Model framework and system for cyber security services

US 10,003,598 B2
Filed: 04/15/2016
Issued: 06/19/2018
Est. Priority Date: 04/15/2016
Status: Active Grant

First Claim

Patent Images

1. A model framework and system for cyber security services, the system comprising:

at least one non-transitory storage device;

at least one processor; and

at least one module stored in said storage device and comprising instruction code that is executable by the at least one processor and configured to cause said at least one processor to;

electronically receive, via a distributed network of servers, information associated with an internal computing device within a network;

determine one or more access paths to the internal computing device from an external computing device;

determine one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;

determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;

determine that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;

determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;

identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; and

incorporate the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.

59 Citations

14 Claims

1. A model framework and system for cyber security services, the system comprising:
- at least one non-transitory storage device;
  
  at least one processor; and
  
  at least one module stored in said storage device and comprising instruction code that is executable by the at least one processor and configured to cause said at least one processor to;
  
  electronically receive, via a distributed network of servers, information associated with an internal computing device within a network;
  
  determine one or more access paths to the internal computing device from an external computing device;
  
  determine one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;
  
  determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;
  
  determine that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;
  
  determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;
  
  identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; and
  
  incorporate the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the module is further configured to cause the at least one processor to:
    - determine that access to the internal computing device by the external computing device via at least one of the one or more types of access causes a loss event;
      
      determine a probability score associated with the loss event, wherein the probability score indicates chances of occurrence of the loss event;
      
      determine a magnitude of impact score associated with the loss event, wherein the magnitude of impact score indicates a consequence of the loss event; and
      
      determine an exposure score associated with the loss event based on at least the probability score and the magnitude of impact score.
  - 3. The system of claim 2, wherein the one or more controls are configured to be regulated to detect and prohibit access to the internal computing device via at least one of the one or more types of access, thereby reducing the exposure score associated with the loss event.
  - 4. The system of claim 2, wherein the module is further configured to cause the at least one processor to:
    - determine that the exposure score associated with the loss event is greater than a predetermined threshold;
      
      determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;
      
      identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate the regulation of the one or more controls to detect and prohibit access to the internal computing device by the external computing device; and
      
      incorporate the one or more identified tools within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device, wherein the incorporation of the one or more identified tools results in the exposure score associated with the loss event to be lower than the predetermined threshold.
  - 5. The system of claim 1, wherein the module is further configured to cause the at least one processor to:
    - determine that a first tool identified to facilitate the regulation of the one or more controls comprises one or more capabilities that overlap with the capabilities of a second tool also identified to facilitate the regulation of the one or more controls, wherein the first tool and the second tool associated with the one or more tools identified;
      
      initiate a presentation of a user interface to enable a user to select the first tool or the second tool for the one or more overlapped capabilities;
      
      receive a user input comprising a selection of the first tool and/or the second tool for the one or more overlapped capabilities; and
      
      incorporate the first tool and the second tool within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device.

6. A computerized method for a model framework and system for cyber security services, the method comprising:
- electronically receiving, via a distributed network of servers, information associated with an internal computing device within a network;
  
  determining, using a computing device processor, one or more access paths to the internal computing device from an external computing device;
  
  determining, using a computing device processor, one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;
  
  determining, using a computing device processor, one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;
  
  determining, using a computing device processor, that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;
  
  determining, using a computing device processor, one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;
  
  identifying, using a computing device processor, one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; and
  
  incorporating, using a computing device processor, the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the method further comprises:
    - determining that access to the internal computing device by the external computing device via at least one of the one or more types of access causes a loss event;
      
      determining a probability score associated with the loss event, wherein the probability score indicates chances of occurrence of the loss event;
      
      determining a magnitude of impact score associated with the loss event, wherein the magnitude of impact score indicates a consequence of the loss event; and
      
      determining an exposure score associated with the loss event based on at least the probability score and the magnitude of impact score.
  - 8. The method of claim 7, wherein the one or more controls are configured to be regulated to detect and prohibit access to the internal computing device via at least one of the one or more types of access, thereby reducing the exposure score associated with the loss event.
  - 9. The method of claim 7, wherein the method further comprises:
    - determining that the exposure score associated with the loss event is greater than a predetermined threshold;
      
      determining one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;
      
      identifying one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate the regulation of the one or more controls to detect and prohibit access to the internal computing device by the external computing device; and
      
      incorporating the one or more identified tools within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device, wherein the incorporation of the one or more identified tools results in the exposure score associated with the loss event to be lower than the predetermined threshold.
  - 10. The method of claim 6, wherein the method further comprises:
    - determining that a first tool identified to facilitate the regulation of the one or more controls comprises one or more capabilities that overlap with the capabilities of a second tool also identified to facilitate the regulation of the one or more controls, wherein the first tool and the second tool associated with the one or more tools identified;
      
      initiating a presentation of a user interface to enable a user to select the first tool or the second tool for the one or more overlapped capabilities;
      
      receiving a user input comprising a selection of the first tool and/or the second tool for the one or more overlapped capabilities; and
      
      incorporating the first tool and the second tool within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device.

11. A non-transitory computer program product for a model framework and system for cyber security services, the computer program product comprising a non-transitory computer-readable medium comprising code causing a first apparatus to:
- electronically receive, via a distributed network of servers, information associated with an internal computing device within a network;
  
  determine one or more access paths to the internal computing device from an external computing device;
  
  determine one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;
  
  determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;
  
  determine that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;
  
  determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;
  
  identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; and
  
  incorporate the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access.
- View Dependent Claims (12, 13, 14)
- - 12. The computer program product of claim 11, wherein the first apparatus is further configured to:
    - determine that access to the internal computing device by the external computing device via at least one of the one or more types of access causes a loss event;
      
      determine a probability score associated with the loss event, wherein the probability score indicates chances of occurrence of the loss event;
      
      determine a magnitude of impact score associated with the loss event, wherein the magnitude of impact score indicates a consequence of the loss event; and
      
      determine an exposure score associated with the loss event based on at least the probability score and the magnitude of impact score.
  - 13. The computer program product of claim 12, wherein the first apparatus is further configured to:
    - determine that the exposure score associated with the loss event is greater than a predetermined threshold;
      
      determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;
      
      identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate the regulation of the one or more controls to detect and prohibit access to the internal computing device by the external computing device; and
      
      incorporate the one or more identified tools within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device, wherein the incorporation of the one or more identified tools results in the exposure score associated with the loss event to be lower than the predetermined threshold.
  - 14. The computer program product of claim 11, wherein the first apparatus is further configured to:
    - determine that a first tool identified to facilitate the regulation of the one or more controls comprises one or more capabilities that overlap with the capabilities of a second tool also identified to facilitate the regulation of the one or more controls, wherein the first tool and the second tool associated with the one or more tools identified;
      
      initiate a presentation of a user interface to enable a user to select the first tool or the second tool for the one or more overlapped capabilities;
      
      receive a user input comprising a selection of the first tool and/or the second tool for the one or more overlapped capabilities; and
      
      incorporate the first tool and the second tool within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kling, John Howard, Brubaker, Mark Earl, Quon, Cora Yan, Bierner, Rachel Yun Kim, Moloian, Armen, Kuhlmeier, Ronald James
Primary Examiner(s)
Tran, Ellen

Application Number

US15/099,654
Publication Number

US 20170302668A1
Time in Patent Office

795 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/1416 Event detection, e.g. attac...

Model framework and system for cyber security services

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Model framework and system for cyber security services

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links