Field
Embodiments of the invention generally relate to techniques for managing security incidents logged by a variety of security monitoring tools. More specifically, embodiments presented herein provide techniques for classifying enterprise assets based on a security configuration and any digital certificates installed on a given asset.
Description of the Related Art
Enterprise computing systems, applications, networks, and data face a variety of security threats and vulnerabilities. As a result, security tools are used to monitor an enterprise's computing systems and infrastructure. This can result in a large number of security incidents that enterprise personnel need to review.
Given limited resources, an enterprise wants to remediate security incidents that will have most impact if left unattended. One approach for doing so is to classify servers or other computing assets relative to how important they are to the organization. For example, an enterprise needs to classify assets, such as server computing systems hosting enterprise applications, in order to triage security incidents, validate appropriate security controls exist, simulate threat modeling and perform other security related functions. Classifying assets in terms of function and criticality can help an enterprise identify security incidents that should be prioritized for remediation. For instance, public website servers (and backend systems storing customer data) are typically of much higher value than internal resources like a mail server or development lab server. However, enterprises often lack the resources to triage, process, and remediate large numbers of security incidents in a timely manner.
Enterprises typically create asset classifications manually, if at all. Manually assigning computing servers and data storage systems to asset categories is tedious, unlikely to get prioritization from busy users, and is unlikely to be maintained. Thus, security incidents that impact key enterprise resources are frequently not prioritized, which can lead to more reputation injury, financial losses, and legal impacts.