Abstract: Programmatic mechanisms that enable the automatic assignment of categories to network entities based on observed evidence. Agents gather observation data that identifies observations made by agents about the network and a plurality of nodes of the network. The agents provide the observation data to a classification module, which assigns a device category to the nodes of the network based on the observation data and a probabilistic node model. The probabilistic node model considers several probabilities to ascertain a recommended device category for a particular node, such as probabilities based on a manufacturer of a node, an operating system executing on a node, information about other nodes in the local vicinity of a node, and an administrator web page associated with a node. The classification module may also assign a particular network category to the network based on the observation data and a probabilistic network model.

Abstract: Approaches for analyzing risk of security breaches to a network. Agents gather, from multiple sources across the network, analysis data that identifies one or more habitable nodes and one or more opaque nodes. Habitable nodes each possess a computing environment conducive to installation of at least one of agent, while opaque nodes do not. An enterprise risk model is generated for the network using the analysis data. The enterprise risk model models a risk of security breaches to assets of the network from both authorized and unauthorized users of the network based on attributes of the habitable nodes and the opaque nodes of the network. The enterprise risk model may model both the present and the future risk to the enterprise, enabling, resources, such as time and money, to be best allocated in a scientific and methodical manner to improve the risk profile of the enterprise network.

Abstract: Approaches for enforcing security constraints against a network without impacting business workflows. A network is programmatically divided into a set of restrictive subnetworks without human intervention. One or more agents, executing on a plurality of nodes of the network, enforce security constraints by requiring a process, which requests access to an asset stored on a node of the network, to possess a security credential associated with a particular restrictive subnetwork to which the node belongs for access to the asset to be granted. The set of restrictive subnetworks may be determined based upon an enterprise risk model that models both the present and the future risk to the enterprise.

Abstract: Approaches for modeling a risk of security breaches to a network. Agents gather, from multiple sources across the network, analysis data that identifies observed characteristics of habitable nodes and opaque nodes. Using the analysis data a multi-layer risk model for the network is generated that comprises a first layer that models an inherent risk of security breaches to assets of the network based on the observed characteristics. The model also comprises a second layer that models a present state of the inherent risk to the assets caused by global and temporal events. The model also comprises a third layer that models a change to the risk of security breaches in response to potential mitigative actions. The model may be used to understand how risk of a security breach is distributed and interdependent upon the nodes of the network so as to allow the most valuable preventive measures to be taken.