Non-intrusive techniques for discovering and using organizational relationships

US 10,515,328 B2
Filed: 06/30/2016
Issued: 12/24/2019
Est. Priority Date: 02/17/2016
Status: Active Grant

First Claim

Patent Images

1. A method for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors determined to have a relationship with the first company through non-intrusive analysis of content on one or more vendor websites, the method comprising:

combining, by one or more processors, first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL in the set of candidate URLs, the first information corresponds to a website attributable to a first vendor and the second information corresponds to the first company, wherein the first vendor and the first company are different entities;

validating, by the one or more processors, at least one candidate URL of the set of candidate URLs, wherein the validating comprises;

determining, by the one or more processors, if the at least one candidate URL resolves to a website of the first vendor;

in response to determining that the at least one validated candidate URL resolves to a website of the first vendor;

determining, by the one or more processors, a cybersecurity posture for the first vendor; and

adjusting, by the one or more processors, a cybersecurity risk score of the first company based on the cybersecurity posture for the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and

providing, to a user, an interactive tool configured to generate a model that graphically depicts one or more companies of a plurality of companies identified based on the at least one validated candidate URL, wherein the plurality of companies includes the first company.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides techniques for calculating an entity'"'"'s cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B'"'"'s cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.

34 Citations

View as Search Results

29 Claims

1. A method for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors determined to have a relationship with the first company through non-intrusive analysis of content on one or more vendor websites, the method comprising:
- combining, by one or more processors, first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL in the set of candidate URLs, the first information corresponds to a website attributable to a first vendor and the second information corresponds to the first company, wherein the first vendor and the first company are different entities;
  
  validating, by the one or more processors, at least one candidate URL of the set of candidate URLs, wherein the validating comprises;
  
  determining, by the one or more processors, if the at least one candidate URL resolves to a website of the first vendor;
  
  in response to determining that the at least one validated candidate URL resolves to a website of the first vendor;
  
  determining, by the one or more processors, a cybersecurity posture for the first vendor; and
  
  adjusting, by the one or more processors, a cybersecurity risk score of the first company based on the cybersecurity posture for the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and
  
  providing, to a user, an interactive tool configured to generate a model that graphically depicts one or more companies of a plurality of companies identified based on the at least one validated candidate URL, wherein the plurality of companies includes the first company.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first information corresponds to a domain of the first vendor, wherein the second information corresponds to a subdomain that is associated with the first company and is within the domain of the first vendor, and wherein the combining comprises appending the first information corresponding to the domain of the first vendor to the second information corresponding to the subdomain that is associated with the first company to form a first candidate URL in which the second information is followed by the first information, and wherein the second information is separated from the first information by a period.
  - 3. The method of claim 1, wherein the first information corresponds to a domain of the first vendor, wherein the second information corresponds to a directory that is associated with the first company and is within the domain of the first vendor, and wherein the combining comprises appending the second information corresponding to the directory that is associated with the first company to the first information corresponding to the domain of the first vendor to form a first candidate URL in which the first information is followed by the second information, and wherein the second information is separated from the first information by a forward slash.
  - 4. The method of claim 1, wherein determining, by the one or more processors, whether the at least one candidate URL resolves to a website of the first vendor includes analysis of source code of the website, analysis of image content included of the website, analysis of text content of the website, traversal of one or more links of the website to identify additional content of the website that is to be analyzed, or a combination thereof, and wherein validation of the at least one candidate URL indicates the first company uses a service offered by the first vendor.
  - 5. The method of claim 1, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, the method further comprising:
    - identifying additional services used by the first company and that are offered by additional vendors that are different from the first vendor based on other information sources, wherein the other information sources include network footprints of one or more of the additional vendors, social network information, press release information for one or more of the additional vendors, or a combination thereof.
  - 6. The method of claim 1, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, the method further comprising:
    - determining a risk factor based on the use, by the first company, of the service offered by the first vendor, wherein the risk factor represents a risk that a breach of the first vendor'"'"'s cybersecurity will expose sensitive data of the first company; and
      
      determining a weighting factor associated with the risk factor, wherein the cybersecurity score of the first company is adjusted based, at least in part, on the risk factor and the weighting factor.
  - 7. The method of claim 6, wherein the method further comprises:
    - identifying one or more additional vendors that are different from the first vendor and that offer additional services that are used by the first company;
      
      determining cybersecurity postures for each of the one or more additional vendors; and
      
      adjusting the cybersecurity risk score of the first company based, at least in part, on the cybersecurity postures determined for each of the one or more additional vendors.
  - 8. The method of claim 7, wherein the method further comprises weighting the adjustments to the cybersecurity risk score of the first company based on the cybersecurity scores of each of the one or more additional vendors.
  - 9. The method of claim 7, wherein the method further comprises generating a graph that depicts relationships between the first company and the first vendor and between the first company and each of the one or more additional vendors, wherein a relationship between the first company and a particular vendor, as depicted by the graph, indicates that the first company uses a service of the particular vendor.
  - 10. The method of claim 1, wherein the method further comprises:
    - in response to the determination that the at least one candidate URL resolves to a website of the first vendor, generating, by the one or more processors, a plurality of additional candidate URLs, wherein each of the plurality of additional candidate URLs comprises the first information and different second information, and wherein the different second information for a particular one of the plurality of additional candidate URLs corresponds to a particular company of a plurality of additional companies that is different from the first company;
      
      validating, by the one or more processors, each of the plurality of additional candidate URLs to determine whether one or more candidate URLs of the plurality of additional candidate URLs resolves to additional websites of the first vendor; and
      
      in response to determining that at least one validated candidate URL of the plurality of additional candidate URLs resolves to a website of the first vendoradjusting, by the one or more processors, cybersecurity risk scores for each of one or more additional companies associated with validated candidate URLs of the plurality of additional candidate URLs based on the cybersecurity posture of the first vendor to produce an adjusted cybersecurity risk score for each of the one or more additional companies, wherein the adjusted cybersecurity risk score for each of the one or more additional companies accounts for potential exposure of sensitive data of each of the one or more additional companies through a breach of the first vendor'"'"'s cybersecurity.
  - 11. The method of claim 1, wherein the method further comprises:
    - in response to the determination that the at least one candidate URL resolves to a website of the first vendor, generating by the one or more processors, a plurality of additional candidate URLs, wherein each of the plurality of additional candidate URLs comprises different first information and the second information, and wherein, for each of the plurality of additional candidate URLs, the different first information corresponds to a vendor other than the first vendor;
      
      validating, by the one or more processors, each of the plurality of additional candidate URLs to determine whether one or more candidate URLs of the plurality of additional candidate URLs resolves to a website of a particular vendor other than the first vendor;
      
      in response to determining that at least one candidate URL of the plurality of additional candidate URLs resolves to a website of a particular vendor;
      
      determining, by the one or more processors, a cybersecurity posture for each particular vendor associated with one of the at least one validated candidate URLs of the plurality of additional candidate URLs; and
      
      adjusting, by the one or more processors, the cybersecurity risk score of the first company based, at least in part, on the cybersecurity posture for each particular vendor.

12. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors that have a relationship with the first company through non-intrusive analysis of content of one or more vendor websites containing information that relates to the first company, the operations comprising:
- combining first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL of the set of candidate URLs, the first information corresponds to a website attributable to the first vendor and the second information is associated with the first company, and wherein the first vendor and the first company are different entities;
  
  validating at least one candidate URL of the set of candidate URLs, wherein the validating comprises;
  
  determining if the at least one candidate URL resolves to a website of the first vendor;
  
  in response to a determination that the at least one validated candidate URL resolves to a website of the first vendor;
  
  determining a cybersecurity posture for the first vendor; and
  
  adjusting a cybersecurity risk score of the first company based, at least in part, on the cybersecurity posture of the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and
  
  providing, to a user, an interactive tool configured to generate a model that graphically depicts one or more companies of a plurality of companies identified based on the at least validated candidate URL, wherein the plurality of companies includes the first company and the one or more vendors includes the first vendor.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The non-transitory computer-readable storage medium of claim 12, wherein the first information corresponds to a domain of the first vendor, and wherein the second information corresponds to a subdomain that is associated with the first company and is within the domain of the first vendor, and wherein the combining comprises appending the first information corresponding to the domain of the first vendor to the second information corresponding to the subdomain that is associated with the first company to form a first candidate URL in which the second information is followed by the first information, and wherein the second information is separated from the first information by a period.
  - 14. The non-transitory computer-readable storage medium of claim 12, wherein the first information corresponds to a domain of the first vendor, and wherein the second information corresponds to a directory that is associated with the first company and is within the domain of the first vendor, and wherein the combining comprises appending the second information corresponding to the directory that is associated with the first company to the first information corresponding to the domain of the first vendor to form a first candidate URL in which the first information is followed by the second information, and wherein the second information is separated from the first information by a forward slash.
  - 15. The non-transitory computer-readable storage medium of claim 12, wherein determining whether the at least one candidate URL resolves to a website of the first vendor includes analysis of source code of the website, analysis of image content included of the website, analysis of text content of the website, traversal of one or more links of the website to identify additional content of the website that is to be analyzed, or a combination thereof.
  - 16. The non-transitory computer-readable storage medium of claim 12, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, and wherein the operations further comprise identifying additional services used by the first company and that are offered by additional vendors that are different from the first vendor based on other information sources, wherein the other information sources include network footprints of one or more of the additional vendors, social network information, press release information for one or more of the additional vendors, or a combination thereof.
  - 17. The non-transitory computer-readable storage medium of claim 12, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, and wherein the operations further comprise:
    - determining a risk factor based on the use, by the first company, of the service offered by the first vendor, wherein the risk factor represents a risk that a breach of the first vendor'"'"'s cybersecurity will expose sensitive data of the first company; and
      
      determining a weighting factor associated with the risk factor, wherein the cybersecurity score of the first company is adjusted based, at least in part, on the risk factor and the weighting factor.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, and wherein the operations further comprise:
    - identifying one or more additional vendors that are different that the first vendor and that offer additional services that are used by the first company;
      
      determining a cybersecurity risk score for each of the one or more additional vendors; and
      
      adjusting the cybersecurity risk score of the first company based, at least in part, on the cybersecurity risk scores for each of the one or more additional vendors.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the operations further comprise weighting the cybersecurity risk score of the first company based on the cybersecurity scores of each of the one or more additional vendors.
  - 20. The non-transitory computer-readable storage medium of claim 18, wherein the operations further comprise generating a graph that depicts relationships between the first company and the first vendor and between the first company and each of the one or more additional vendors, wherein a relationship between the first company and a particular vendor, as depicted by the graph, indicates that the first company uses a service of the particular vendor.
  - 21. The non-transitory computer-readable storage medium of claim 12, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, and wherein the operations further comprise:
    - periodically determining whether any changes have occurred with respect to one or more services used by the first company; and
      
      adjusting the cybersecurity risk score for the first company based on any changes that have occurred with respect to the one or more services used by the first company that are offered by one or more vendors.

22. A system for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors that have a relationship with the first company through non-intrusive analysis of content of one or more vendor websites containing information that relates to the first company, the system comprising:
- a memory; and
  
  one or more processors coupled to the memory, the one or more processors configured to;
  
  combine first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL of the set of candidate URLs, the first information corresponds to a website attributable to the first vendor and the second information is associated with the first company, and wherein the first vendor and the first company are different entities;
  
  validate at least one candidate URL of the set of candidate URLs based on whether the at least one candidate URL resolves to a website of the first vendor;
  
  in response to a determination that the at least one validated candidate URL resolves to a website of the first vendor;
  
  determine a cybersecurity posture for the first vendor; and
  
  adjust a cybersecurity risk score of the first company based, at least in part, on the cybersecurity posture of the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and
  
  provide, to a user, an interactive tool configured to generate a model that visually depicts one or more companies of a plurality of companies identified based on the at least one validated candidate URL, wherein the plurality of companies includes the first company and the one or more vendors includes the first vendor.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The system of claim 22, wherein the first information corresponds to a domain of the first vendor, and wherein the second information corresponds to a subdomain that is associated with the first company and is within the domain of the first vendor, and wherein the combining comprises appending the first information corresponding to the domain of the first vendor to the second information corresponding to the subdomain that is associated with the first company to form a first candidate URL in which the second information is followed by the first information, and wherein the second information is separated from the first information by a period.
  - 24. The system of claim 22, wherein the first information corresponds to a domain of the first vendor, and wherein the second information corresponds to a directory that is associated with the first company and is within the domain of the first vendor, and wherein the combining comprises appending the second information corresponding to the directory that is associated with the first company to the first information corresponding to the domain of the first vendor to form a first candidate URL in which the first information is followed by the second information, and wherein the second information is separated from the first information by a forward slash.
  - 25. The system of claim 22, wherein the one or more processors are configured to determine whether the at least one candidate URL resolves to a website of the first vendor based on analysis of source code of the website, analysis of image content included of the website, analysis of text content of the website, traversal of one or more links of the website to identify additional content of the website that is to be analyzed, or a combination thereof.
  - 26. The system of claim 22, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, and wherein the one or more processors are configured to identify additional relationships between the first company and additional vendors that are different from the first vendor based on other information sources, wherein the relationships indicate whether the first company uses services offered by the additional vendors, and wherein the other information sources include network footprints of one or more of the additional vendors, social network information, press release information for one or more of the additional vendors, or a combination thereof.
  - 27. The system of claim 22, wherein validation of a particular candidate URL of the set of candidate URLs indicates the first company uses a service offered by the first vendor, and wherein the one or more processors are configured to:
    - determine a risk factor based on the use, by the first company, of the service offered by the first vendor, wherein the risk factor represents a risk that a breach of the first vendor'"'"'s cybersecurity will expose sensitive data of the first company; and
      
      determine a weighting factor associated with the risk factor, wherein the cybersecurity score of the first company is adjusted based, at least in part, on the risk factor and the weighting factor.
  - 28. The system of claim 27, wherein the one or more processors are configured to:
    - identify one or more additional vendors that are different that the first vendor and that offer additional services that are used by the first company;
      
      determine a cybersecurity posture for each of the one or more additional vendors; and
      
      adjust the cybersecurity risk score of the first company based, at least in part, on the cybersecurity posture for each of the one or more additional vendors.
  - 29. The system of claim 28, wherein one or more processors are configured to weight the adjustment to the cybersecurity risk score of the first company based on the cybersecurity posture for each of the one or more additional vendors.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityScorecard, Inc.
Original Assignee
SecurityScorecard, Inc.
Inventors
Rasumov, Nikon
Primary Examiner(s)
Coupe, Anita
Assistant Examiner(s)
Prasad, Nancy

Application Number

US15/198,560
Publication Number

US 20170237764A1
Time in Patent Office

1,272 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

G06F 21/562   Static detection

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/1433   Vulnerability analysis

H04L 63/1483   service impersonation, e.g....

H04L 67/02   based on web technology, e....

Non-intrusive techniques for discovering and using organizational relationships

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Non-intrusive techniques for discovering and using organizational relationships

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links