System and method for three-dimensional visualization of vulnerability and asset data
First Claim
1. A computer system for three-dimensional visualization of vulnerability and asset data, comprising:
- one or more active vulnerability scanners configured to conduct one or more active scans in a network, wherein the active vulnerability scanners interrogate a plurality of hosts in the network during the one or more active scans conducted in the network;
one or more passive vulnerability scanners configured to passively observe traffic traveling in the network, wherein the passive vulnerability scanners reconstruct one or more sessions involving one or more of the plurality of hosts from the passively observed traffic;
a log correlation engine configured to correlate a plurality of events contained in one or more logs that describe activity detected in the network;
a management console comprising one or more physical processors configured to;
collect information obtained from the active vulnerability scanners interrogating the plurality of hosts, the passive vulnerability scanners reconstructing the one or more sessions, and the log correlation engine correlating the plurality of events;
build a model of the network with the information collected from the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine, wherein the model of the network includes the plurality of hosts and a plurality of potential vulnerabilities associated with the plurality of hosts; and
display a three-dimensional visualization that graphically represents the model of the network, wherein the three-dimensional visualization includes one or more relationships between the plurality of hosts and the plurality of potential vulnerabilities and a routing topology with one or more routing nodes that represent one or more hosts traversed by the traffic and one or more leaf nodes that represent destinations for the traffic.
3 Assignments
0 Petitions
Accused Products
Abstract
The system and method for three-dimensional visualization of vulnerability and asset data described herein may provide a management console that integrates various active vulnerability scanners, various passive vulnerability scanners, and a log correlation engine distributed in a network. In particular, the management console may include a three-dimensional visualization tool that can be used to generate three-dimensional visualizations that graphically represent vulnerabilities and assets in the network from the integrated information that management console collects the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine distributed in the network. As such, the three-dimensional visualization tool may generate three-dimensional representations of the vulnerabilities and assets in the network that can be used to substantially simplify management of the network.
153 Citations
25 Claims
-
1. A computer system for three-dimensional visualization of vulnerability and asset data, comprising:
-
one or more active vulnerability scanners configured to conduct one or more active scans in a network, wherein the active vulnerability scanners interrogate a plurality of hosts in the network during the one or more active scans conducted in the network; one or more passive vulnerability scanners configured to passively observe traffic traveling in the network, wherein the passive vulnerability scanners reconstruct one or more sessions involving one or more of the plurality of hosts from the passively observed traffic; a log correlation engine configured to correlate a plurality of events contained in one or more logs that describe activity detected in the network; a management console comprising one or more physical processors configured to; collect information obtained from the active vulnerability scanners interrogating the plurality of hosts, the passive vulnerability scanners reconstructing the one or more sessions, and the log correlation engine correlating the plurality of events; build a model of the network with the information collected from the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine, wherein the model of the network includes the plurality of hosts and a plurality of potential vulnerabilities associated with the plurality of hosts; and display a three-dimensional visualization that graphically represents the model of the network, wherein the three-dimensional visualization includes one or more relationships between the plurality of hosts and the plurality of potential vulnerabilities and a routing topology with one or more routing nodes that represent one or more hosts traversed by the traffic and one or more leaf nodes that represent destinations for the traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for three-dimensional visualization of vulnerability and asset data, the method being implemented in a computer system comprising one or more physical processors, the method comprising:
-
conducting, by the computer system, one or more active scans in a network, wherein one or more active vulnerability scanners interrogate a plurality of hosts in the network during the one or more active scans conducted in the network; passively observing, by the computer system, traffic traveling in the network, wherein one or more passive vulnerability scanners reconstruct one or more sessions involving one or more of the plurality of hosts from the passively observed traffic; correlating, by the computer system, a plurality of events contained in one or more logs that describe activity detected in the network, wherein a log correlation engine correlates the plurality of events that describe the activity detected in the network; building, by the computer system, a model of the network with information collected from the active vulnerability scanners interrogating the plurality of hosts, at least one of the one or more passive vulnerability scanners reconstructing the one or more sessions, and the log correlation engine correlating the plurality of events, wherein the model of the network includes the plurality of hosts and a plurality of potential vulnerabilities associated with the plurality of hosts; and displaying, by the computer system, a three-dimensional visualization that graphically represents the model of the network, wherein the three-dimensional visualization includes one or more relationships between the plurality of hosts and the plurality of potential vulnerabilities and a routing topology with one or more routing nodes that represent one or more hosts traversed by the traffic and one or more leaf nodes that represent destinations for the traffic. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A management console device, comprising:
one or more physical processors configured to; collect information obtained from one or more active vulnerability scanners configured to interrogate a plurality of hosts in a network, from one or more passive vulnerability scanners configured to reconstruct one or more sessions from passively observed traffic in the network, and from a log correlation engine configured to correlate a plurality of events contained in one or more logs that describe activity detected in the network; build a model of the network with the information collected from the active vulnerability scanners, the passive vulnerability scanners, and the log correlation engine, wherein the model of the network includes the plurality of hosts and a plurality of potential vulnerabilities associated with the plurality of hosts; and display a three-dimensional visualization comprising a first dimension that conveys first data, a second dimension that conveys second data, and a third dimension that conveys third data, the first dimension, the second dimension and the third dimension graphically representing the model of the network, wherein the three-dimensional visualization includes one or more relationships between the plurality of hosts and the plurality of potential vulnerabilities and a routing topology with one or more routing nodes that represent one or more hosts traversed by the traffic and one or more leaf nodes that represent destinations for the traffic.
Specification