SECURITY INFRASTRUCTURE

US 20100097213A1
Filed: 12/26/2009
Published: 04/22/2010
Est. Priority Date: 12/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method for operating a security infrastructure, comprising:

receiving data in response to a first event in the security infrastructure;

formatting the data into an event-message having a common format within the security infrastructure; and

distributing the event-message to at least one processing entity of a plurality processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept informed based on notification subscription lists. Assigned security personnel'"'"'s progress in resolving outstanding security issues is monitored until those issues are resolved.

23 Citations

View as Search Results

20 Claims

1. A method for operating a security infrastructure, comprising:
- receiving data in response to a first event in the security infrastructure;
  
  formatting the data into an event-message having a common format within the security infrastructure; and
  
  distributing the event-message to at least one processing entity of a plurality processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - searching a ticket repository for one or more associated tickets that are associated with the event-message if the event-message corresponds to one or more security issues; and
      
      updating information in the one or more associated tickets based on the event-message.
  - 3. The method of claim 2, further comprising:
    - opening a new ticket based on the event-message if an associated ticket is not found in the ticket repository; and
      
      initializing parameters of the new ticket based on one or more corresponding security issues.
  - 4. The method of claim 3, further comprising:
    - collecting further events occurring after the first event.
  - 5. The method of claim 4, further comprising:
    - identifying containment actions if said assigned security issues are identified in the analyzing said one or more assigned security issues; and
      
      performing the containment actions.
  - 6. The method of claim 5, further comprising:
    - assessing an impact of the first event if no containment actions are identified; and
      
      updating information in the new ticket and/or an associated ticket.
  - 7. The method of claim 4, further comprising:
    - analyzing a ticket history of an associated ticket to identify patterns associated with one or more dribble attacks;
      
      identifying containment actions if one or more dribble attacks are identified in the analyzing of said ticket history;
      
      performing the containment actions; and
      
      updating information in the associated ticket.
  - 8. The method of claim 3, further comprising:
    - notifying first personnel when either a ticket is opened or when information of a ticket is updated; and
      
      closing a ticket if the ticket has a lowest priority.
  - 9. The method of claim 8, further comprising:
    - sending the new ticket to one or more assigned security personnel based on parameters of the new ticket; and
      
      monitoring to confirm receipt of the new ticket by the one or more assigned security personnel.
  - 10. The method of claim 9, further comprising:
    - escalating the new ticket by alerting other one or more personnel until receipt of the new ticket is confirmed; and
      
      monitoring the new ticket until a status of the ticket indicates that the ticket is resolved.
  - 11. The method of claim 10, further comprising:
    - a. delaying a predetermined amount of time;
      
      b. checking if the one or more assigned security personnel has received the new ticket;
      
      c. alerting the other one or more personnel if the new ticket is not received; and
      
      d. repeating steps a-c until the new ticket is received.
  - 12. The method of claim 11, further comprising:
    - changing the predetermined amount of time for each iteration; and
      
      alerting different ones of the other one or more personnel for each iteration.
  - 13. The method of claim 10, further comprising:
    - a. delaying a predetermined amount of time;
      
      b. checking if the new ticket has been resolved;
      
      c. alerting one or more personnel if the new ticket is not resolved; and
      
      d. repeating steps a-c until the new ticket is resolved.
  - 14. The method of claim 13, further comprising:
    - changing the predetermined amount of time for each iteration; and
      
      alerting different ones of the other one or more personnel for each iteration.

15. A computer readable medium comprising a program that when executed by a processor operates a security infrastructure, comprising:
- an event-message formatter that formats received data generated in response to a first event into an event-message having a common format within the security infrastructure; and
  
  an event-message distributor that distributes the event-message to at least one processing entity of a plurality processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer readable medium of claim 15, the security agent performing a process comprising:
    - searching a ticket repository for one or more associated tickets that are associated with the event-message if the event-message corresponds to one or more security issues;
      
      updating information in the one or more associated tickets based on the event-message;
      
      opening a new ticket based on the event-message if an associated ticket is not found in the ticket repository; and
      
      initializing parameters of the new ticket based on one or more corresponding security issues.
  - 17. The computer readable medium of claim 16, the security agent performing a process further comprising:
    - collecting further events occurring after the first event;
      
      analyzing the first event and the further events to identify one or more patterns associated with known security issues;
      
      identifying containment actions if known security issues are identified in the analyzing the first event step;
      
      performing the containment actions;
      
      assessing an impact of the first event if no containment actions are identified; and
      
      updating information in the new ticket and/or an associated ticket.
  - 18. The computer readable medium of claim 17, the security agent performing a process further comprising:
    - analyzing a ticket history of an associated ticket to identify patterns associated with dribble attacks;
      
      identifying containment actions if one or more dribble attacks are identified in the analyzing of said ticket history;
      
      performing the containment actions; and
      
      updating information in the associated ticket.
  - 19. The computer readable medium of claim 17, further comprising a ticket tracker, the ticket tracker performing a process comprising:
    - notifying first personnel when either a ticket is opened or when information of a ticket is updated;
      
      closing a ticket if the ticket has a lowest priority;
      
      sending the new ticket to one or more assigned security personnel based on parameters of the new ticket;
      
      monitoring to confirm receipt of the new ticket by the one or more assigned security personnel;
      
      escalating the new ticket by alerting other one or more personnel until receipt of the new ticket is confirmed; and
      
      monitoring the new ticket until a status of the ticket indicates that the ticket is resolved.

20. A security infrastructure, comprising:
- means for receiving data in response to a first event in the security infrastructure;
  
  means for formatting the data into an event-message having a common format within the security infrastructure; and
  
  means for distributing the event-message to at least one processing entity of a plurality processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property II LP (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Bifnfait, Roberta, Stokes, Denise, BAJPAY, PARITOSH, Cast, Ginny, Chiang, Wan-Ping, Hanechak, Kim, Liu, Jackson

Granted Patent

US 8,624,720 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/540
CPC Class Codes

G08B 25/08 using communication transmi...

SECURITY INFRASTRUCTURE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY INFRASTRUCTURE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links