An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept inf
An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept informed based on notification subscription lists. Assigned security personnel's progress in resolving outstanding security issues is monitored until those issues are resolved.
대표청구항▼
What is claimed is: 1. A method for operating an automated security infrastructure, comprising: receiving data in response to a first event in the security infrastructure; formatting the data into an event-message having a common format within the security infrastructure; and distributing the event
What is claimed is: 1. A method for operating an automated security infrastructure, comprising: receiving data in response to a first event in the security infrastructure; formatting the data into an event-message having a common format within the security infrastructure; and distributing the event-message to at least one processing entity of one or more processing entities of the security infrastructure, wherein said at least one processing entity is assigned to analyze a topic of the event-message, wherein each of the one or more processing entities is assigned to a different security issue, comprises a computing device and comprises a security agent that uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages. 2. The method of claim 1, further comprising: searching a ticket repository for one or more associated tickets that are associated with the event-message if the event-message corresponds to one or more security issues; and updating information in the one or more associated tickets based on the event-message. 3. The method of claim 2, further comprising: opening a new ticket based on the event-message if an associated ticket is not found in the ticket repository; and initializing parameters of the new ticket based on one or more corresponding security issues. 4. The method of claim 3, further comprising: collecting further events occurring after the first event. 5. The method of claim 4, further comprising: identifying containment actions if said assigned security issues are identified in the analyzing said one or more assigned security issues; and performing the containment actions. 6. The method of claim 5, further comprising: assessing an impact of the first event if no containment actions are identified; and updating information in the new ticket and/or an associated ticket. 7. The method of claim 4, further comprising: analyzing a ticket history of an associated ticket to identify patterns associated with one or more dribble attacks; identifying containment actions if one or more dribble attacks are identified in the analyzing of said ticket history; performing the containment actions; and updating information in the associated ticket. 8. The method of claim 3, further comprising: notifying first personnel when either a ticket is opened or when information of a ticket is updated; and closing a ticket if the ticket has a lowest priority. 9. The method of claim 8, further comprising: sending the new ticket to one or more assigned security personnel based on parameters of the new ticket; and monitoring to confirm receipt of the new ticket by the one or more assigned security personnel. 10. The method of claim 9, further comprising: escalating the new ticket by alerting other one or more personnel until receipt of the new ticket is confirmed; and monitoring the new ticket until a status of the ticket indicates that the ticket is resolved. 11. The method of claim 10, further comprising: a. delaying a predetermined amount of time; b. checking if the one or more assigned security personnel has received the new ticket; c. alerting the other one or more personnel if the new ticket is not received; and d. repeating steps a-c until the new ticket is received. 12. The method of claim 11, further comprising: changing the predetermined amount of time for each iteration; and alerting different ones of the other one or more personnel for each iteration. 13. The method of claim 10, further comprising: a. delaying a predetermined amount of time; b. checking if the new ticket has been resolved; c. alerting one or more personnel if the new ticket is not resolved; and d. repeating steps a-c until the new ticket is resolved. 14. The method of claim 13, further comprising: changing the predetermined amount of time for each iteration; and alerting different ones of the other one or more personnel for each iteration. 15. A computer readable medium comprising a program that when executed by a processor operates an automated security infrastructure, comprising: an event-message formatter that formats received data generated in response to a first event into an event-message having a common format within the security infrastructure; and an event-message distributor that distributes the event-message to at least one security agent of one or more security agents of the security infrastructure, wherein said at least one security agent is assigned to analyze a topic of the event-message, wherein each of the one or more security agents is assigned to a different security issue, comprises a computing device and uses at least one inference engine for analyzing one or more assigned security issues, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages. 16. The computer readable medium of claim 15, the security agent performing a process comprising: searching a ticket repository for one or more associated tickets that are associated with the event-message if the event-message corresponds to one or more security issues; updating information in the one or more associated tickets based on the event-message; opening a new ticket based on the event-message if an associated ticket is not found in the ticket repository; and initializing parameters of the new ticket based on one or more corresponding security issues. 17. The computer readable medium of claim 16, the security agent performing a process further comprising: collecting further events occurring after the first event; analyzing the first event and the further events to identify one or more patterns associated with known security issues; identifying containment actions if known security issues are identified in the analyzing the first event step; performing the containment actions; assessing an impact of the first event if no containment actions are identified; and updating information in the new ticket and/or an associated ticket. 18. The computer readable medium of claim 17, the security agent performing a process further comprising: analyzing a ticket history of an associated ticket to identify patterns associated with dribble attacks; identifying containment actions if one or more dribble attacks are identified in the analyzing of said ticket history; performing the containment actions; and updating information in the associated ticket. 19. The computer readable medium of claim 17, further comprising a ticket tracker, the ticket tracker performing a process comprising: notifying first personnel when either a ticket is opened or when information of a ticket is updated; closing a ticket if the ticket has a lowest priority; sending the new ticket to one or more assigned security personnel based on parameters of the new ticket; monitoring to confirm receipt of the new ticket by the one or more assigned security personnel; escalating the new ticket by alerting other one or more personnel until receipt of the new ticket is confirmed; and monitoring the new ticket until a status of the ticket indicates that the ticket is resolved. 20. An automated security infrastructure, comprising: means for detecting a first event and generating an event-message in a common format for interoperable use within the security infrastructure; means for searching for one or more associated tickets associated with the event-message; means for opening a new ticket based on the event-message; means for collecting further events occurring after the first event, wherein said means for collecting is assigned to analyze a topic of the first and further events to identify one or more patterns associated with known security issues, wherein said means for analyzing comprises a computing device and one or more security agents that are assigned to a different security issue and, wherein each of the one or more security agents uses at least one inference engine, wherein said analyzing said one or more assigned security issues comprises identifying a pattern in a plurality of event-messages; means for identifying and performing containment actions; means for assessing an impact of the first event; means for analyzing a ticket history of an associated ticket to identify patterns associated with one or more dribble attacks and for containment of the one or more dribble attacks; means for notifying personnel of a new ticket being opened or of information of a ticket being updated; means for sending a new ticket to one or more assigned security personnel; and means for escalating the new ticket and monitoring the new ticket until the new ticket is resolved.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (9)
Thom Kennedy CA, Alarm monitoring and reporting system.
Dev Roger H. (Durham NH) Emery Dale H. (Berwick ME) Rustici Eric S. (Londonderry NH) Scott Walter P. (Salem NH) Wiggin Dwayne S. (Rochester NH), Network management system using interconnected hierarchies to represent different network dimensions in multiple display.
Reed Walter S. ; Tamminen ; Jr. Walter E. ; Thornton Ronald D. ; Kohn Nathan M., System and method for providing a unified communications link between divergent communication networks.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.