Using imported data from security tools

US 9,118,706 B2
Filed: 06/29/2007
Issued: 08/25/2015
Est. Priority Date: 06/29/2007
Status: Active Grant

First Claim

Patent Images

1. A method performed by one or more processors, the method comprising:

creating, by the one or more processors, a project that includes one or more assessment criteria selected by a user from a plurality of assessment criteria;

obtaining, from a plurality of different network security tools associated with the one or more processors, assessment data associated with one or more network devices, for a particular assessment criterion of the one or more assessment criteria, wherein the assessment data includes a first data file in a first format and a second data file in a second format that differs from the first format, and a first unit of measurement and a second unit of measurement for the particular assessment criterion, wherein the first unit of measurement differs from the second unit of measurement;

normalizing, by the one or more processors, the assessment data including at least one of converting the first data file to the second format or converting the first unit of measurement to the second unit of measurement;

organizing, by the one or more processors, the normalized assessment data to form the project; and

providing a user interface utilized in outputting at least one of a report or an export file including the normalized assessment data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device may create a new project that includes criteria, import findings from a group of different network security tools into the new project based on the criteria, normalize the imported findings, and store the normalized findings.

Citations

21 Claims

1. A method performed by one or more processors, the method comprising:
- creating, by the one or more processors, a project that includes one or more assessment criteria selected by a user from a plurality of assessment criteria;
  
  obtaining, from a plurality of different network security tools associated with the one or more processors, assessment data associated with one or more network devices, for a particular assessment criterion of the one or more assessment criteria, wherein the assessment data includes a first data file in a first format and a second data file in a second format that differs from the first format, and a first unit of measurement and a second unit of measurement for the particular assessment criterion, wherein the first unit of measurement differs from the second unit of measurement;
  
  normalizing, by the one or more processors, the assessment data including at least one of converting the first data file to the second format or converting the first unit of measurement to the second unit of measurement;
  
  organizing, by the one or more processors, the normalized assessment data to form the project; and
  
  providing a user interface utilized in outputting at least one of a report or an export file including the normalized assessment data.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - scanning the one or more network devices, using the plurality of different network security tools, to produce the assessment data.
  - 3. The method of claim 1, wherein normalizing the assessment data includes:
    - rearranging fields of the first data file.
  - 4. The method of claim 1, wherein normalizing the assessment data includes:
    - recalibrating one or more fields of the first unit of measurement.

5. A method performed by one or more processors, the method comprising:
- receiving a request for a report associated with a stored project;
  
  retrieving normalized assessment data associated with the stored project, in response to receiving the request, the normalized assessment data being associated with one or more network devices and having been acquired, by a plurality of different network security tools associated with the one or more processors, in a plurality of different formats containing a plurality of different units of measurement for a particular assessment criterion, wherein the normalized assessment data comprises at least one of a common format or a single unit of measurement for the particular assessment criterion;
  
  filtering the normalized assessment data based on user-specified criteria, andproducing the report using the filtered normalized assessment data.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5, further comprising:
    - selectively appending documents, including user comments related to a portion of the normalized assessment data, to the portion of the normalized assessment data.
  - 7. The method of claim 6, wherein selectively appending documents includes:
    - appending screen shots, generated by user input, to the portion of the normalized assessment data.
  - 8. The method of claim 5, wherein the normalized assessment data includes a plurality of testing result findings, and wherein the method further comprising:
    - selectively marking fewer than all of the plurality of testing result findings in the normalized assessment data with a flag.
  - 9. The method of claim 5, further comprising:
    - modifying a severity level, corresponding to a first scale, associated with a particular testing result finding in the retrieved normalized assessment data, to correspond to a second scale indicative of the single unit of measurement.
  - 10. The method of claim 5, further comprising:
    - adding a network security tool to the plurality of different network security tools;
      
      using an import interface to import additional assessment data, with respect to the one or more network devices for the particular assessment criterion, from the additional network security tool; and
      
      associating the additional assessment data with the stored project.
  - 11. The method of claim 5, further comprising:
    - selectively granting and denying access privileges, associated with the stored project, to a plurality of users attempting to access the stored project.
  - 12. The method of claim 5, further comprising:
    - using the different network security tools to obtain a plurality of output files that contain pre-normalized assessment data.

13. A system comprising:
- a plurality of different network security tools to acquire assessment data for one or more network devices, wherein the acquired assessment data comprises a plurality of different formats containing a plurality of different units of measurement for a particular assessment criterion;
  
  at least one database; and
  
  a security assessment unit coupled to the at least one database and at least one hardware processor, the security assessment unit including;
  
  an import controller unit configured to;
  
  import the acquired assessment data from the plurality of different network security tools, andreconcile the acquired assessment data with respect to the plurality of different formats and the plurality of different units of measurement,a database interface controller unit configured to;
  
  store the reconciled assessment data in the at least one database, andretrieve the reconciled assessment data from the at least one database, anda presentation controller unit to;
  
  provide a view of a subset of the reconciled assessment data, the subset being specified by a user of the system and accessed through the database interface controller unit, andprovide a user interface utilized in creating a report or an export file associated with the reconciled assessment data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13, wherein the at least one database include at least one of:
    - a findings database that stores security findings;
      
      a project database that stores projects, each project including some of the imported reconciled assessment data; and
      
      an attachments database that includes electronic documents that are associated with the security findings.
  - 15. The system of claim 13, wherein the acquired assessment data includes information about hosts, ports, services, and vulnerabilities associated with the one or more network devices.
  - 16. The system of claim 13, wherein the import controller unit is to import data related to:
    - reachable hosts in a network;
      
      operating systems on the reachable hosts;
      
      vulnerability of web services;
      
      application services; and
      
      wireless networks.
  - 17. The system of claim 13, wherein the security assessment unit further includes:
    - a user controller unit to;
      
      receive user commands via the presentation controller unit;
      
      filter the reconciled assessment data, based on the user commands, provided by the database interface controller unit;
      
      provide the filtered reconciled assessment data to the presentation controller unit.
  - 18. The system of claim 17, wherein the user controller unit is further configured to allow an authorized user to:
    - mark select portions of the reconciled assessment data with flags;
      
      edit select portions of the reconciled assessment data; and
      
      remove select portions of the reconciled assessment data.
  - 19. The system of claim 17, wherein the user controller unit is further configured to allow an authorized user to:
    - append documents to the reconciled assessment data; and
      
      produce the report or the export file to include the appended documents.
  - 20. The system of claim 13, wherein the subset of the reconciled assessment data includes information for the presentation controller unit to provide the user interface for:
    - managing projects associated with the reconciled assessment data;
      
      analyzing hosts associated with the reconciled assessment data;
      
      analyzing vulnerabilities associated with the reconciled assessment data; and
      
      accessing a findings database in the databases associated with the reconciled assessment data.
  - 21. The system of claim 13, wherein the system further includes:
    - a first network device that includes the databases;
      
      a second network device that includes the security assessment unit; and
      
      a third network device that includes the plurality of different network security tools.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Atlassian US, Inc. (Atlassian Corporation)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Bianco, Scott V.
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
Baum, Ronald

Application Number

US11/772,078
Publication Number

US 20090007269A1
Time in Patent Office

2,979 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 63/20 for managing network securi...

Using imported data from security tools

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Using imported data from security tools

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links