Automated asset criticality assessment

US 9,954,883 B2
Filed: 12/18/2012
Issued: 04/24/2018
Est. Priority Date: 12/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a set of attributes of a particular asset of a computing environment determined from data collected by one or more utilities in the computing environment, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users;

determining that a criticality rating value does not exist for the particular asset based on an event involving the particular asset;

automatically determining, using at least one processor device, the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset;

calculating a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and

causing a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset.

118 Citations

View as Search Results

25 Claims

1. A method comprising:
- identifying a set of attributes of a particular asset of a computing environment determined from data collected by one or more utilities in the computing environment, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users;
  
  determining that a criticality rating value does not exist for the particular asset based on an event involving the particular asset;
  
  automatically determining, using at least one processor device, the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset;
  
  calculating a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and
  
  causing a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the data is collected using an agent deployed on a computing device of the particular asset.
  - 3. The method of claim 2, wherein the particular asset includes one of a data structure and an application hosted on the computing device.
  - 4. The method of claim 2, wherein the particular asset includes the computing device.
  - 5. The method of claim 1, wherein the data is collected using utilities remote from the particular asset.
  - 6. The method of claim 5, wherein the utilities include at least one of security tools of the computing environment and network elements of the computing environment.
  - 7. The method of claim 5, wherein the data is collected from both the remote utilities and a local agent deployed on a computing device of the particular asset.
  - 8. The method of claim 1, wherein the set of attributes includes a type of content stored in connection with the particular asset.
  - 9. The method of claim 1, wherein the set of attributes includes a type of application associated with the particular asset.

10. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a set of attributes of a particular asset of a computing environment determined from data collected by one or more utilities in the computing environment, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users;
  
  determine that a criticality rating value does not exist for the particular asset based on an event involving the particular asset;
  
  automatically determine the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset;
  
  calculate a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and
  
  cause a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 11. The storage medium of claim 10, wherein causing the security activity to be performed includes determining a priority for the security activity based on the automatically determined criticality rating value.
  - 12. The storage medium of claim 10, wherein automatically determining the criticality rating value includes determining whether the set of attributes corresponds to a set of pre-defined characteristics evidencing criticality of the particular asset.
  - 13. The storage medium of claim 12, wherein automatically determining the criticality rating value includes executing a set of checks on the particular asset, wherein each check in the set of checks is used to determine whether assets include attributes corresponding to one or more particular characteristics in the set of characteristics.
  - 14. The storage medium of claim 10, wherein the data includes network data indicating monitored communications over a network relating to the particular asset.
  - 15. The storage medium of claim 14, wherein the set of attributes includes an amount of traffic over the network relating to the particular asset.
  - 16. The storage medium of claim 14, wherein the set of attributes includes identification of a computing environment user originating one or more of the monitored communications.
  - 17. The storage medium of claim 14, wherein the set of attributes includes a role of the particular asset determined from the monitored communications.
  - 18. The storage medium of claim 14, wherein the set of attributes includes a type of content included in the monitored communications.
  - 19. The storage medium of claim 10, wherein the set of attributes includes a status of the particular asset relating to how the particular asset is deployed within the computing environment.
  - 20. The storage medium of claim 10, wherein the set of attributes includes identification of a particular computing environment user associated with the particular asset.
  - 21. The storage medium of claim 10, wherein the set of attributes includes security protections deployed in connection with the particular asset.
  - 22. The storage medium of claim 21, wherein the security protections include at least one of data loss prevention, change control policies, and access control.

23. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a criticality assessment engine configured when executed by the at least one processor device to;
  
  identify data collected by one or more utilities in a computing environment, the collected data pertaining to a particular asset of the computing environment;
  
  identify from the collected data, a set of attributes of the particular asset, wherein the set of attributes identifies one or more users associated with the particular asset and a context of use of the asset by the one or more users;
  
  determine that a criticality rating value does not exist for the particular asset based on an event involving the particular asset;
  
  automatically determine the criticality rating value for the particular asset based at least in part on the one or more associated users and the context of use, wherein the criticality rating value indicates an impact of damage to or loss of the particular asset, and the criticality rating value is determined in response to the event involving the particular asset;
  
  calculate a risk measure for the particular asset from the determined criticality rating value, vulnerability detection data identifying vulnerabilities of the particular asset, and countermeasure detection data identifying countermeasures deployed on the particular asset; and
  
  cause a security activity to be performed relating to the particular asset based at least in part on the calculated risk measure for the particular asset.
- View Dependent Claims (24, 25)
- - 24. The system of claim 23, further comprising the one or more utilities, the utilities including at least one agent deployed on a computing device of the asset and at least one utility deployed remote from the computing device.
  - 25. The system of claim 23, further comprising a set of checks, each check adapted to determine whether assets include attributes corresponding to one or more particular characteristics identified as evidencing criticality.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Ahuja, Ratinder Paul Singh, Schrecker, Sven
Primary Examiner(s)
Parsons, Theodore C

Application Number

US13/718,970
Publication Number

US 20140173739A1
Time in Patent Office

1,953 Days
Field of Search

726 22, 726 25, 709224
US Class Current
CPC Class Codes

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Automated asset criticality assessment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Automated asset criticality assessment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links