Security actions for computing assets based on enrichment information
First Claim
1. A method of operating an advisement system to provide security actions in a computing environment comprising a plurality of assets, the method comprising:
- identifying a security incident for an asset in the computing environment;
identifying a criticality rating for the asset, wherein the criticality rating is based at least on data stored on the asset and an importance of the asset to one or more other assets in the computing environment;
obtaining enrichment information for the security incident from one or more internal or external sources;
identifying a severity rating for the security incident based on the enrichment information;
determining one or more security actions based on the enrichment information;
identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, wherein identifying the effects of the one or more security actions comprises determining whether the asset will be accessible to other assets for each of the one or more security actions;
identifying a subset of the one or more security actions to respond to the security incident based on the effects of the one or more security actions; and
initiating implementation of at least one security action in the subset of the one or more security actions in the computing environment.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.
79 Citations
18 Claims
-
1. A method of operating an advisement system to provide security actions in a computing environment comprising a plurality of assets, the method comprising:
-
identifying a security incident for an asset in the computing environment; identifying a criticality rating for the asset, wherein the criticality rating is based at least on data stored on the asset and an importance of the asset to one or more other assets in the computing environment; obtaining enrichment information for the security incident from one or more internal or external sources; identifying a severity rating for the security incident based on the enrichment information; determining one or more security actions based on the enrichment information; identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, wherein identifying the effects of the one or more security actions comprises determining whether the asset will be accessible to other assets for each of the one or more security actions; identifying a subset of the one or more security actions to respond to the security incident based on the effects of the one or more security actions; and initiating implementation of at least one security action in the subset of the one or more security actions in the computing environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus to provide security actions in a computing environment comprising a plurality of assets, the apparatus comprising:
-
one or more non-transitory computer readable media; processing instructions stored on the one or more non-transitory computer readable media that, when executed by a processing system, direct the processing system to; identify a security incident for an asset in the computing environment; identify a criticality rating for the asset, wherein the criticality rating is based at least on data stored on the asset and an importance of the asset to one or more other assets in the computing environment; obtain enrichment information for the security incident from one or more internal or external sources; identify a severity rating for the security incident based on the enrichment information; determine one or more security actions based on the enrichment information; identify effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, wherein identifying the effects of the one or more security actions comprises determining whether the asset will be accessible to other assets for each of the one or more security actions; identify a subset of the one or more security actions to respond to the security incident based on the effects of the one or more security actions; and initiate implementation of at least one security action in the subset of the one or more security actions in the computing environment. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification