An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept inf
An automated security infrastructure is disclosed that includes security agents that are designed to analyze security issues. The security agents process events received from event-messages, and records data associated with a security issue in a ticket. Security and management personnel are kept informed based on notification subscription lists. Assigned security personnel's progress in resolving outstanding security issues is monitored until those issues are resolved.
대표청구항▼
1. A method for operating a security infrastructure, comprising: receiving, via a processor, data in response to a first event in the security infrastructure;formatting, via the processor, the data into an event-message having a common format within the security infrastructure; anddistributing, via
1. A method for operating a security infrastructure, comprising: receiving, via a processor, data in response to a first event in the security infrastructure;formatting, via the processor, the data into an event-message having a common format within the security infrastructure; anddistributing, via the processor, the event-message to a processing entity of a plurality processing entities of the security infrastructure, wherein the processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses an inference engine for analyzing a security issue, wherein the analyzing the security issue comprises identifying a pattern in a plurality of event-messages. 2. The method of claim 1, further comprising: searching a ticket repository for an associated ticket, wherein the associated ticked is a ticket that is associated with the event-message when the event-message corresponds to the security issue; andupdating information in the associated ticket based on the event-message. 3. The method of claim 2, further comprising: opening a new ticket based on the event-message when the associated ticket is not found in the ticket repository; andinitializing a parameter of the new ticket based on the security issue. 4. The method of claim 3, further comprising: collecting further events occurring after the first event. 5. The method of claim 4, further comprising: identifying a containment action when the security issue is identified in analyzing the security issue; andperforming the containment action, when the containment action is identified. 6. The method of claim 5, further comprising: assessing an impact of the first event when no containment action is identified; andupdating information in the ticket associated with the event-message. 7. The method of claim 4, further comprising: analyzing a ticket history of the associated ticket to identify the pattern, wherein the pattern is associated with a dribble attack;identifying a containment action when the dribble attack is identified in the analyzing of the ticket history;performing the containment action that is identified; andupdating information in the associated ticket. 8. The method of claim 3, further comprising: notifying first personnel when the new ticket is opened;notifying the first personnel when information of the associated ticket is updated;closing the associated ticket when the associated ticket has a lowest priority; andclosing the new ticket when the new ticket has a lowest priority. 9. The method of claim 8, further comprising: sending the new ticket to a security personnel based on the parameter of the new ticket; andmonitoring to confirm a receipt of the new ticket by the security personnel. 10. The method of claim 9, further comprising: escalating the new ticket by alerting other personnel until the receipt of the new ticket is confirmed; andmonitoring the new ticket until a status of the new ticket indicates that the new ticket is resolved. 11. The method of claim 10, wherein the escalating and the monitoring comprise: a. delaying a predetermined amount of time, wherein the predetermined amount of time is for alerting the other personnel when the new ticket is not received;b. checking if the security personnel has received the new ticket;c. alerting the other personnel when the new ticket is not received by the security personnel; andd. repeating steps a-c until the new ticket is received by the security personnel. 12. The method of claim 11, wherein the predetermined amount of time is changed for each iteration; andalerting the other personnel comprises alerting different ones of the other personnel for each iteration. 13. The method of claim 10, wherein the escalating and the monitoring further comprise: a. delaying a predetermined amount of time, wherein the predetermined amount of time is for alerting the other personnel when the new ticket is not resolved;b. checking if the new ticket has been resolved;c. alerting the other personnel when the new ticket is not resolved; andd. repeating steps a-c until the new ticket is resolved. 14. The method of claim 13, wherein the predetermined amount of time is changed for each iteration; andalerting the other personnel comprises alerting different ones of the other personnel for each iteration. 15. A computer readable medium storing a plurality of instructions which, when executed by a processor, cause the processor to perform operations for a security infrastructure, the operations comprising: receiving data in response to a first event in the security infrastructure;formatting the data into an event-message having a common format within the security infrastructure; anddistributing the event-message to a processing entity of a plurality processing entities of the security infrastructure, wherein the processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses an inference engine for analyzing a security issue, wherein the analyzing the security issue comprises identifying a pattern in a plurality of event-messages. 16. The computer readable medium of claim 15, further comprising: searching a ticket repository for an associated ticket, wherein the associated ticket is a ticket that is associated with the event-message when the event-message corresponds to the security issue;updating information in the associated ticket based on the event-message;opening a new ticket based on the event-message when the associated ticket is not found in the ticket repository; andinitializing a parameter of the new ticket based on the security issue. 17. The computer readable medium of claim 16, further comprising: collecting further events occurring after the first event;analyzing the first event and the further events to identify the pattern, wherein the pattern is associated with a known security issue;identifying a containment action when the known security issue is identified in the analyzing the first event;performing the containment action, when the containment action is identified;assessing an impact of the first event when no containment action is identified; andupdating information in the ticket associated with the event-message. 18. The computer readable medium of claim 17, further comprising: analyzing a ticket history of the associated ticket to identify the pattern, wherein the pattern is associated with a dribble attack;identifying a containment action when the dribble attack is identified in the analyzing of the ticket history;performing the containment action that is identified; andupdating information in the associated ticket. 19. The computer readable medium of claim 17, further comprising: notifying first personnel when the new ticket is opened;notifying the first personnel when information of the associated ticket is updated;closing the associated ticket when the associated ticket has a lowest priority;closing the new ticket when the new ticket has a lowest priority;sending the new ticket to a security personnel based on the parameter of the new ticket;monitoring to confirm a receipt of the new ticket by the security personnel;escalating the new ticket by alerting other personnel until the receipt of the new ticket is confirmed; andmonitoring the new ticket until a status of the new ticket indicates that the new ticket is resolved. 20. A security infrastructure, comprising: a processor; anda computer readable medium storing a plurality of instructions which, when executed by the processor, cause the processor to perform operations, the operations comprising: receiving data in response to a first event in the security infrastructure;formatting the data into an event-message having a common format within the security infrastructure; anddistributing the event-message to a processing entity of a plurality processing entities of the security infrastructure, wherein the processing entity is assigned to analyze a topic of the event-message, wherein at least two of the plurality processing entities are assigned to a different security issue, wherein each of the processing entities comprises a computing device and comprises a security agent that uses an inference engine for analyzing a security issue, wherein the analyzing the security issue comprises identifying a pattern in a plurality of event-messages.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (10)
Thom Kennedy CA, Alarm monitoring and reporting system.
Dev Roger H. (Durham NH) Emery Dale H. (Berwick ME) Rustici Eric S. (Londonderry NH) Scott Walter P. (Salem NH) Wiggin Dwayne S. (Rochester NH), Network management system using interconnected hierarchies to represent different network dimensions in multiple display.
Reed Walter S. ; Tamminen ; Jr. Walter E. ; Thornton Ronald D. ; Kohn Nathan M., System and method for providing a unified communications link between divergent communication networks.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.