Analytics engine
First Claim
1. A method implemented at least in part by a computer, the method comprising:
- receiving dependency data that indicates dependencies among security components, a security component having a dependency on another security component if the security component uses output data generated by the other security component, the security components including a sensor;
receiving an indication that input data related to security has been received at the sensor;
executing the sensor to produce output data based on the input data, the executing of the sensor including, based at least in part on the dependency data, determining a set of the security components to execute and an order in which to execute the security components of the set, the set including the sensor;
providing the output data produced by the sensor to a rule, the rule being separate from the sensor;
evaluating the rule to produce a first candidate assessment comprising a proposed assessment regarding security of a computer-related asset, the first candidate assessment including a first fidelity;
generating by a consolidator a consolidated assessment regarding security of the computer-related asset by evaluating a plurality of proposed assessments comprising the first candidate assessment and a second candidate assessment regarding security of the computer-related asset, the second candidate assessment including a second fidelity and the first candidate assessment, second candidate assessment and consolidated assessment representing three security assessments of the same computer-related asset; and
providing output data from a first security component of the set of the security components to one or more other security components of the set that depend from the first security component.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.
12 Citations
18 Claims
-
1. A method implemented at least in part by a computer, the method comprising:
-
receiving dependency data that indicates dependencies among security components, a security component having a dependency on another security component if the security component uses output data generated by the other security component, the security components including a sensor; receiving an indication that input data related to security has been received at the sensor; executing the sensor to produce output data based on the input data, the executing of the sensor including, based at least in part on the dependency data, determining a set of the security components to execute and an order in which to execute the security components of the set, the set including the sensor; providing the output data produced by the sensor to a rule, the rule being separate from the sensor; evaluating the rule to produce a first candidate assessment comprising a proposed assessment regarding security of a computer-related asset, the first candidate assessment including a first fidelity; generating by a consolidator a consolidated assessment regarding security of the computer-related asset by evaluating a plurality of proposed assessments comprising the first candidate assessment and a second candidate assessment regarding security of the computer-related asset, the second candidate assessment including a second fidelity and the first candidate assessment, second candidate assessment and consolidated assessment representing three security assessments of the same computer-related asset; and providing output data from a first security component of the set of the security components to one or more other security components of the set that depend from the first security component. - View Dependent Claims (2, 3, 4, 5, 11, 12, 13)
-
-
6. In a computing environment, an apparatus, comprising:
-
a sensor operable to receive input data related to computer security and to provide output data in response thereto; a rule component operable to receive the output data and to generate a first candidate assessment comprising a proposed assessment based at least in part on the output data, the first candidate assessment including a first fidelity; a consolidator operable to determine a consolidated assessment by evaluating a plurality of proposed assessments comprising the first candidate assessment and a second candidate assessment including a second fidelity, the first candidate assessment, second candidate assessment and consolidated assessment representing three security assessments of the same computer-related asset; and a realizer operable to publish the consolidated assessment to an assessments store, making the consolidated assessment a public assessment; and a dependency unit configured to receive dependency data that indicates dependencies among security components, a security component having a dependency on another security component if the security component uses output data generated by the other security component, the sensor being one of the security components, the dependency unit being further configured to, based at least in part on the dependency data, determine a set of the security components to execute and an order in which to execute the security components of the set and to provide output data from a first security component of the set to one or more other security components of the set that depend on the first security component, the order including having two of the security components execute in parallel, the two security components not depending on each other directly or indirectly, the order further including having a first one or more other security components of the set that depend on the first security component execute after the first security component executes, each security component generating output data based solely on input data and logic included in the security component, the dependency unit being further configured to wait to execute a second security component until all security components upon which the second security component depends have completed execution. - View Dependent Claims (7, 8, 9, 10, 14)
-
-
15. A computer-readable storage device having computer-executable instructions recorded thereon, which when executed by at least one processor perform actions, the actions comprising:
-
receiving dependency data that indicates dependencies among security components, a security component having a dependency on another security component if the security component uses output data generated by the other security component, the security components including a sensor; receiving an indication that input data related to security has been received at the sensor; executing the sensor to produce output data based on the input data, the executing of the sensor including, based at least in part on the dependency data, determining a set of the security components to execute and an order in which to execute the security components of the set, the set including the sensor; providing the output data produced by the sensor to a rule, the rule being separate from the sensor; evaluating the rule to produce a first candidate assessment comprising a proposed assessment regarding security of a computer-related asset, the first candidate assessment including a first fidelity; generating by a consolidator a consolidated assessment regarding security of the computer-related asset by evaluating a plurality of proposed assessments comprising the first candidate assessment and a second candidate assessment regarding security of the computer-related asset, the second candidate assessment including a second fidelity, the consolidated assessment including a third fidelity that is different from at least one of the first fidelity and the second fidelity and the first candidate assessment, second candidate assessment and consolidated assessment representing three security assessments of the same computer-related asset; and providing output data from a first security component of the set of security components to one or more other security components of the set that depends from the first security component. - View Dependent Claims (16, 17, 18)
-
Specification