Advanced asset tracking and correlation
First Claim
1. A security management system for tracking a plurality of assets in a network using a plurality of attributes, the security management system comprising:
- an asset database operable to store a plurality of asset entries, wherein one or more of the plurality of asset entries have asset entry values for at least one of the plurality of attributes; and
an asset correlation engine in communication with the asset database, the asset correlation engine operable to receive a data chunk associated with a target asset included in the plurality of assets;
wherein the asset correlation engine is further operable to parse the data chunk to determine data chunk values for at least one of the plurality of attributes;
wherein the asset correlation engine is further operable to scan the asset database using the data chunk values and a correlation metric to find a matching asset entry that corresponds with the target asset, thereby determining that the data chunk is associated with the target asset;
wherein the asset correlation engine is further operable to determine asset scores for at least some of the plurality of asset entries using the correlation metric, andwherein the asset correlation engine finds the matching asset entry by comparing the asset scores;
wherein the correlation metric comprises a plurality of attribute weights corresponding to the plurality of attributes,wherein at least some of the plurality of attributes weights are used to calculate the asset scores,wherein the plurality of attributes comprises a strongly correlated attribute and a loosely correlated attribute, andwherein the strongly correlated attribute has a larger attribute weight than the loosely correlated attribute; and
wherein the plurality of attributes further comprises a moderately correlated attribute having an attribute weight that is smaller than that of the strongly correlated attribute and larger than that of the loosely correlated attribute,wherein the attribute weight of the highly correlated attribute is 1.5 to 40 times as large as the attribute weight of the moderately correlated attribute; and
wherein the attribute weight of the moderately correlated attribute is 1.5 to 25 times as large as the attribute weight of the loosely correlated attribute.
1 Assignment
0 Petitions
Accused Products
Abstract
A security management system may be remotely deployed (e.g., using a cloud-based architecture) to add security to an enterprise network. For example, the security management system may scan assets within the enterprise network for vulnerabilities and may receive data chunks from these scans. The security management system may also receive data chunks from other sources, and, as a result, the system may handle data chunks having many different formats and attributes. When the security management system tries to associate data chunks to assets, there may not be a globally unique identifier that is applicable for all received data chunks. Provided in the present disclosure are exemplary techniques for tracking assets across a network using an asset correlation engine that can flexibly match data chunks to assets based on the attribute or attributes that are available within the data chunks.
-
Citations
14 Claims
-
1. A security management system for tracking a plurality of assets in a network using a plurality of attributes, the security management system comprising:
-
an asset database operable to store a plurality of asset entries, wherein one or more of the plurality of asset entries have asset entry values for at least one of the plurality of attributes; and an asset correlation engine in communication with the asset database, the asset correlation engine operable to receive a data chunk associated with a target asset included in the plurality of assets; wherein the asset correlation engine is further operable to parse the data chunk to determine data chunk values for at least one of the plurality of attributes; wherein the asset correlation engine is further operable to scan the asset database using the data chunk values and a correlation metric to find a matching asset entry that corresponds with the target asset, thereby determining that the data chunk is associated with the target asset; wherein the asset correlation engine is further operable to determine asset scores for at least some of the plurality of asset entries using the correlation metric, and wherein the asset correlation engine finds the matching asset entry by comparing the asset scores; wherein the correlation metric comprises a plurality of attribute weights corresponding to the plurality of attributes, wherein at least some of the plurality of attributes weights are used to calculate the asset scores, wherein the plurality of attributes comprises a strongly correlated attribute and a loosely correlated attribute, and wherein the strongly correlated attribute has a larger attribute weight than the loosely correlated attribute; and wherein the plurality of attributes further comprises a moderately correlated attribute having an attribute weight that is smaller than that of the strongly correlated attribute and larger than that of the loosely correlated attribute, wherein the attribute weight of the highly correlated attribute is 1.5 to 40 times as large as the attribute weight of the moderately correlated attribute; and
wherein the attribute weight of the moderately correlated attribute is 1.5 to 25 times as large as the attribute weight of the loosely correlated attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for tracking a plurality of assets in a network using a plurality of attributes, the method comprising:
-
storing, by an asset database, a plurality of asset entries, wherein one or more of the plurality of asset entries have asset entry values for at least one of the plurality of attributes; receiving, by an asset correlation engine in communication with the asset database, a data chunk associated with a target asset included in the plurality of assets; parsing, by the asset correlation engine, the data chunk to determine data chunk values for at least one of the plurality of attributes; and scanning, by the asset correlation engine, the asset database using the data chunk values and a correlation metric to find a matching asset entry that corresponds with the target asset, thereby determining that the data chunk is associated with the target asset, determining, by the asset correlation engine, asset scores for at least some of the plurality of asset entries using the correlation metric; and finding, by the asset correlation engine, the matching asset entry by comparing the asset scores; wherein the correlation metric comprises a plurality of attribute weights corresponding to the plurality of attributes, wherein at least some of the plurality of attributes weights are used to calculate the asset scores, wherein the plurality of attributes comprises a strongly correlated attribute and a loosely correlated attribute, and wherein the strongly correlated attribute has a larger attribute weight than the loosely correlated attribute; and wherein the plurality of attributes further comprises a moderately correlated attribute having an attribute weight that is smaller than that of the strongly correlated attribute and larger than that of the loosely correlated attribute, wherein the attribute weight of the highly correlated attribute is 1.5 to 40 times as large as the attribute weight of the moderately correlated attribute; and
wherein the attribute weight of the moderately correlated attribute is 1.5 to 25 times as large as the attribute weight of the loosely correlated attribute. - View Dependent Claims (13, 14)
-
Specification