System and method of mitigating cyber attack risks

US 10,063,583 B2
Filed: 08/28/2017
Issued: 08/28/2018
Est. Priority Date: 04/03/2014
Status: Active Grant

First Claim

Patent Images

1. A security system, comprising:

a computer system;

a memory accessible to the computer system;

an application stored in the memory that, when executed by the computer system;

populates, in the memory for each of a plurality of different cyber threats, a cyber threat progression vector comprising a plurality of predefined elements that each correspond to a step of a plurality of separate steps that are taken in carrying out a corresponding cyber threat of the plurality of different cyber threats,determines, based on the cyber threat progression vector for each of the plurality of different cyber threats, a plurality of electronic or procedural controls or countermeasures to mitigate cyber risks, andeffects at least a first electronic or procedural control or countermeasure of the determined plurality of electronic or procedural controls or countermeasures for a first cyber threat of the plurality of different cyber threats and at least a second electronic or procedural control or countermeasure of the determined plurality of electronic or procedural controls or countermeasures for a second cyber threat of the plurality of different cyber threats to interdict the first and second cyber threats at different steps corresponding to different predefined elements of the plurality of predefined elements on the cyber threat progression vectors for the first and second cyber threats; and

a computer system interface to provide the cyber threat progression vectors, and the plurality of electronic or procedural controls or countermeasures to mitigate cyber risks.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system comprising a computer, a memory, a data store comprising a cyber threat intent dictionary and a technology dictionary; and an application stored in the memory. When executed by the computer, the application generates a report that comprises an identification of a cyber threat intent and the identification of a cyber threat technology, wherein the cyber threat intent is selected from a plurality of cyber threat intents listed in the cyber threat intent dictionary and wherein the cyber threat technology is selected from the technology dictionary. The application also populates values in a cyber threat progression vector, where the cyber threat progression vector comprises elements that each corresponds to an action in a chain of actions associated with a cybercrime, where the values correspond to one of present or not present. The vector is used to manage the cyber risk of an enterprise or organization.

90 Citations

View as Search Results

20 Claims

1. A security system, comprising:
- a computer system;
  
  a memory accessible to the computer system;
  
  an application stored in the memory that, when executed by the computer system;
  
  populates, in the memory for each of a plurality of different cyber threats, a cyber threat progression vector comprising a plurality of predefined elements that each correspond to a step of a plurality of separate steps that are taken in carrying out a corresponding cyber threat of the plurality of different cyber threats,determines, based on the cyber threat progression vector for each of the plurality of different cyber threats, a plurality of electronic or procedural controls or countermeasures to mitigate cyber risks, andeffects at least a first electronic or procedural control or countermeasure of the determined plurality of electronic or procedural controls or countermeasures for a first cyber threat of the plurality of different cyber threats and at least a second electronic or procedural control or countermeasure of the determined plurality of electronic or procedural controls or countermeasures for a second cyber threat of the plurality of different cyber threats to interdict the first and second cyber threats at different steps corresponding to different predefined elements of the plurality of predefined elements on the cyber threat progression vectors for the first and second cyber threats; and
  
  a computer system interface to provide the cyber threat progression vectors, and the plurality of electronic or procedural controls or countermeasures to mitigate cyber risks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the cyber threat progression vector is populated based on a threat report.
  - 3. The system of claim 1, wherein the cyber threat progression vector is populated based on analysis of threat intelligence.
  - 4. The system of claim 1, wherein each cyber threat progression vector for each of the plurality of different cyber threats has the same predefined elements.
  - 5. The system of claim 4, wherein each of the plurality of predefined elements has a value corresponding to one of present or not present.
  - 6. The system of claim 5, wherein the cyber threat progression vectors for the first and second cyber threats comprise a different value in at least one of the plurality of pre-defined elements.
  - 7. The system of claim 1, wherein the first and second cyber threats are interdicted at the different steps based on a value of different predefined elements of the plurality of predefined elements corresponding to present.
  - 8. The system of claim 1, wherein at least one of the plurality of different cyber threats comprises a cyber attack.
  - 9. The system of claim 1, wherein at least one of the effected first electronic or procedural control or countermeasure and the effected second electronic or procedural control or countermeasure is implemented electronically using a computer system.
  - 10. The system of claim 1, wherein at least one of the effected first electronic or procedural control or countermeasure and the effected second electronic or procedural control or countermeasure is implemented manually using human actions.
  - 11. The system of claim 1, wherein the first electronic or procedural control or countermeasure and the second electronic or procedural control or countermeasure are different.

12. A method of mitigating cyber attack risk, comprising:
- receiving, by a computer system, and analyzing cyber threat intelligence;
  
  populating, in memory for each of a plurality of different cyber threats, a cyber threat progression vector comprising a plurality of predefined elements that each correspond to a step of a plurality of separate steps that are taken in carrying out a corresponding cyber threat of the plurality of different cyber threats;
  
  determining, based on the cyber threat progression vector for each of the plurality of different cyber threats, a plurality of electronic or procedural controls or countermeasures to mitigate cyber risks; and
  
  effecting at least a first electronic or procedural control or countermeasure of the determined plurality of electronic or procedural controls or countermeasures for a first cyber threat of the plurality of different cyber threats and at least a second electronic or procedural control or countermeasure of the determined plurality of electronic or procedural controls or countermeasures for a second cyber threat of the plurality of different cyber threats to interdict the first and second cyber threats at different steps corresponding to different predefined elements of the plurality of predefined elements on the cyber threat progression vectors for the first and second cyber threats.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein the cyber threat progression vector is populated based on a threat report.
  - 14. The method of claim 12, wherein the cyber threat progression vector is populated based on the analysis of the cyber threat intelligence.
  - 15. The method of claim 12, wherein each cyber threat progression vector for each of the plurality of different cyber threats has the same predefined elements.
  - 16. The method of claim 15, wherein the cyber threat progression vectors for the first and second cyber threats comprise a different value in at least one of the plurality of pre-defined elements.
  - 17. The method of claim 12, wherein the first and second cyber threats are interdicted at the different steps based on a value of different elements of the plurality of predefined elements.
  - 18. The method of claim 12, wherein at least one of the plurality of different cyber threats comprises a cyber attack.
  - 19. The method of claim 12, wherein at least one of the effected first electronic or procedural control or countermeasure and the effected second electronic or procedural control or countermeasure is implemented electronically using a computer system.
  - 20. The method of claim 12, wherein at least one of the effected first electronic or procedural control or countermeasure and the effected second electronic or procedural control or countermeasure is implemented manually using human actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
FireEye, Inc.
Inventors
Watters, John P., Doyle, Frederick, Peltokangas, Henry, Keane, Matthew
Primary Examiner(s)
Powers, William S

Application Number

US15/688,453
Publication Number

US 20180069891A1
Time in Patent Office

365 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

System and method of mitigating cyber attack risks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of mitigating cyber attack risks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links