公开(公告)号：US09794290B2

公开(公告)日：2017-10-17

申请号：US14690340

申请日：2015-04-17

申请人： Symantec Corporation

发明人： Amit Mital ,  Carey S Nachenberg ,  Petros Efstathopoulos

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/1433

摘要： The efficacy of security products and practices is quantified, based on monitored activities and conditions on multiple computers over time. A set of metrics is defined, specifying what criteria concerning computer security systems are to be quantified. Telemetry data concerning the defined metrics are collected from multiple computers, such as the customer base of a security product vendor. Security configuration information such as the deployments and settings of security systems on computing devices is monitored. This monitored information tracks what security products are deployed on which machines, and how these products are configured and used. Collected telemetry is correlated with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security incidents, operations and other types of actions occur. The determined correlations are amalgamated, amalgamated correlation information is analyzed, and the efficacy of specific security products and configurations is quantified.

公开(公告)号：US20160255115A1

公开(公告)日：2016-09-01

申请号：US14690340

申请日：2015-04-17

申请人： Symantec Corporation

发明人： Amit Mital ,  Carey S. Nachenberg ,  Petros Efstathopoulos

IPC分类号： H04L29/06 ,  H04L12/26

CPC分类号： H04L63/20 ,  H04L63/1433

摘要： The efficacy of security products and practices is quantified, based on monitored activities and conditions on multiple computers over time. A set of metrics is defined, specifying what criteria concerning computer security systems are to be quantified. Telemetry data concerning the defined metrics are collected from multiple computers, such as the customer base of a security product vendor. Security configuration information such as the deployments and settings of security systems on computing devices is monitored. This monitored information tracks what security products are deployed on which machines, and how these products are configured and used. Collected telemetry is correlated with monitored configuration information, enabling determination of what security product deployments and settings are in place when specific security incidents, operations and other types of actions occur. The determined correlations are amalgamated, amalgamated correlation information is analyzed, and the efficacy of specific security products and configurations is quantified.

摘要翻译： 基于多台电脑随时间的监控活动和条件，量化安全产品和做法的效力。 定义一组度量，指定要量化计算机安全系统的哪些标准。 关于定义的度量的遥测数据从多台计算机收集，例如安全产品供应商的客户群。 监视安全配置信息，例如计算设备上的安全系统的部署和设置。 此监视的信息跟踪哪些安全产品部署在哪些计算机上，以及如何配置和使用这些产品。 收集的遥测与监控的配置信息相关，可以确定在发生特定安全事件，操作和其他类型的操作时，什么安全产品部署和设置。 确定的相关性是合并的，合并的相关信息被分析，并且量化特定安全产品和配置的功效。