Assessing security control quality and state in an information technology infrastructure
First Claim
1. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to:
- display a user interface that indicates the number of assets in an information technology (IT) infrastructure that have been discovered by one or more different security controls tools,wherein the user interface includes at least a first visual representation corresponding to a first security control and a second visual representation corresponding to a second security control, the first visual representation partially overlapping with the second visual representation and thereby forming a non-overlapping portion of the first visual representation, a non-overlapping portion of the second visual representation, and an overlapping portion of both the first visual representation and the second visual representation, andwherein the user interface further displays data in each of the non-overlapping portion of the first visual representation, the non-overlapping portion of the second visual representation, and the overlapping portion of both the first visual representation and the second visual representation,the data in the non-overlapping portion of the first visual representation indicating the number of assets in the IT infrastructure that are being monitored by the first security control, the data in the non-overlapping portion of the second visual representation indicating the number of assets in the IT infrastructure that are being monitored by the second security control,the data in the overlapping portion of both the first visual representation and the second representation indicating the number of assets in the IT infrastructure that are monitored by both the first security control and the second security control, andwherein the user interface further includes a separate visual representation that is separate from the first visual representation and the second visual representation and that displays a number specifying the total number of assets in the IT infrastructure that have been discovered but that are not currently monitored by any of the first security control or the second security control,wherein the first visual representation is for one of a vulnerability assessment security control, a policy compliance security control, a change data security control, or a log event data security control, andwherein the second visual representation is for a different security control than the first visual representation and is for one of the vulnerability assessment security control, the policy compliance security control, the change data security control, or the log event data security control.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from one or more security control tools, such as a security configuration management tool, a vulnerability management tool, an event logging tool, or other IT infrastructure security or monitoring tool that is used to monitor, secure, and/or control assets in an IT infrastructure. For example, in some embodiments, user interfaces are disclosed that allow a user to quickly view, filter, and evaluate the degree of security control coverage in selected assets of an enterprise. In further embodiments, user interfaces are disclosed that allow a user to view and evaluate the current security state for selected assets in across a variety of categories and, in some cases, as guided by a two-dimensional vulnerability risk matrix.
-
Citations
16 Claims
-
1. One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to:
-
display a user interface that indicates the number of assets in an information technology (IT) infrastructure that have been discovered by one or more different security controls tools, wherein the user interface includes at least a first visual representation corresponding to a first security control and a second visual representation corresponding to a second security control, the first visual representation partially overlapping with the second visual representation and thereby forming a non-overlapping portion of the first visual representation, a non-overlapping portion of the second visual representation, and an overlapping portion of both the first visual representation and the second visual representation, and wherein the user interface further displays data in each of the non-overlapping portion of the first visual representation, the non-overlapping portion of the second visual representation, and the overlapping portion of both the first visual representation and the second visual representation, the data in the non-overlapping portion of the first visual representation indicating the number of assets in the IT infrastructure that are being monitored by the first security control, the data in the non-overlapping portion of the second visual representation indicating the number of assets in the IT infrastructure that are being monitored by the second security control, the data in the overlapping portion of both the first visual representation and the second representation indicating the number of assets in the IT infrastructure that are monitored by both the first security control and the second security control, and wherein the user interface further includes a separate visual representation that is separate from the first visual representation and the second visual representation and that displays a number specifying the total number of assets in the IT infrastructure that have been discovered but that are not currently monitored by any of the first security control or the second security control, wherein the first visual representation is for one of a vulnerability assessment security control, a policy compliance security control, a change data security control, or a log event data security control, and wherein the second visual representation is for a different security control than the first visual representation and is for one of the vulnerability assessment security control, the policy compliance security control, the change data security control, or the log event data security control.
-
-
2. The one or more non-transitory computer-readable media of claim 1, wherein the user interface further comprises an asset attribute filtering section displaying one or more attributes of the assets in the IT infrastructure that have been discovered by the one or more different security controls tools, and wherein the method further comprises allowing a user to select or de-select one or more attributes and to thereby filter the data displayed in the first, second, and separate visual representations to display data only for a selected one or more of the attributes.
-
3. The one or more non-transitory computer-readable media of claim 1, wherein the user interface further comprises a security control filtering section displaying one or more characteristics of the first security control and one or more characteristics of the second security control, and wherein the method further comprises allowing a user to select or de-select one or more characteristics of the first and second security controls and to thereby filter the data displayed in the first, second, and separate visual representations to display data only for a selected one or more of the characteristics.
-
4. The one or more non-transitory computer-readable media of claim 1, wherein the user interface further comprises a third visual representation corresponding to a third security control, and a fourth visual representation corresponding to a fourth security control,
wherein the user interface includes an overlapping portion between all of the first visual representation, the second visual representation, the third visual representation, and the fourth visual representation, and wherein the data in the overlapping portion between all of the first visual representation, the second visual representation, the third visual representation, and the fourth visual representation indicates the number of assets in the IT infrastructure that are being monitored by all of the first security control, the second security control, the third security control, and the fourth security control.
-
5. The one or more non-transitory computer-readable media of claim 4, wherein the first visual representation is for a vulnerability assessment security control, the second visual representation is for a policy compliance security control, the third visual representation is for a change data security control, and the fourth visual representation is for a log event data security control.
-
6. The one or more non-transitory computer-readable media of claim 5, wherein the first visual representation and the second visual representation overlapping with the first visual representation are circular visual representations.
-
7. The one or more non-transitory computer-readable media of claim 5, wherein the data in at least one of the non-overlapping portion of the first visual representation, the non-overlapping portion of the second visual representation, or the overlapping portion of both the first visual representation and the second representation includes a graph showing a history of the data in the respective portion over a period of time.
-
8. The method of claim 5, wherein the user interface further comprises an asset attribute filtering section displaying one or more attributes of the assets in the IT infrastructure that have been discovered by the one or more different security controls tools, and wherein the method further comprises allowing a user to select or de-select one or more attributes and to thereby filter the data displayed in the first, second, and separate visual representations to display data only for a selected one or more of the attributes.
-
9. The method of claim 5, wherein the user interface further comprises a security control filtering section displaying one or more characteristics of the first security control and one or more characteristics of the second security control, and wherein the method further comprises allowing a user to select or de-select one or more characteristics of the first and second security controls and to thereby filter the data displayed in the first, second, and separate visual representations to display data only for a selected one or more of the characteristics.
-
10. The method of claim 5, wherein the user interface further comprises a third visual representation corresponding to a third security control, and a fourth visual representation corresponding to a fourth security control,
wherein the user interface includes an overlapping portion between all of the first visual representation, the second visual representation, the third visual representation, and the fourth visual representation, and wherein the data in the overlapping portion between all of the first visual representation, the second visual representation, the third visual representation, and the fourth visual representation indicates the number of assets in the IT infrastructure that are being monitored by all of the first security control, the second security control, the third security control, and the fourth security control.
-
11. A system, comprising:
-
a computer processor; and a memory, the memory storing instructions which when executed by the processor cause the processor to; display a user interface that indicates the number of assets in an information technology (IT) infrastructure that have been discovered by one or more different security controls tools, wherein the user interface includes at least a first visual representation corresponding to a first security control and a second visual representation corresponding to a second security control, the first visual representation partially overlapping with the second visual representation and thereby forming a non-overlapping portion of the first visual representation, a non-overlapping portion of the second visual representation, and an overlapping portion of both the first visual representation and the second representation, wherein the user interface further displays data in each of the non-overlapping portion of the first visual representation, the non-overlapping portion of the second visual representation, and the overlapping portion of both the first visual representation and the second representation, the data in the non-overlapping portion of the first visual representation indicating the number of assets in the IT infrastructure that are being monitored by the first security control, the data in the non-overlapping portion of the second visual representation indicating the number of assets in the IT infrastructure that are being monitored by the second security control, the data in the overlapping portion of both the first visual representation and the second representation indicating the number of assets in the IT infrastructure that are monitored by both the first security control and the second security control, and wherein the user interface further includes a separate visual representation that is separate from the first visual representation and the second visual representation and that displays a number specifying the total number of assets in the IT infrastructure that have been discovered but that are not currently monitored by any of the first security control or the second security control, wherein the user interface further comprises an asset attribute filtering section displaying one or more attributes of the assets in the IT infrastructure that have been discovered by the one or more different security controls tools and a security control filtering section displaying one or more characteristics of the first security control and one or more characteristics of the second security control, and wherein the method further comprises; allowing a user to select or de-select one or more attributes and to thereby filter the data displayed in the first, second, and separate visual representations to display data only for a selected one or more of the attributes, and allowing the user to select or de-select one or more characteristics of the first and second security controls are selectable or de-selectable and to thereby filter the data displayed in the first, second, and separate visual representations to display data only for a selected one or more characteristics.
-
-
12. The system of claim 11, wherein the user interface further comprises a third visual representation corresponding to a third security control and a fourth visual representation corresponding to a fourth security control,
wherein the user interface includes an overlapping portion between all of the first visual representation, the second visual representation, the third visual representation, and the fourth visual representation, and wherein the data in the overlapping portion between all of the first visual representation, the second visual representation, the third visual representation, and the fourth visual representation indicates the number of assets in the IT infrastructure that are being monitored by all of the first security control, the second security control, the third security control, and the fourth security control.
-
13. A method, comprising:
-
displaying a user interface that indicates the number of assets in an information technology (IT) infrastructure that have been discovered by one or more different security controls tools, wherein the user interface includes at least a first visual representation corresponding to a first security control and a second visual representation corresponding to a second security control, the first visual representation partially overlapping with the second visual representation and thereby forming a non-overlapping portion of the first visual representation, a non-overlapping portion of the second visual representation, and an overlapping portion of both the first visual representation and the second visual representation, and wherein the user interface further displays data in each of the non-overlapping portion of the first visual representation, the non-overlapping portion of the second visual representation, and the overlapping portion of both the first visual representation and the second visual representation, the data in the non-overlapping portion of the first visual representation indicating the number of assets in the IT infrastructure that are being monitored by the first security control, the data in the non-overlapping portion of the second visual representation indicating the number of assets in the IT infrastructure that are being monitored by the second security control, the data in the overlapping portion of both the first visual representation and the second representation indicating the number of assets in the IT infrastructure that are monitored by both the first security control and the second security control, and wherein the user interface further includes a separate visual representation that is separate from the first visual representation and the second visual representation and that displays a number specifying the total number of assets in the IT infrastructure that have been discovered but that are not currently monitored by any of the first security control or the second security control, wherein the first visual representation is for one of a vulnerability assessment security control, a policy compliance security control, a change data security control, or a log event data security control, and wherein the second visual representation is for a different security control than the first visual representation and is for one of the vulnerability assessment security control, the policy compliance security control, the change data security control, or the log event data security control.
-
-
14. The method of claim 10, wherein the first visual representation is for a vulnerability assessment security control, the second visual representation is for a policy compliance security control, the third visual representation is for a change data security control, and the fourth visual representation is for a log event data security control.
-
15. The method of claim 13, wherein the first visual representation and the second visual representation overlapping with the first visual representation are circular visual representations.
-
16. The method of claim 13, wherein the data in at least one of the non-overlapping portion of the first visual representation, the non-overlapping portion of the second visual representation, or the overlapping portion of both the first visual representation and the second representation includes a graph showing a history of the data in the respective portion over a period of time.
Specification