Identifying relationships between security metrics
First Claim
1. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- receive security information data from each of a plurality of data sources for a network system of computers, the security information data from each data source comprising values of one or more security signals for the network system at each of a plurality of times in a period of time;
receive a plurality of metric definitions from each of a plurality of metric sources, wherein each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system;
calculate, for each metric definition, a respective score for the system for each time in the plurality of times, the calculating comprising, for each time, applying the metric definition to the security signal values at the time to calculate the respective score for the network system;
compare the scores for each metric over the period of time to identify one or more relationships between the plurality of metric definitions;
select a set of metric definitions from the plurality of metric definitions as candidates to be key performance indicators for security of the network system based on the one or more relationships between the plurality of metric definitions, wherein each key performance indicator is to represent a state of the network system and is to be indicative of one or more other metric definitions;
cause the set of metric definitions to be presented at a user interface as suggested candidates for selection as key performance indicators for the network system;
identify user selection, through the user interface, of one or more of the set of metric definitions as key performance indicators for the network system; and
define the selected one or more of the set of metric definitions as new key performance indicators for the network system based on the user selection.
10 Assignments
0 Petitions
Accused Products
Abstract
A security metrics system receives security information data for a network system of computers and metric definitions from metric sources. Each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system. The system calculates each metric definition for a plurality of times and selecting metric definitions that are related to the performance of and are indicative of one or more other metric definitions as candidates to be key performance indicators.
12 Citations
21 Claims
-
1. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
receive security information data from each of a plurality of data sources for a network system of computers, the security information data from each data source comprising values of one or more security signals for the network system at each of a plurality of times in a period of time; receive a plurality of metric definitions from each of a plurality of metric sources, wherein each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system; calculate, for each metric definition, a respective score for the system for each time in the plurality of times, the calculating comprising, for each time, applying the metric definition to the security signal values at the time to calculate the respective score for the network system; compare the scores for each metric over the period of time to identify one or more relationships between the plurality of metric definitions; select a set of metric definitions from the plurality of metric definitions as candidates to be key performance indicators for security of the network system based on the one or more relationships between the plurality of metric definitions, wherein each key performance indicator is to represent a state of the network system and is to be indicative of one or more other metric definitions; cause the set of metric definitions to be presented at a user interface as suggested candidates for selection as key performance indicators for the network system; identify user selection, through the user interface, of one or more of the set of metric definitions as key performance indicators for the network system; and define the selected one or more of the set of metric definitions as new key performance indicators for the network system based on the user selection. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
receive security information data from each of a plurality of data sources for a network system of computers, the security information data from each data source comprising values of one or more security signals for the network system at each of a plurality of times in a period of time; receive a plurality of metric definitions from each of a plurality of metric sources, wherein each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system; calculate, for each metric definition, a respective score for the system for each time in the plurality of times, the calculating comprising, for each time, applying the metric definition to the security signal values at the time to calculate the respective score for the network system; compare the scores for the metrics over the period of time to identify one or more relationships between the plurality of metric definitions; present a graphical representation of one or more of the identified relationships between two or more of the metric definitions to a user; and receive a selection of at least one of the two or more metric definitions as a key performance indicator for the network system, wherein key performance indicators are to represent a corresponding state of the network system and are to be indicative of one or more other metric definitions; and define the selected metric definitions as new key performance indicators for the network system based on the user selection. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer implemented method, comprising:
-
receiving, by a data processing apparatus, security information data from each of a plurality of data sources for a network system of computers, the security information data from each data source comprising values of one or more security signals for the network system at each of a plurality of times in a period of time; receiving, by the data processing apparatus, a plurality of metric definitions from each of a plurality of metric sources, wherein each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system; calculating, by the data processing apparatus, for each metric definition, a respective score for the system for each time in the plurality of times, the calculating comprising, for each time, applying the metric definition to the security signal values at the time to calculate the respective score for the network system; comparing, by the data processing apparatus, the scores for each metric over the period of time to identify one or more relationships between the plurality of metric definitions; selecting, by the data processing apparatus, a set of metric definitions from the plurality of metric definitions as candidates to be key performance indicators for security of the network system based on the one or more relationships between the plurality of metric definitions, and wherein each key performance indicator is to represent a state of the network system and is to be indicative of one or more other metric definitions; causing the set of metric definitions to be presented at a user interface as suggested candidates for selection as key performance indicators for the network system; identifying user selection, through the user interface, of one or more of the set of metric definitions as key performance indicators for the network system; and defining the selected one or more of the set of metric definitions as new key performance indicators for the network system based on the user selection. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method, comprising:
-
receiving, by a data processing apparatus, security information data from each of a plurality of data sources for a network system of computers, the security information data from each data source comprising values of one or more security signals for the network system at each of a plurality of times in a period of time; receiving, by the data processing apparatus, a plurality of metric definitions from each of a plurality of metric sources, wherein each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system; calculating, by the data processing apparatus, for each metric definition, a respective score for the system for each time in the plurality of times, the calculating comprising, for each time, applying the metric definition to the security signal values at the time to calculate the respective score for the network system; comparing, by the data processing apparatus, the scores for the metrics over the period of time to identify one or more relationships between the plurality of metric definitions; generating, by the data processing apparatus, data for a graphical representation of one or more of the identified relationships between two or more of the metric definitions to a user; receiving a selection of at least one of the two or more metric definitions as a key performance indicator for the network system, wherein key performance indicators are to represent a corresponding state of the network system and are to be indicative of one or more other metric definitions; and defining the selected metric definitions as new key performance indicators for the network system based on the user selection. - View Dependent Claims (18, 19, 20, 21)
-
Specification