Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses

US 10,050,989 B2
Filed: 12/08/2016
Issued: 08/14/2018
Est. Priority Date: 12/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

assessing cyber risk in one or more computer networks for an entity, by collecting information from at least one accessible network element by;

establishing a plurality of proxy connections with entity resources of an entity, the plurality of proxy connections being established with one or more computer networks for the entity;

evaluating performance of the plurality of proxy connections; and

scoring the proxy connections based on their performance to determine a proxy score associated with the proxy connections;

automatically determining, based on the proxy score, a change or a setting regarding the proxy connections; and

automatically recommending, based on the assessed cyber risk, computer network changes for the one or more computer networks to reduce the assessed cyber risk.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the present technology include methods of assessing risk of a cyber security failure in one or more computer networks for an entity. Various embodiments include establishing a plurality of proxy connections with entity resources, evaluating performance of the proxy connections, and scoring the proxy connections based on performance. Various embodiments may further include automatically determining, based on the proxy score, a change or setting regarding the proxy connections. Various embodiments may also include automatically recommending, based on the assessed risk, computer network changes for the one or more computer networks to reduce the assessed risk. Some embodiments may include providing recommended computer network and/or policy changes to reduce the assessed risk, determining the entity has enacted some recommended network changes, and in response, automatically reassessing the risk of a cyber security failure based on the enacted recommended computer network changes.

112 Citations

23 Claims

1. A method, comprising:
- assessing cyber risk in one or more computer networks for an entity, by collecting information from at least one accessible network element by;
  
  establishing a plurality of proxy connections with entity resources of an entity, the plurality of proxy connections being established with one or more computer networks for the entity;
  
  evaluating performance of the plurality of proxy connections; and
  
  scoring the proxy connections based on their performance to determine a proxy score associated with the proxy connections;
  
  automatically determining, based on the proxy score, a change or a setting regarding the proxy connections; and
  
  automatically recommending, based on the assessed cyber risk, computer network changes for the one or more computer networks to reduce the assessed cyber risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method according to claim 1, wherein establishing the plurality of proxy connections with entity resources of the entity further comprises establishing the proxy connections with the entity resources in a randomized manner, wherein the proxy connections are established at different times of a day and different days in a week.
  - 3. The method according to claim 2, further comprising evaluating the plurality of proxy connections for connection quality.
  - 4. The method according to claim 3, wherein the proxy connections are established between the entity resources and a proxy endpoint, wherein the proxy endpoint is located in various locations.
  - 5. The method according to claim 4, wherein the proxy connections are randomly established and terminated to create ephemeral proxy data that is indicative of performance of the proxy connections.
  - 6. The method according to claim 5, further comprising randomly rotating through the plurality of proxy connections.
  - 7. The method according to claim 1, wherein the performance of the proxy connections comprise proxy connection availability and proxy connection reliability.
  - 8. The method according to claim 1, wherein each of the plurality of proxy connections comprises unique characteristics that allow for testing proxy capabilities of a resource and its response to proxy connections of varying characteristics.
  - 9. The method of claim 1, further comprising:
    - evaluating the collected information to obtain circumstantial or indirect information that is indicative of the entity;
      
      cross referencing data in the collected information to confirm or infer that the entity is referenced in the circumstantial or indirect information that is indicative of the entity being referenced in the circumstantial or indirect information;
      
      automatically determining a change or a setting to at least one element of policy criteria of a cyber security policy;
      
      providing one or more of the recommended computer network changes to reduce the assessed cyber risk, enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed cyber risk to the entity;
      
      determining that the entity has enacted at least a portion of the recommended computer network changes, and in response, automatically reassessing the cyber risk in the computer network of the entity based on the enacted recommended computer network changes; and
      
      dynamically re-determining, based on the reassessed cyber risk in the computer network of the entity, the change or the setting to the at least one element of policy criteria of the cyber security policy.
  - 10. The method of claim 1, wherein the cyber risk comprises a cyber attack.
  - 11. The method of claim 1, wherein the cyber risk comprises a privacy incident involving sensitive information.
  - 12. The method of claim 9, wherein the cyber risk is assessed using a computer agent configured to collect information from the at least one accessible network element, the computer agent being further configured to perform at least one of collecting information from the computer network of the entity, and analyzing information from the computer network of the entity.
  - 13. The method of claim 9, further comprising:
    - based on the assessing of the cyber risk, plotting one or more features of the entity and other members of a peer group of the entity, the plotting being configured to visually illustrate the cyber risk in the computer network of the entity; and
      
      the automatically recommending of computer network changes being based on the plotting.
  - 14. The method of claim 13, further comprising:
    - in response to the determining that the entity has enacted at least a portion of the recommended computer network changes, initiating the change or the setting to the at least one element of policy criteria of the cyber security policy.
  - 15. The method of claim 13, wherein the assessing of the cyber risk further comprises assessing, using a plurality of sophistication elements for the entity, a sophistication for the entity with respect to preventing the cyber risk, the sophistication being one of a plurality of features of the entity.
  - 16. The method of claim 1, wherein the assessing of the cyber risk further comprises assessing, using a plurality of motivation elements regarding the entity, a motivation of an actor to initiate the cyber risk, the motivation being one of a plurality of features of the entity.
  - 17. The method of claim 1, wherein the assessing of the cyber risk further comprises:
    - assessing, using a plurality of sophistication elements for the entity, a sophistication for the entity with respect to preventing the cyber risk, the sophistication being one of a plurality of features of the entity; and
      
      assessing, using a plurality of motivation elements regarding the entity, a motivation of an actor to initiate the cyber risk, the motivation being another one of the plurality of features of the entity.
  - 18. The method of claim 17, further comprising calculating a composite score from a motivation score and a sophistication score, the motivation score representing the plurality of motivation elements, the sophistication score representing the plurality of sophistication elements.
  - 19. The method of claim 18, further comprising:
    - creating an aggregate risk score of a portfolio of entities based on a plurality of motivation scores including the motivation score and a plurality of sophistication scores including the sophistication score; and
      
      benchmarking over time at least one of the sophistication score, the motivation score, the composite score, and the aggregate risk score.
  - 20. The method of claim 9, further comprising at least one of increasing and decreasing the assessed cyber risk if the circumstantial or indirect information is negative or positive.

21. A method, comprising:
- assessing cyber risk in one or more computer networks for an entity, using a computer agent configured to collect information from at least one accessible network element, wherein the assessing of the cyber risk comprises;
  
  evaluating the collected information to obtain circumstantial or indirect information that is indicative of the entity;
  
  cross referencing data in the collected information to confirm or infer that the entity is referenced in the circumstantial or indirect information that is indicative of the entity being referenced in the circumstantial or indirect information;
  
  establishing a plurality of proxy connections with entity resources of the entity;
  
  evaluating performance of the plurality of proxy connections;
  
  scoring the proxy connections based on their performance; and
  
  automatically determining proxy connection changes based on the scoring;
  
  automatically determining, based on the assessed cyber risk, a change or a setting to at least one element of policy criteria of a cyber security policy; and
  
  automatically recommending, based on the assessed cyber risk, computer network changes to reduce the assessed cyber risk.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21, further comprisingproviding one or more recommended computer network changes to reduce the assessed cyber risk, enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed cyber risk to the entity;
    - determining that the entity has enacted at least a portion of the recommended computer network changes, and in response, automatically reassessing the cyber risk in the computer network of the entity based on the enacted recommended computer network changes; and
      
      dynamically re-determining, based on the reassessed cyber risk in the computer network of the entity, the change or the setting to the at least one element of policy criteria of the cyber security policy.
  - 23. The method of claim 21, wherein the assessing of cyber risk further comprises at least one of increasing and decreasing the assessed cyber risk if the circumstantial or indirect information is negative or positive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyence LLC. (Guidewire Software Incorporated)
Original Assignee
Guidewire Software Incorporated
Inventors
Ng, George Y., Ma, Don, Ooi, Yuen Tsing, Zhang, Feiyin, Tancioco, Jr., Fernando
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US15/373,298
Publication Number

US 20170093904A1
Time in Patent Office

614 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 40/06   Asset management; Financial...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others