Automated asset criticality assessment
First Claim
Patent Images
1. A method comprising:
- identifying a set of attributes of a particular asset of a computing environment determined from data collected by one or more utilities in the computing environment, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users;
determining that a criticality rating value does not exist for the particular asset based on an event involving the particular asset;
automatically determining, using at least one processor device, the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset;
calculating a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and
causing a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset.
4 Assignments
0 Petitions
Accused Products
Abstract
A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.
118 Citations
25 Claims
-
1. A method comprising:
-
identifying a set of attributes of a particular asset of a computing environment determined from data collected by one or more utilities in the computing environment, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users; determining that a criticality rating value does not exist for the particular asset based on an event involving the particular asset; automatically determining, using at least one processor device, the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset; calculating a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and causing a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify a set of attributes of a particular asset of a computing environment determined from data collected by one or more utilities in the computing environment, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users; determine that a criticality rating value does not exist for the particular asset based on an event involving the particular asset; automatically determine the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset; calculate a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and cause a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A system comprising:
-
at least one processor device; at least one memory element; and a criticality assessment engine configured when executed by the at least one processor device to; identify data collected by one or more utilities in a computing environment, the collected data pertaining to a particular asset of the computing environment; identify from the collected data, a set of attributes of the particular asset, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users; determine that a criticality rating value does not exist for the particular asset based on an event involving the particular asset; automatically determine the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset; calculate a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and cause a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset. - View Dependent Claims (24, 25)
-
Specification