one of the set of countermeasures, the information being further available for presentation as an ordered listing to enable definition of a layered, multi-countermeasure response to the security exposure.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management platform that allows security and compliance users to view risks and vulnerabilities in their environment with the added context of what other mitigating security countermeasures are associated with that vulnerability and that are applicable and/or available within the overall security architecture. Additionally, the platform allows users to take one or more actions from controlling the operation of a security countermeasure for mitigation purposes to documenting the awareness of a security countermeasure that is in place.

Citations

24 Claims

1. Apparatus for use in association with a computing environment, comprising:
- a hardware processor;
  
  computer memory holding computer program instructions executed by the processor to perform the following operations;
  
  receiving information security risk data from one or more sources in each of two or more distinct risk categories, each risk category associated with a distinct type, the information security risk data from at least a source in a first risk category being distinct from and uncorrelated to the information security risk data from a source in a second risk category;
  
  augmenting the received information security risk data from each source in each of two or more distinct risk categories with other data to generate an aggregate risk entity, the other data being one of;
  
  information security standards data, and risk impact attribute data;
  
  processing the aggregate risk entity against a vulnerability-to-countermeasure knowledge base that includes countermeasure attribute data to discover, with respect to the aggregate risk entity, a set of countermeasures applicable to potentially address a security exposure as represented in the aggregate risk entity, the countermeasure attribute data including a current configuration of at least one countermeasure; and
  
  with respect to a particular security exposure represented in the aggregate risk entity, presenting information regarding the countermeasures that have been discovered, the information identifying (i) an expected cost of implementing the countermeasure, wherein the expected cost of implementing the countermeasure is based at least in part on a time spent to identify a security exposure and enact a configuration change, (ii) an expected effectiveness of implementing the countermeasure, (iii) an indication of whether the countermeasure is available in the computing environment, and (iv) a recommended change to at least one current configuration of at least one of the set of countermeasures, the information being further available for presentation as an ordered listing to enable definition of a layered, multi-countermeasure response to the security exposure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The apparatus as described in claim 1 wherein the operations further include:
    - receiving additional data defining the layered, multi-countermeasure response as a policy-based countermeasure workflow associated with one or more countermeasures discovered to attempt to address the particular security exposure represented in the aggregate risk entity; and
      
      implementing the policy-based countermeasure workflow.
  - 3. The apparatus as described in claim 2 wherein the policy-based countermeasure workflow provides for one of:
    - control of the particular countermeasure for remediation or mitigation of the vulnerability risk, documentation of the particular countermeasure for awareness purposes, and documentation of the particular countermeasure for configuration, compliance, audit and reporting purposes.
  - 4. The apparatus as described in claim 1 wherein the vulnerability-to-countermeasure knowledge base comprises a set of countermeasure data that is organized as a taxonomy.
  - 5. The apparatus as described in claim 1 wherein the countermeasures discovered are presented according to a ranking of effectiveness.
  - 6. The apparatus as described in claim 1 wherein the one or more sources are located within a same layer of a multi-layer OSI-protocol stack.
  - 7. The apparatus as described in claim 6 wherein at least two of the sources are located across multiple layers of the multi-layer OSI protocol stack.
  - 8. The apparatus as described in claim 1 wherein the aggregate risk entity is structured according to a machine-readable markup language.
  - 9. The apparatus as described in claim 8 wherein the markup language is Malware Attribution Enumeration and Characterization (MAEC).
  - 10. The apparatus as described in claim 1 wherein the operations further include receiving discovery or data entry identifying countermeasures that are present in the computing environment.
  - 11. The apparatus as described in claim 1 wherein the computing environment is located remote from the hardware processor.
  - 12. The apparatus as described in claim 1 wherein the hardware processor is located within the computing environment.
  - 13. The apparatus as described in claim 1 wherein one or more of the operations are implemented in a software-as-a-service model.
  - 14. The apparatus as described in claim 1 wherein the information is presenting via a display interface.
  - 15. The apparatus as described in claim 14 wherein the display interface juxtaposes the information identifying the expected cost of implementing the countermeasure, and the information identifying the expected effectiveness of implementing the countermeasure.
  - 16. The apparatus as described in claim 2 wherein the policy-based countermeasure workflow automates a process of discovering a risk and addressing the risk using one of the available countermeasures based on a defined policy.

17. A method of countermeasure awareness and control with respect to a computing environment, comprising:
- receiving information security risk data from one or more sources in each of two or more distinct risk categories, each risk category associated with a distinct type, the information security risk data from at least a source in a first risk category being distinct from and uncorrelated to the information security risk data from a source in a second risk category;
  
  augmenting the received information security risk data from each source in each of two or more distinct risk categories with other data to generate an aggregate risk entity, the other data being one of;
  
  information security standards data, and risk impact attribute data;
  
  processing, using at least one hardware element, the aggregate risk entity against a vulnerability-to-countermeasure knowledge base that includes countermeasure attribute data to discover, with respect to the aggregate risk entity, a set of countermeasures applicable to potentially address a security exposure as represented in the aggregate risk entity, the countermeasure attribute data including a current configuration of at least one countermeasure; and
  
  with respect to a particular security exposure represented in the aggregate risk entity, presenting information regarding the countermeasures that have been discovered, the information identifying (i) an expected cost of implementing the countermeasure, wherein the expected cost of implementing the countermeasure is based at least in part on a time spent to identify a security exposure and enact a configuration change, (ii) an expected effectiveness of implementing the countermeasure, (iii) an indication of whether the countermeasure is available in the computing environment, and (iv) a recommended change to at least one current configuration of at least one of the set of countermeasures, the information being further available for presentation as an ordered listing to enable definition of a layered, multi-countermeasure response to the security exposure.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The method as described in claim 17 further including:
    - receiving additional data defining the layered, multi-countermeasure response as a policy-based countermeasure workflow associated with one or more countermeasures discovered to attempt to address the particular security exposure represented by the aggregate risk entity; and
      
      implementing the policy-based countermeasure workflow.
  - 19. The method as described in claim 18 wherein the policy-based countermeasure workflow provides for one of:
    - control of the particular countermeasure for remediation or mitigation of the vulnerability risk, documentation of the particular countermeasure for awareness purposes, and documentation of the particular countermeasure for configuration, compliance, audit and reporting purposes.
  - 20. The method as described in claim 17 wherein at least one of the operations is implemented via a software-as-a-service model.
  - 21. The method as described in claim 17 wherein the vulnerability-to-countermeasures knowledge base comprises a set of countermeasure data that is organized as a taxonomy.
  - 22. The method as described in claim 17 wherein the countermeasures discovered are presented according to a ranking of effectiveness.
  - 23. The method as described in claim 17 further including receiving discovery or data entry identifying countermeasures that are present in the computing environment.
  - 24. The method as described in claim 18 wherein the policy-based countermeasure workflow automates a process of discovering a risk and addressing the risk using one of the available countermeasures based on a defined policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alert Logic Incorporated
Original Assignee
Achilles Guard, Inc. (Alert Logic Incorporated)
Inventors
Curtis, Michael S., Paxson, Audian H., Bunker, Eva E., Bunker, Nelson W., Mitchell, Kevin M.
Primary Examiner(s)
Khoshnoodi, Nadia
Assistant Examiner(s)
DE JESUS LASSAIA, CARLOS MANUEL

Application Number

US13/371,405
Publication Number

US 20120210434A1
Time in Patent Office

906 Days
Field of Search

726/25, 726/22
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2151   Time stamp

H04L 63/0263   Rule management

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Security countermeasure management platform

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Security countermeasure management platform

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links