Discovery and classification of enterprise assets via host characteristics
First Claim
Patent Images
1. A computer-implemented method for managing a plurality of computing assets, the method comprising:
- identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing;
for at least a first computing asset of the one or more of the computing assets;
identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset,identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, andassigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets;
receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and
prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once the computing asset has been classified, a monitoring system may use the assigned classifications to prioritize security incidents for review.
-
Citations
14 Claims
-
1. A computer-implemented method for managing a plurality of computing assets, the method comprising:
-
identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing; for at least a first computing asset of the one or more of the computing assets; identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset, identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, and assigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets; receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for managing a plurality of computing assets, the operation comprising:
-
identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing; for at least a first computing asset of the one or more of the computing assets; identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset, identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, and assigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets; receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system, comprising:
-
a processor; and a memory hosting an application, which, when executed on the processor, performs an operation for an operation for managing a plurality of computing assets, the operation comprising; identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing, for at least a first computing asset of the one or more of the computing assets; identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset, identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, and assigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets, receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period, and prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents. - View Dependent Claims (12, 13, 14)
-
Specification