Discovery and classification of enterprise assets via host characteristics

US 9,830,458 B2
Filed: 04/25/2014
Issued: 11/28/2017
Est. Priority Date: 04/25/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing a plurality of computing assets, the method comprising:

identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing;

for at least a first computing asset of the one or more of the computing assets;

identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset,identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, andassigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets;

receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and

prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are presented herein for classifying a variety of enterprise computing resources based on asset characteristics. In particular, a computing asset, e.g., a server, may be classified based on any digital certificates provisioned on that server. That is, the properties of a digital certificate may be used to determine a measure of business value or importance of a server (or data hosted on that server). Once the computing asset has been classified, a monitoring system may use the assigned classifications to prioritize security incidents for review.

33 Citations

View as Search Results

14 Claims

1. A computer-implemented method for managing a plurality of computing assets, the method comprising:
- identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing;
  
  for at least a first computing asset of the one or more of the computing assets;
  
  identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset,identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, andassigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets;
  
  receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and
  
  prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, wherein the configuration attributes include a network configuration of the computing asset.
  - 3. The computer-implemented method of claim 1, wherein the attributes associated with the digital certificate include at least one of a key size, a supported encryption algorithm, an issuing certificate authority, and use flags specified in the digital certificate.
  - 4. The computer-implemented method of claim 1, wherein the computing asset comprises a computing server hosting one or more applications.
  - 5. The computer-implemented method of claim 1, wherein the security incidents are recorded in an event database by one or more systems configured to monitor the plurality of computing assets.

6. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, performs an operation for managing a plurality of computing assets, the operation comprising:
- identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing;
  
  for at least a first computing asset of the one or more of the computing assets;
  
  identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset,identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, andassigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets;
  
  receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period; and
  
  prioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory computer-readable storage medium of claim 6, wherein the configuration attributes include a network configuration of the computing asset.
  - 8. The non-transitory computer-readable storage medium of claim 6, wherein the attributes associated with the digital certificate include at least one of a key size, a supported encryption algorithm, an issuing certificate authority, and use flags specified in the digital certificate.
  - 9. The non-transitory computer-readable storage medium of claim 6, wherein the computing asset comprises a computing server hosting one or more applications.
  - 10. The non-transitory computer-readable storage medium of claim 6, wherein the security incidents are recorded in an event database by one or more systems configured to monitor the plurality of computing assets.

11. A system, comprising:
- a processor; and
  
  a memory hosting an application, which, when executed on the processor, performs an operation for an operation for managing a plurality of computing assets, the operation comprising;
  
  identifying a plurality of computing assets of an enterprise network from a list of network addresses associated with each respective computing asset by probing each network address for digital certificate information presented by the respective computing asset in response to the probing,for at least a first computing asset of the one or more of the computing assets;
  
  identifying, by operation of at least one computer processor, one or more attributes associated with a digital certificate installed on the first computing asset,identifying one or more configuration attributes of the first computing asset, wherein the one or more configuration attributes include a plurality of network addresses configured on the first computing asset, an indication of whether the plurality of network addresses are reachable outside of the enterprise network, an indication of applications and operating systems installed on the first computing asset, and naming conventions associated with the first asset, andassigning a classification to the first computing asset based on the attributes of the identified digital certificate and based on the configuration attributes of the computing asset, wherein the classification is used to prioritize security incidents occurring on the plurality of computing assets,receiving one or more security incidents for a set of the one or more computing assets, wherein the set is restricted to a first assigned classification of the one or more computing assets, and wherein the one or more security incidents occurred over a specified time period, andprioritizing the one or more security incidents based on the first assigned classification and an underlying event associated with each of the one or more security incidents.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein the configuration attributes include a network configuration of the computing asset.
  - 13. The system of claim 11, wherein the attributes associated with the digital certificate include at least one of a key size, a supported encryption algorithm, an issuing certificate authority, and use flags specified in the digital certificate.
  - 14. The system of claim 11, wherein the computing asset comprises a computing server hosting one or more applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
McBride, Kevin, Liu, Quentin, Veladanda, Hari, Tomic, George, Ashley, Peter
Primary Examiner(s)
DOAN, TRANG T

Application Number

US14/262,349
Publication Number

US 20150310215A1
Time in Patent Office

1,313 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06Q 10/06   Resources, workflows, human...

Discovery and classification of enterprise assets via host characteristics

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Discovery and classification of enterprise assets via host characteristics

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links