Synthetic cyber-risk model for vulnerability determination
First Claim
1. A method comprising:
- receiving information associated with a cyberthreat from an external source, wherein the cyberthreat is associated with one or more objectives;
using the information, mapping one or more characteristics of the cyberthreat into one or more instructions, wherein the one or more instructions when executed in a target network perform multiple steps to simulate an existence of the cyberthreat within the target network without implementing the one or more objectives of the cyberthreat in the target network;
determining one or more agents to execute the one or more instructions;
initiating execution of the one or more instructions by the one or more agents to simulate the existence of the cyberthreat within the target network;
receiving feedback including a progression of the multiple steps identifying how the target network responds to the simulated existence of the cyberthreat within the target network;
using the feedback, determining whether one of the multiple steps to simulate the cyberthreat has failed in the target network; and
responsive to determining that one of the multiple steps has failed, replacing at least one instruction for the failed step with at least one additional instruction to be executed by the one or more agents or one or more additional agents in the target network.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and device are presented for assessing a target network'"'"'s vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether any modifications to the same or a new synthesized test is preferred. The technology includes self-healing processes that, using the feedback mechanisms, can attempt to find patches for known vulnerabilities, test for unknown vulnerabilities, and configure the target network'"'"'s resources in accordance with predefined service-level agreements.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving information associated with a cyberthreat from an external source, wherein the cyberthreat is associated with one or more objectives; using the information, mapping one or more characteristics of the cyberthreat into one or more instructions, wherein the one or more instructions when executed in a target network perform multiple steps to simulate an existence of the cyberthreat within the target network without implementing the one or more objectives of the cyberthreat in the target network; determining one or more agents to execute the one or more instructions; initiating execution of the one or more instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receiving feedback including a progression of the multiple steps identifying how the target network responds to the simulated existence of the cyberthreat within the target network; using the feedback, determining whether one of the multiple steps to simulate the cyberthreat has failed in the target network; and responsive to determining that one of the multiple steps has failed, replacing at least one instruction for the failed step with at least one additional instruction to be executed by the one or more agents or one or more additional agents in the target network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable storage medium containing computer-executable instructions that, when executed by at least one processor, cause the at least one processor to:
-
receive information associated with a cyberthreat from an external source, wherein the cyberthreat is associated with one or more objectives; using the information, map one or more characteristics of the cyberthreat into one or more instructions, wherein the one or more instructions when executed in a target network perform multiple steps to simulate an existence of the cyberthreat within the target network without implementing the one or more objectives of the cyberthreat in the target network; determine one or more agents to execute the one or more instructions; initiate execution of the one or more instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receive feedback including a progression of the multiple steps identifying how the target network responds to the simulated existence of the cyberthreat within the target network; using the feedback, determine whether one of the multiple steps to simulate the cyberthreat has failed in the target network; and responsive to determining that one of the multiple steps has failed, replace at least one instruction for the failed step with at least one additional instruction to be executed by the one or more agents or one or more additional agents in the target network. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
at least one processor; and at least one memory storing computer-executable instructions that when executed cause the at least one processor to; receive information associated with a cyberthreat from an external source, wherein the cyberthreat is associated with one or more objectives; using the information, map one or more characteristics of the cyberthreat into one or more instructions, wherein the one or more instructions when executed in a target network perform multiple steps to simulate an existence of the cyberthreat within the target network without implementing the one or more objectives of the cyberthreat in the target network; determine one or more agents to execute the one or more instructions; initiate execution of the one or more instructions by the one or more agents to simulate the existence of the cyberthreat within the target network; receive feedback including a progression of the multiple steps identifying how the target network responds to the simulated existence of the cyberthreat within the target network; using the feedback, determine whether one of the multiple steps to simulate the cyberthreat has failed in the target network; and responsive to determining that one of the multiple steps has failed, replace at least one instruction for the failed step with at least one additional instruction to be executed by the one or more agents or one or more additional agents in the target network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification