Assessing effectiveness of cybersecurity technologies
First Claim
1. A method for assessing effectiveness of one or more cybersecurity technologies in a computer network, the method comprising:
- generating two or more component stages of an attack model based on decomposing one or more attacks;
separately testing each of the two or more component stages at a first computer network element twice,wherein a first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element,wherein a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element, andwherein the two tests include generating results based on measuring a cost and a benefit associated with operating the first one of the cybersecurity technologies; and
characterizing the effectiveness of the first cybersecurity technology for each one of the twice-tested component stages, based on comparing results from the first test and the second test.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for assessing effectiveness of one or more cybersecurity technologies in a computer network includes testing each of two or more component stages of an attack model at a first computer network element twice. A first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element. For each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.
-
Citations
20 Claims
-
1. A method for assessing effectiveness of one or more cybersecurity technologies in a computer network, the method comprising:
-
generating two or more component stages of an attack model based on decomposing one or more attacks; separately testing each of the two or more component stages at a first computer network element twice, wherein a first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, wherein a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element, and wherein the two tests include generating results based on measuring a cost and a benefit associated with operating the first one of the cybersecurity technologies; and characterizing the effectiveness of the first cybersecurity technology for each one of the twice-tested component stages, based on comparing results from the first test and the second test. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
defining a set of attack, mission, and defense elements at a computer network element to test; posing one or more hypotheses regarding one or more of the defined attack, mission, and defense elements; generating two or more component stages of an attack model based on decomposing one or more attacks; executing testing of the one or more hypotheses, wherein executing the testing comprises; testing each of the two or more component stages a first computer network element twice, wherein a first one of the tests is conducted with a first one of the defensive cybersecurity technologies operable to protect the first computer network element, wherein a second one of the tests is conducted with the first defensive cybersecurity technology not operable to protect the first computer network element, and wherein the two tests include generating results based on measuring a cost and a benefit associated with operating the first one of the defensive cybersecurity technologies; and analyzing the first computer network element, wherein analyzing the first computer network element comprises characterizing an effectiveness of the first one of the defensive cybersecurity technologies for each one of the twice-tested component stages based on comparing the results from the first test and the second test; and identifying one or more missing or uncertain elements. - View Dependent Claims (18)
-
-
19. A system comprising:
-
a computer-based processor and a computer-based memory coupled to the computer-based processor and having stored thereon instructions executable by the computer-based processor to cause the computer-based processor to facilitate assessing effectiveness of one or more defensive cybersecurity technologies in a computer network, wherein assessing effectiveness comprises; generating two or more component stages of an attack model based on decomposing one or more attacks; testing each of the two or more component stages of an attack model at a first computer network element twice, wherein a first one of the tests is conducted with a first one of the defensive cybersecurity technologies operable to protect the first computer network element, wherein a second one of the tests is conducted with the first defensive cybersecurity technology not operable to protect the first computer network and wherein the two tests include generating results based on measuring a cost and a benefit associated with operating the first defensive cybersecurity technology; and for each one of the twice-tested component stages, characterizing with the computer-based processor, an effectiveness of the first one of the defensive cybersecurity technologies based on comparing the results from the first test and the second test. - View Dependent Claims (20)
-
Specification