Security risk response impact analysis

US 10,185,924 B1
Filed: 07/01/2014
Issued: 01/22/2019
Est. Priority Date: 07/01/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

accessing security data describing a security risk present in a software module that is executable on one or more host devices, the security risk including at least one of;

an unauthorized use of the software module;

ora vulnerability that enables the unauthorized use of the software module;

accessing deployment data indicating the one or more host devices to which the software module is deployed;

accessing value data describing revenue that is at least partly generated through execution of the software module on the one or more host devices;

accessing risk data describing a loss that is at least partly generated by a presence of the security risk in the software module deployed on the one or more host devices;

accessing rule data describing response profiles associated with the security risk, individual ones of the response profiles include multiple actions arranged into a tree structure with branching dependencies to respond to the security risk;

for the individual ones of the response profiles, determining a financial impact of performing the one or more actions, the financial impact including;

a change in the revenue due to performing the one or more actions included in the response profiles; and

a change in the loss due to performing the one or more actions included in the response profiles; and

causing, via a user interface, response recommendation information to be presented, wherein the response recommendation information describes, for the individual ones of the response profiles;

the one or more actions to respond to the security risk;

the change in the revenue due to performing the one or more actions; and

the change in the loss due to performing the one or more actions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for generating response recommendation information that describes one or more response profiles, each including one or more actions that may be performed to respond to a security risk present in a deployed software module. The response recommendation information may quantify, for each response profile, a cost and a benefit due to the performance of the action(s) included in the response profile. The cost may include lost revenues or other value lost due to the action(s). The benefit may include a mitigation of the security risk.

Citations

20 Claims

1. A computer-implemented method, comprising:
- accessing security data describing a security risk present in a software module that is executable on one or more host devices, the security risk including at least one of;
  
  an unauthorized use of the software module;
  
  ora vulnerability that enables the unauthorized use of the software module;
  
  accessing deployment data indicating the one or more host devices to which the software module is deployed;
  
  accessing value data describing revenue that is at least partly generated through execution of the software module on the one or more host devices;
  
  accessing risk data describing a loss that is at least partly generated by a presence of the security risk in the software module deployed on the one or more host devices;
  
  accessing rule data describing response profiles associated with the security risk, individual ones of the response profiles include multiple actions arranged into a tree structure with branching dependencies to respond to the security risk;
  
  for the individual ones of the response profiles, determining a financial impact of performing the one or more actions, the financial impact including;
  
  a change in the revenue due to performing the one or more actions included in the response profiles; and
  
  a change in the loss due to performing the one or more actions included in the response profiles; and
  
  causing, via a user interface, response recommendation information to be presented, wherein the response recommendation information describes, for the individual ones of the response profiles;
  
  the one or more actions to respond to the security risk;
  
  the change in the revenue due to performing the one or more actions; and
  
  the change in the loss due to performing the one or more actions.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the value data includes one or more of:
    - past revenue data describing past revenue generated through the execution of the software module during at least one past time period;
      
      orcurrent revenue data describing current revenue generated through the execution of the software module during a current time period that includes a current time.
  - 3. The method of claim 1, further comprising:
    - accessing a selection of a response profile, the selection of the response profile determined through the user interface; and
      
      performing, on the one or more host devices, the one or more actions included in the response profile.
  - 4. The method of claim 3, further comprising:
    - monitoring the one or more host devices to determine results of performing the one or more actions included in the response profile; and
      
      modifying the response recommendation information based on the results.

5. A system, comprising:
- at least one computing device configured to implement one or more services, wherein the one or more services are configured to;
  
  based on an indication of a security risk present in a software module, access deployment data indicating one or more host devices to which the software module is deployed;
  
  access value data describing a first monetary value that is at least partly generated through execution of the software module on the one or more host devices;
  
  access risk data describing a second monetary value that is at least partly generated by a presence of the security risk in the software module deployed on the one or more host devices;
  
  determine response profiles including a time order in which one or more actions to respond to the security risk are to be performed;
  
  for individual ones of the response profiles, determine;
  
  a change in the first monetary value due to performing the one or more actions included in the response profiles; and
  
  a change in the second monetary value due to performing the one or more actions included in the response profiles; and
  
  cause response recommendation information to be presented, wherein the response recommendation information describes, for the individual ones of the response profiles;
  
  the change in the first monetary value; and
  
  the change in the second monetary value.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The system of claim 5, wherein the security risk includes at least one of:
    - an unauthorized use of the software module;
      
      ora vulnerability that enables the unauthorized use of the software module.
  - 7. The system of claim 5, wherein the first monetary value includes one or more of:
    - a revenue that is at least partly generated through the execution of the software module on the one or more host devices;
      
      oran estimated future revenue from an estimated number of additional customers generated during the execution of the software module on the one or more host devices.
  - 8. The system of claim 5, wherein the second monetary value includes a loss due to one or more of:
    - an unauthorized access to sensitive data including one or more of user information, payment information, or confidential information associated with business operations;
      
      a fraudulent use of one or more user accounts;
      
      ora reputational cost to an organization that provides the software module.
  - 9. The system of claim 5, wherein:
    - the determining of the response profiles is based at least partly on rule data describing the response profiles associated with the security risk.
  - 10. The system of claim 5, wherein the one or more actions include one or more of:
    - terminating operations of at least one of the one or more host devices to which the software module is deployed;
      
      rebooting the at least one of the one or more host devices;
      
      disabling network communications of the at least one of the one or more host devices;
      
      modifying the network communications of the at least one of the one or more host devices;
      
      terminating the execution of the software module on the at least one of the one or more host devices;
      
      modifying data that is accessible by the software module;
      
      preventing access to the data by the software module;
      
      modifying at least a portion of the software module;
      
      ormonitoring the execution of the software module for a time period.
  - 11. The system of claim 5, wherein:
    - the one or more services are further configured to determine, for the individual ones of the response profiles, a difference between the change in the first monetary value and the change in the second monetary value; and
      
      the presenting of the response recommendation information includes presenting at least two of the response profiles in an order according to the difference between the change in the first monetary value and the change in the second monetary value.
  - 12. The system of claim 5, wherein the one or more services are further configured to:
    - identify at least one response profile included in the response profiles described in the response recommendation information; and
      
      performing on the one or more host devices, the one or more actions included in the at least one response profile.
  - 13. The system of claim 12, wherein the identified at least one response profile includes a response profile for which a difference between the change in the first monetary value and the change in the second monetary value is minimized among the response profiles.
  - 14. The system of claim 12, wherein:
    - the response recommendation information is presented through a user interface; and
      
      the identifying of the at least one response profile includes accessing a selection of the at least one response profile, the selection determined through the user interface.

15. One or more non-transitory computer-readable media storing instructions which, when executed by at least one processor, instruct the at least one processor to perform actions comprising:
- accessing deployment data indicating one or more host devices to which a software module is deployed, the software module including a security risk;
  
  accessing value data describing a first monetary value that is at least partly generated through execution of the software module on the one or more host devices;
  
  accessing risk data describing a second monetary value that is at least partly generated by a presence of the security risk in the software module deployed on the one or more host devices;
  
  determining response profiles including one or more actions in a time order to respond to the security risk;
  
  for individual ones of the response profiles, determining;
  
  a change in the first monetary value due to performing the one or more actions included in the response profiles; and
  
  a change in the second monetary value due to performing the one or more actions included in the response profiles; and
  
  causing response recommendation information to be presented, wherein the response recommendation information describes, for the individual ones of the response profiles;
  
  the change in the first monetary value; and
  
  the change in the second monetary value.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more non-transitory computer-readable media of claim 15, wherein the actions further comprise:
    - identifying at least one response profile included in the response profiles described in the response recommendation information; and
      
      performing, on the one or more host devices, the one or more actions included in the at least one response profile.
  - 17. The one or more non-transitory computer-readable media of claim 16, wherein the identified at least one response profile includes a response profile for which a difference between the change in the first monetary value and the change in the second monetary value is minimized among the response profiles.
  - 18. The one or more non-transitory computer-readable media of claim 16, wherein:
    - the response recommendation information is presented through a user interface; and
      
      the identifying of the at least one response profile includes accessing a selection of the at least one response profile, the selection determined through the user interface.
  - 19. The one or more non-transitory computer-readable media of claim 18, wherein:
    - the determining of the response profiles is based at least partly on rule data describing the response profiles associated with the security risk;
      
      the rule data further describes, for the individual ones of the response profiles, an order in which to perform the one or more actions to respond to the security risk; and
      
      the presenting of the response recommendation information through the user interface further comprises presenting, in the order, a description of the one or more actions associated with at least one of the response profiles.
  - 20. The one or more non-transitory computer-readable media of claim 15, wherein the security risk includes at least one of:
    - an unauthorized use of the software module;
      
      ora vulnerability that enables the unauthorized use of the software module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
McClintock, Jon Arron, Stathakopoulos, George Nikolaos
Primary Examiner(s)
Garcia Cervetti, David

Application Number

US14/321,163
Time in Patent Office

1,666 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/1433   Vulnerability analysis

Security risk response impact analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security risk response impact analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links