Computer asset vulnerabilities
First Claim
1. A system comprising:
- a data processing apparatus; and
a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising;
identifying, using threat data that identifies vulnerabilities of computer-related assets, one or more first vulnerabilities of a first computer-related asset that is a) identified by an asset topology that i) identifies an entity'"'"'s computer-related assets including one or more first computer-related assets each of which is a potential entry point for an attack simulation and one or more second computer-related assets each of which is not a potential entry point for an attack simulation, and ii) how the computer-related assets are connected together and b) one of the first computer-related assets;
in response to identifying the one or more first vulnerabilities of the first computer-related asset, determining, using the one or more first vulnerabilities, that a first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies a threshold probability;
in response to determining that the first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies the threshold probability, determining, using the asset topology, a path from the first computer-related asset to a second computer-related asset that is one of the second computer-related assets identified by the asset topology;
in response to determining the path from the first computer-related asset to the second computer-related asset, determining, using the threat data, one or more second vulnerabilities of the second computer-related asset;
in response to determining the one or more second vulnerabilities of the second computer-related asset, determining, using the one or more second vulnerabilities of the second computer-related asset, a second probability that the second computer-related asset will be compromised by an adversary'"'"'s device;
in response to determining the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, determining, using the asset topology and the threat data, a change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; and
in response to determining the change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, implementing the change to the asset topology.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and determining a change to the asset topology to reduce the probability that the second computer-related asset will be compromised by an adversary.
67 Citations
33 Claims
-
1. A system comprising:
-
a data processing apparatus; and a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising; identifying, using threat data that identifies vulnerabilities of computer-related assets, one or more first vulnerabilities of a first computer-related asset that is a) identified by an asset topology that i) identifies an entity'"'"'s computer-related assets including one or more first computer-related assets each of which is a potential entry point for an attack simulation and one or more second computer-related assets each of which is not a potential entry point for an attack simulation, and ii) how the computer-related assets are connected together and b) one of the first computer-related assets; in response to identifying the one or more first vulnerabilities of the first computer-related asset, determining, using the one or more first vulnerabilities, that a first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies a threshold probability; in response to determining that the first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies the threshold probability, determining, using the asset topology, a path from the first computer-related asset to a second computer-related asset that is one of the second computer-related assets identified by the asset topology; in response to determining the path from the first computer-related asset to the second computer-related asset, determining, using the threat data, one or more second vulnerabilities of the second computer-related asset; in response to determining the one or more second vulnerabilities of the second computer-related asset, determining, using the one or more second vulnerabilities of the second computer-related asset, a second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; in response to determining the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, determining, using the asset topology and the threat data, a change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; and in response to determining the change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, implementing the change to the asset topology. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-implemented method comprising:
-
identifying, using threat data that identifies vulnerabilities of computer-related assets, one or more first vulnerabilities of a first computer-related asset that is a) identified by an asset topology that i) identifies an entity'"'"'s computer-related assets including one or more first computer-related assets each of which is a potential entry point for an attack simulation and one or more second computer-related assets each of which is not a potential entry point for an attack simulation, and ii) how the computer-related assets are connected together and b) one of the first computer-related assets; in response to identifying the one or more first vulnerabilities of the first computer-related asset, determining, using the one or more first vulnerabilities, that a first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies a threshold probability; in response to determining that the first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies the threshold probability, determining, using the asset topology, a path from the first computer-related asset to a second computer-related asset that is one of the second computer-related assets identified by the asset topology; in response to determining the path from the first computer-related asset to the second computer-related asset, determining, using the threat data, one or more second vulnerabilities of the second computer-related asset; in response to determining the one or more second vulnerabilities of the second computer-related asset, determining, using the one or more second vulnerabilities of the second computer-related asset, a second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; in response to determining the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, determining, using the asset topology and the threat data, a change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; and in response to determining the change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, implementing the change to the asset topology. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
23. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
-
identifying, using threat data that identifies vulnerabilities of computer-related assets, one or more first vulnerabilities of a first computer-related asset that is a) identified by an asset topology that i) identifies an entity'"'"'s computer-related assets including one or more first computer-related assets each of which is a potential entry point for an attack simulation and one or more second computer-related assets each of which is not a potential entry point for an attack simulation, and ii) how the computer-related assets are connected together and b) one of the first computer-related assets; in response to identifying the one or more first vulnerabilities of the first computer-related asset, determining, using the one or more first vulnerabilities, that a first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies a threshold probability; in response to determining that the first probability that the first computer-related asset will be compromised by an adversary'"'"'s device satisfies the threshold probability, determining, using the asset topology, a path from the first computer-related asset to a second computer-related asset that is one of the second computer-related assets identified by the asset topology; in response to determining the path from the first computer-related asset to the second computer-related asset, determining, using the threat data, one or more second vulnerabilities of the second computer-related asset; in response to determining the one or more second vulnerabilities of the second computer-related asset, determining, using the one or more second vulnerabilities of the second computer-related asset, a second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; in response to determining the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, determining, using the asset topology and the threat data, a change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device; and in response to determining the change to the asset topology to reduce the second probability that the second computer-related asset will be compromised by an adversary'"'"'s device, implementing the change to the asset topology.
-
Specification