Geo-mapping system security events

US 8,973,147 B2
Filed: 12/29/2011
Issued: 03/03/2015
Est. Priority Date: 12/29/2011
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;

identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;

identify a source of the particular security event, wherein the source is associated with at least one second computing device;

associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and

generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation to include;

a first graphical element to represent the particular grouping of network assets in which the particular computing device is included, and a second graphical element to represent the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A particular security event is identified that has been detected as targeting a particular computing device included in a particular computing system. A particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular computing device. A source of the particular security event is also identified and at least one of a geographic location and a grouping of assets in the plurality of asset groupings is associated with the identified source. Data is generated that is adapted to cause a presentation of a graphical representation of the particular security event on a display device, the graphical representation including a first graphical element representing the particular computing device as included in the particular grouping of assets and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets.

149 Citations

22 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
  
  identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;
  
  identify a source of the particular security event, wherein the source is associated with at least one second computing device;
  
  associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
  
  generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation to include;
  
  a first graphical element to represent the particular grouping of network assets in which the particular computing device is included, and a second graphical element to represent the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The storage medium of claim 1, wherein the graphical representation includes a view of a geographic map and at least one of the first and second graphical elements are overlaid on the view of the geographic map.
  - 3. The storage medium of claim 2, wherein the source is associated with a particular geographic location included in the view of the geographic map and the particular geographic location is identified from a device identifier associated with the source.
  - 4. The storage medium of claim 2, wherein the graphical representation further includes a representation of two or more asset groupings in the plurality of asset groupings, the two or more asset groupings including the particular grouping.
  - 5. The storage medium of claim 4, wherein the first graphical element is positioned in the graphical representation to correspond with the representation of the particular grouping and the second graphical element is positioned in the graphical representation to correspond with the particular geographic location on the view of the geographic map.
  - 6. The storage medium of claim 1, the graphical representation is further to include a graphical connector to associate the first graphical element with the second graphical element and to represent that the particular computing device and the source are associated with the particular security event.
  - 7. The storage medium of claim 1, wherein the first graphical element is a bubble element and a diameter of the bubble element corresponds to a quantity of detected security events including the particular security event.
  - 8. The storage medium of claim 1, wherein the source is identified as included in the particular computing system and the source is associated with a first grouping in the plurality of asset groupings.
  - 9. The storage medium of claim 8, wherein the particular grouping is the first grouping.
  - 10. The storage medium of claim 8, wherein the particular grouping is a grouping other than the first grouping.
  - 11. The storage medium of claim 1, wherein the graphical representation further includes representations of each of the plurality of security events.
  - 12. The storage medium of claim 1, wherein each of the plurality of asset groupings is a distinct, user-defined asset grouping.
  - 13. The storage medium of claim 1, wherein each of the plurality of asset groupings corresponds to a range of IP addresses of assets in the particular computing system.
  - 14. The storage medium of claim 1, wherein the graphical representation is an interactive presentation and user interactions with one or more of the first and second graphical elements causes a view to be presented of details of the particular security event.
  - 15. The storage medium of claim 14, wherein the user interactions include a mouse-over of one or more of the first and second graphical elements.
  - 16. The storage medium of claim 14, wherein the user interactions include a selection of one or more of the first and second graphical elements.
  - 17. The storage medium of claim 1, wherein the graphical representation of the particular security event communicates a type of the particular security event.
  - 18. The storage medium of claim 17, wherein the graphical representation of the particular security event color-codes each of the first and second graphical elements according to the type of the particular security event, wherein the type of the particular security event is one of a plurality of security event types and each of the plurality of security event types is coded to a respective color.
  - 19. The storage medium of claim 1, wherein the first graphic element is a first type of graphic element representing targets of a security event and the second graphic element is a second, different type of security event representing sources of a security event.

20. A method comprising:
- identifying a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
  
  identifying that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;
  
  identifying a source of the particular security event, wherein the source is associated with at least one second computing device;
  
  associating the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
  
  generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
  
  a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.

21. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a geo-mapping engine, adapted when executed by the at least one processor device to;
  
  identify a particular security event detected in a particular computing system, the particular security event detected as targeting a particular computing device included in the particular computing system;
  
  identify that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;
  
  identify a source of the particular security event, wherein the source is associated with at least one second computing device;
  
  associate the source with at least one of a geographic location and a grouping of assets included in the plurality of asset groupings; and
  
  generate data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
  
  a first graphical element representing the particular grouping of network assets in which the particular computing device is included, and a second graphical element representing the source associated with the at least one of a geographic location and a grouping of assets included in the plurality of asset groupings, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing an association with a respective grouping of assets are presented outside the view of the geographic map.

22. A method comprising:
- identifying a particular security event detected in a particular computing system, the particular security event detected as involving a particular computing device included in the particular computing system and targeting at least one second computing device outside the computing system;
  
  identifying that a particular grouping of network assets in a plurality of asset groupings includes the particular computing device, wherein each of the plurality of asset groupings comprises a respective logical grouping of devices defined for the particular computing system;
  
  associating the second computing device with a geographic location; and
  
  generating data adapted to cause a graphical representation of the particular security event to be presented on a display device, the graphical representation including;
  
  a first graphical element representing the particular grouping of network assets as a source of the particular security event based on inclusion of the particular computing device in the particular grouping of network assets, and a second graphical element representing the second computing device associated with the geographic location and overlaid on a portion of a representation of a geographical map corresponding to the geographic location, wherein graphic elements representing an association with a respective graphical location are to be presented overlaid on a view of a geographic map and graphic elements representing a respective grouping of assets are presented outside the view of the geographic map.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Pearcy, Derek Patton, Heinrich, Jessica Anne, Gaskins, Jessica Jeanne
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US13/340,657
Publication Number

US 20130174259A1
Time in Patent Office

1,160 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 16/29   Geographical information da...

G06F 21/50   Monitoring users, programs ...

G06F 21/56   Computer malware detection ...

G06F 2221/034   Test or assess a computer o...

G06T 11/60   Editing figures and text; C...

H04L 41/00   Arrangements for maintenanc...

H04L 41/06   Management of faults, event...

H04L 41/0893   Assignment of logical group...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 67/52   specially adapted for the l...

Geo-mapping system security events

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

149 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Geo-mapping system security events

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

149 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links