Correlated risk in cybersecurity

US 10,594,723 B2
Filed: 03/05/2019
Issued: 03/17/2020
Est. Priority Date: 03/12/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the method comprising:

generating a dependency graph based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein;

each of the plurality of assets is selected from the group consisting of;

Internet Protocol (IP) address, domain name, and server system;

each of the at least one entity is selected from the group consisting of;

a company and an organization; and

each of the at least one dependency is selected from the group consisting of;

hosting provider and software version;

executing a plurality of Monte Carlo simulations over the dependency graph by;

generating a seed event in the dependency graph, the seed event having a probability distribution; and

propagating disruption through the dependency graph based on the seed event;

assessing loss for each asset of the plurality of assets; and

aggregating losses in a nonlinear sum for two or more assets of the plurality of assets to determine correlated risk in the network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented methods are provided herein for quantifying correlated risk in a network of a plurality of assets having at least one dependency, where each asset belongs to at least one entity. The method includes generating a dependency graph based on relationships between the assets, at least one dependency, and at least one entity, and executing a plurality of Monte Carlo simulations over the dependency graph. Executing a plurality of Monte Carlo simulations includes generating a seed event in the dependency graph, where the seed event has a probability distribution, and propagating disruption through the dependency graph based on the seed event. The method further includes assessing loss for each of the assets, and aggregating losses for two or more assets to determine correlated risk in the network.

Citations

21 Claims

1. A computer-implemented method for quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the method comprising:
- generating a dependency graph based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein;
  
  each of the plurality of assets is selected from the group consisting of;
  
  Internet Protocol (IP) address, domain name, and server system;
  
  each of the at least one entity is selected from the group consisting of;
  
  a company and an organization; and
  
  each of the at least one dependency is selected from the group consisting of;
  
  hosting provider and software version;
  
  executing a plurality of Monte Carlo simulations over the dependency graph by;
  
  generating a seed event in the dependency graph, the seed event having a probability distribution; and
  
  propagating disruption through the dependency graph based on the seed event;
  
  assessing loss for each asset of the plurality of assets; and
  
  aggregating losses in a nonlinear sum for two or more assets of the plurality of assets to determine correlated risk in the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein each of the plurality of assets is weighted according to its importance to the at least one entity having the asset.
  - 3. The method of claim 1, wherein the seed event is a breach or failure of the at least one dependency.
  - 4. The method of claim 1, wherein the probability distribution is a probability that the asset will become unavailable if the at least one dependency fails.
  - 5. The method of claim 1, further comprising:
    - storing information related to the aggregated losses for the two or more assets of the plurality of assets in a database.
  - 6. The method of claim 1, wherein the at least one entity comprises at least two entities, and wherein a first asset of the two or more assets belongs to a first entity of the at least two entities and a second asset of the two or more assets belongs to a second entity of the at least two entities.
  - 7. The method of claim 6, wherein at least one of the first and second assets belongs to another entity of the at least two entities.
  - 8. The method of claim 6, further comprising:
    - aggregating losses for two or more entities of the at least two entities to determine correlated risk in the network.
  - 9. The method of claim 8, further comprising:
    - storing information related to the aggregated losses for the two or more entities of the at least two entities in a database.
  - 10. The method of claim 6, wherein each of the at least two entities is assigned to at least one portfolio, and wherein the method further comprises:
    - aggregating losses for two or more portfolios of the at least one portfolio to determine correlated risk in the network.
  - 11. The method of claim 10, further comprising:
    - storing information related to the aggregated losses for the two or more entities of the at least two entities in a database.
  - 12. The method of claim 1, wherein a number of the plurality of Monte Carlo simulations is selected to reduce a statistical variance of the plurality of Monte Carlo simulations.
  - 13. The method of claim 1, wherein the executing a plurality of Monte Carlo simulations over the dependency graph further comprises:
    - determining if a statistical variance is equal to or less than a threshold; and
      
      terminating the plurality of Monte Carlo simulations if the statistical variance is equal to or less than the threshold.

14. A computer-implemented method for quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the method comprising:
- receiving information indicative of the relationships between the plurality of assets, the at least one dependency, and the at least one entity;
  
  storing information indicative of the relationships between the plurality of assets, the at least one dependency, and the at least one entity in a database, wherein the information is at least one of the group consisting of;
  
  domain name system (DNS) record, server banner, traffic data, malware infection, and software version;
  
  generating a dependency graph based on relationships between the plurality of assets, the at least one dependency, and the at least one entity;
  
  executing a plurality of Monte Carlo simulations over the dependency graph by;
  
  generating a seed event in the dependency graph, the seed event having a probability distribution; and
  
  propagating disruption through the dependency graph based on the seed eventassessing loss for each asset of the plurality of assets; and
  
  aggregating losses in a nonlinear sum for two or more assets of the plurality of assets to determine correlated risk in the network.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - observing traffic to and from a particular one of the plurality of assets in the network to identify at least one of (i) an entity and (ii) a dependency related to the particular asset.
  - 16. The method of claim 14, wherein the information indicative of the relationships includes inter-business payment data.
  - 17. The method of claim 14, wherein the seed event is a breach or failure of the at least one dependency.
  - 18. The method of claim 14, wherein the probability distribution is a probability that the asset will become unavailable if the at least one dependency fails.

19. A computer-implemented method for quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the method comprising:
- generating a dependency graph based on relationships between the plurality of assets, the at least one dependency, and the at least one entity;
  
  executing a plurality of Monte Carlo simulations over the dependency graph by;
  
  generating a seed event in the dependency graph, the seed event having a probability distribution; and
  
  propagating disruption through the dependency graph based on the seed event until a threshold amount of loss is aggregated among the two or more assets;
  
  assessing loss for each asset of the plurality of assets; and
  
  aggregating losses in a nonlinear sum for two or more assets of the plurality of assets to determine correlated risk in the network;
  
  wherein the dependency graph comprises (i) a plurality of edges representing relationships between the plurality of assets, the at least one dependency, and the at least one entity and (ii) a plurality of nodes representing the plurality of assets, the at least one dependency, and the at least one entity, andwherein each edge has a conditional probability that the asset on a receiving node of a particular edge, of the plurality of edges, is compromised given that the providing node, of the plurality of nodes, is compromised.
- View Dependent Claims (20, 21)
- - 20. The method of claim 19, wherein the propagating disruption through the dependency graph based on the seed event further comprises:
    - propagating disruption through the dependency graph until a threshold number of nodes is affected.
  - 21. The method of claim 19, wherein the seed event is a breach or failure of the at least one dependency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BitSight Technologies, Inc.
Original Assignee
BitSight Technologies, Inc.
Inventors
Geil, Ethan, Light, Marc
Primary Examiner(s)
Pearson, David J

Application Number

US16/292,956
Publication Number

US 20190297106A1
Time in Patent Office

378 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

G06F 16/288   Entity relationship models

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 17/18   for evaluating statistical ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Correlated risk in cybersecurity

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Correlated risk in cybersecurity

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links