Relationships among technology assets and services and the entities responsible for them

US 10,176,445 B2
Filed: 04/01/2016
Issued: 01/08/2019
Est. Priority Date: 02/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

displaying, through an interactive graphical user interface, information from a node-edge graph database, wherein nodes and edges from the graph database represent, respectively, assets of a portfolio of entities and relationships among the assets,identifying service relationships in which a common supplier is used by a plurality of entities within the portfolio of entities, based on, at least in part, transactions on the Internet between the common supplier and one or more entities of the plurality of entities,providing information indicative of a cyber-security risk to a principal entity associated with the plurality of entities based on the identified service relationships, wherein the cyber-security risk comprises an aggregated risk based at least in part on the common supplier used by the plurality of entities,displaying controls enabling a user to apply a database query corresponding to the identified service relationships to the graph database without the user formulating the database query, andgraphically displaying nodes and edges that result from applying the query to the graph database.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Among other things, information is obtained by computer about Internet-related assets of organizations. The information is used to identify relationships between the organizations with respect to the assets. The information about the identified relationships is made available for display or analysis or both.

Citations

21 Claims

1. A computer-implemented method comprising:
- displaying, through an interactive graphical user interface, information from a node-edge graph database, wherein nodes and edges from the graph database represent, respectively, assets of a portfolio of entities and relationships among the assets,identifying service relationships in which a common supplier is used by a plurality of entities within the portfolio of entities, based on, at least in part, transactions on the Internet between the common supplier and one or more entities of the plurality of entities,providing information indicative of a cyber-security risk to a principal entity associated with the plurality of entities based on the identified service relationships, wherein the cyber-security risk comprises an aggregated risk based at least in part on the common supplier used by the plurality of entities,displaying controls enabling a user to apply a database query corresponding to the identified service relationships to the graph database without the user formulating the database query, andgraphically displaying nodes and edges that result from applying the query to the graph database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 19, 20)
- - 2. The method of claim 1 in which the provided information includes information automatically derived from sources external to the entities.
  - 3. The method of claim 1 in which the provided information includes information derived from two or more sources.
  - 4. The method of claim 1 in which the provided information includes information derived from publicly available documents.
  - 5. The method of claim 4 in which the publicly available documents comprise public filings, disclosures, or resumes.
  - 6. The method of claim 1 in which the cyber-security risk comprises a service outage caused by the common supplier.
  - 7. The method of claim 1 in which the cyber-security risk comprises a technology breach caused by the common supplier.
  - 8. The method of claim 1 in which the displayed information is indicative of an extent of the cyber-security risk.
  - 9. The method of claim 1 in which the displayed information comprises information organized based on a type of one or more of the service relationships.
  - 10. The method of claim 1 in which the displayed information comprises information indicative of a business risk for each entity of the portfolio of entities with respect to one or more of the service relationships with the common supplier.
  - 11. The method of claim 1 in which the displayed information comprises information from which the principal entity can balance its cyber-security risk across the plurality of entities.
  - 12. The method of claim 1 in which the principal entity comprises an insurer.
  - 13. The method of claim 1 in which the service relationships comprise at least one of website hosting, email management, SSL certificate authorities, payment providers, DNS providers, analytics providers, or content delivery network providers.
  - 14. The method of claim 1 in which the entities that belong to the portfolio of entities are identified by a user.
  - 19. The method of claim 1 further comprising providing a dollar value loss associated with the common supplier.
  - 20. The method of claim 1 in which the transactions on the Internet is between a server or client of the common supplier and a server or client of the one or more plurality of entities,wherein the client performs at least one of the group consisting of:
    - initiating a session, requesting a resource, and submitting data; and
      
      wherein the server performs at least one of the group consisting of;
      
      responding to a request by the client to initiate a session;
      
      responding to the request for a resource by the client; and
      
      storing data sent by the client.

15. A computer implemented method comprising:
- receiving, through a communication network, information identifying a portfolio of business entities with which a principal entity has a business relationship,displaying, through an interactive graphical user interface, information from a node-edge graph database, wherein nodes and edges within the graph database represent, respectively, assets of the portfolio of entities and relationships among the assets,identifying service relationships in which a common supplier is used by a plurality of entities within the portfolio of entities, based on, at least in part, transactions on the Internet between the common supplier and one or more entities of the plurality of entities,based on the information identifying the portfolio of business entities and the identified service relationships, querying the graph database to identify (i) the common supplier that provides technology services to the plurality of entities and (ii) a category of technology services to which the common supplier belongs,graphically displaying nodes and edges that result from querying the graph database, andbased on the results of the query, determining risks to the principal entity associated with the provision of the technology services by the common supplier to the plurality of entities wherein the determined risks comprise an aggregated risk based at least in part on the common supplier used by the plurality of entities.
- View Dependent Claims (16, 17, 18, 21)
- - 16. The method of claim 15 further comprising reporting the determined risks through the communication network for use in displaying the potential determined risks to a user.
  - 17. The method of claim 15 further comprising displaying actions to balance the risks across the portfolio of entities and reduce risk to the principal entity.
  - 18. The method of claim 17 in which the principal entity comprises a carrier of insurance risk.
  - 21. The method of claim 15 in which the transactions on the Internet is between a server or client of the common supplier and a server or client of the one or more plurality of entities,wherein the client performs at least one of the group consisting of:
    - initiating a session, requesting a resource, and submitting data; and
      
      wherein the server performs at least one of the group consisting of;
      
      responding to a request by the client to initiate a session;
      
      responding to the request for a resource by the client; and
      
      storing data sent by the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BitSight Technologies, Inc.
Original Assignee
BitSight Technologies, Inc.
Inventors
Venna, Nagarjuna, Feinzeig, David, Eastment, Amy, Dahlberg, Daniel, Boyer, Stephen, Gladstone, Philip John Steuart, Cherian, Mathew
Primary Examiner(s)
Kanaan, Simon P

Application Number

US15/089,375
Publication Number

US 20170236079A1
Time in Patent Office

1,012 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2428   Query predicate definition ...

G06F 16/33   Querying

G06F 16/338   Presentation of query results

G06F 16/9535   Search customisation based ...

G06F 3/0481   based on specific propertie...

G06F 3/0484   for the control of specific...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 40/08   Insurance

H04L 2101/668   Internet protocol [IP] addr...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

Relationships among technology assets and services and the entities responsible for them

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Relationships among technology assets and services and the entities responsible for them

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links