Non-intrusive techniques for discovering and using organizational relationships
First Claim
1. A method for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors determined to have a relationship with the first company through non-intrusive analysis of content on one or more vendor websites, the method comprising:
- combining, by one or more processors, first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL in the set of candidate URLs, the first information corresponds to a website attributable to a first vendor and the second information corresponds to the first company, wherein the first vendor and the first company are different entities;
validating, by the one or more processors, at least one candidate URL of the set of candidate URLs, wherein the validating comprises;
determining, by the one or more processors, if the at least one candidate URL resolves to a website of the first vendor;
in response to determining that the at least one validated candidate URL resolves to a website of the first vendor;
determining, by the one or more processors, a cybersecurity posture for the first vendor; and
adjusting, by the one or more processors, a cybersecurity risk score of the first company based on the cybersecurity posture for the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and
providing, to a user, an interactive tool configured to generate a model that graphically depicts one or more companies of a plurality of companies identified based on the at least one validated candidate URL, wherein the plurality of companies includes the first company.
3 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides techniques for calculating an entity'"'"'s cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B'"'"'s cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.
34 Citations
29 Claims
-
1. A method for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors determined to have a relationship with the first company through non-intrusive analysis of content on one or more vendor websites, the method comprising:
-
combining, by one or more processors, first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL in the set of candidate URLs, the first information corresponds to a website attributable to a first vendor and the second information corresponds to the first company, wherein the first vendor and the first company are different entities; validating, by the one or more processors, at least one candidate URL of the set of candidate URLs, wherein the validating comprises; determining, by the one or more processors, if the at least one candidate URL resolves to a website of the first vendor; in response to determining that the at least one validated candidate URL resolves to a website of the first vendor; determining, by the one or more processors, a cybersecurity posture for the first vendor; and adjusting, by the one or more processors, a cybersecurity risk score of the first company based on the cybersecurity posture for the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and providing, to a user, an interactive tool configured to generate a model that graphically depicts one or more companies of a plurality of companies identified based on the at least one validated candidate URL, wherein the plurality of companies includes the first company. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform operations for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors that have a relationship with the first company through non-intrusive analysis of content of one or more vendor websites containing information that relates to the first company, the operations comprising:
-
combining first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL of the set of candidate URLs, the first information corresponds to a website attributable to the first vendor and the second information is associated with the first company, and wherein the first vendor and the first company are different entities; validating at least one candidate URL of the set of candidate URLs, wherein the validating comprises; determining if the at least one candidate URL resolves to a website of the first vendor; in response to a determination that the at least one validated candidate URL resolves to a website of the first vendor; determining a cybersecurity posture for the first vendor; and adjusting a cybersecurity risk score of the first company based, at least in part, on the cybersecurity posture of the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and providing, to a user, an interactive tool configured to generate a model that graphically depicts one or more companies of a plurality of companies identified based on the at least validated candidate URL, wherein the plurality of companies includes the first company and the one or more vendors includes the first vendor. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for adjusting a cybersecurity score of a first company based on a cybersecurity posture of one or more vendors that have a relationship with the first company through non-intrusive analysis of content of one or more vendor websites containing information that relates to the first company, the system comprising:
-
a memory; and one or more processors coupled to the memory, the one or more processors configured to; combine first information and second information to generate a set of candidate universal resource locators (URLs) associated with a first vendor, wherein, for each candidate URL of the set of candidate URLs, the first information corresponds to a website attributable to the first vendor and the second information is associated with the first company, and wherein the first vendor and the first company are different entities; validate at least one candidate URL of the set of candidate URLs based on whether the at least one candidate URL resolves to a website of the first vendor; in response to a determination that the at least one validated candidate URL resolves to a website of the first vendor; determine a cybersecurity posture for the first vendor; and adjust a cybersecurity risk score of the first company based, at least in part, on the cybersecurity posture of the first vendor to produce an adjusted cybersecurity risk score for the first company, wherein the adjusted cybersecurity risk score for the first company accounts for a risk of breach of the first company through a risk of breach of the first vendor; and provide, to a user, an interactive tool configured to generate a model that visually depicts one or more companies of a plurality of companies identified based on the at least one validated candidate URL, wherein the plurality of companies includes the first company and the one or more vendors includes the first vendor. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification