Systems and methods for creating and modifying access control lists
First Claim
Patent Images
1. A computer-implemented method comprising:
- collecting, by a computer system, data from a plurality of different types of sources on a network;
identifying, by the computer system based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network;
presenting to a user interface, a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset;
receiving, by the computer system via the user interface, input from a user that includes;
a selection of a service from the one or more services; and
a selection permitting or rejecting access to the selected service by the client network asset; and
in response to the input from the user, modifying access to the selected service by the client network asset over the network.
7 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure can present information on services hosted and used by various assets on a network, and allow users to control access to such services. In particular, embodiments of the disclosure may be used to present one or more services hosted by a network asset, and control access to such services by other network assets based on user input.
-
Citations
19 Claims
-
1. A computer-implemented method comprising:
-
collecting, by a computer system, data from a plurality of different types of sources on a network; identifying, by the computer system based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network; presenting to a user interface, a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset;receiving, by the computer system via the user interface, input from a user that includes; a selection of a service from the one or more services; and a selection permitting or rejecting access to the selected service by the client network asset; and in response to the input from the user, modifying access to the selected service by the client network asset over the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A tangible, non-transitory computer-readable medium storing instructions that, when executed, cause a computer system to:
-
collect data from a plurality of different types of sources on a network; identify, based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network; present a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset;receive, via the user interface, input from a user that includes; a selection of a service from the one or more services; and a selection permitting or rejecting access to the selected service by the client network asset; and in response to the input from the user, modify access to the selected service by the client network asset over the network.
-
-
19. A computer system comprising:
-
a processor; and memory in communication with the processor and storing instructions that, when executed by the processor, cause the computer system to; collect data from a plurality of different types of sources on a network; identify, based on the collected data, one or more services provided by a host network asset for use by a client network asset over the network; present a graphical representation that includes representations of;
the host network asset, the client network asset, the one or more services, and a flow information graph visually indicating a security vulnerability associated with one or more of the host network asset and the client network asset;receive, via the user interface, input from a user that includes; a selection of a service from the one or more services; and a selection permitting or rejecting access to the selected service by the client network asset; and in response to the input from the user, modify access to the selected service by the client network asset over the network.
-
Specification