| 发明名称 |
Quantitative Security Improvement System Based on Crowdsourcing |
| 摘要 |
The efficacy of security products and practices is quantified, based on monitored activities and conditions on multiple computers over time. A set of metrics is defined, specifying what criteria concerning computer security systems are to be quantified. Telemetry data concerning the defined metrics are collected from multiple computers, such as the customer base of a security product vendor. Security configuration information such as the deployments and settings of security systems on computing devices is monitored. This monitored information tracks what security products are deployed on which machines, and how these products are configured and used. Collected telemetry is correlated with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security incidents, operations and other types of actions occur. The determined correlations are amalgamated, amalgamated correlation information is analyzed, and the efficacy of specific security products and configurations is quantified. |
| 申请公布号 |
US2016255115(A1) |
申请公布日期 |
2016.09.01 |
| 申请号 |
US201514690340 |
申请日期 |
2015.04.17 |
| 申请人 |
Symantec Corporation |
发明人 |
Mital Amit;Nachenberg Carey S.;Efstathopoulos Petros |
| 分类号 |
H04L29/06;H04L12/26 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer implemented method for quantifying the efficacy of security products and practices, based on monitored activities and conditions on a plurality of computing devices over time, the method comprising the steps of:
defining metrics that specify what criteria concerning computer security systems are to be quantified; collecting telemetry data concerning defined metrics from different ones of the plurality of computing devices; monitoring security configuration information concerning different ones of the plurality of computing devices; correlating collected telemetry data with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security actions occur on specific ones of the plurality of computing devices; amalgamating correlations of telemetry data with security configuration information; analyzing the amalgamated correlations of telemetry data with security configuration information; and quantifying efficacy of specific security products and configurations, based on the analysis of the amalgamated correlations of telemetry data with security configuration information. |
| 地址 |
Mountain View CA US |
