Systems and methods for determining optimal remediation recommendations in penetration testing

US 10,637,883 B1
Filed: 12/16/2019
Issued: 04/28/2020
Est. Priority Date: 07/04/2019
Status: Active Grant

First Claim

Patent Images

1. A method for providing, by a penetration testing system, a recommendation for improving the security of a networked system against attackers, the method comprising:

a. carrying out one or more penetration tests of the networked system by the penetration testing system;

b. based on results of the one or more penetration tests of the networked system, determining multiple paths of attack available to the attackers, each path of attack of the determined multiple paths of attack being an ordered sequence of one or more attacker steps and one or more sub-goals;

c. assigning a calculated importance score to each of multiple sub-goals, wherein (i) each sub-goal of the multiple sub-goals is included in at least one of the determined multiple paths of attack, and (ii) for at least one given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based on a number of paths of attack of the determined multiple paths of attack which include the given sub-goal;

d. selecting one sub-goal included in at least one of the determined multiple paths of attack, the selecting of the one sub-goal being based on the importance score assigned to at least one of the multiple sub-goals; and

e. providing a recommendation to protect the selected one sub-goal, the providing of the recommendation comprising at least one operation selected from the group consisting of;

i. causing a display device to display information about the recommendation;

ii. recording the information about the recommendation in a file; and

iii. electronically transmitting the information about the recommendation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for providing a recommendation for improving the security of a networked system against attackers. The recommendation may include a recommendation of a single sub-goal to be protected to achieve optimal improvement in security, or of multiple such sub-goals. If the recommendation includes multiple sub-goals, the sub-goals may be ordered such that the first sub-goal is more important to protect, provides a greater benefit by being protected, or is more cost effective to protect than subsequent sub-goals in the ordered list of sub-goals.

128 Citations

20 Claims

1. A method for providing, by a penetration testing system, a recommendation for improving the security of a networked system against attackers, the method comprising:
- a. carrying out one or more penetration tests of the networked system by the penetration testing system;
  
  b. based on results of the one or more penetration tests of the networked system, determining multiple paths of attack available to the attackers, each path of attack of the determined multiple paths of attack being an ordered sequence of one or more attacker steps and one or more sub-goals;
  
  c. assigning a calculated importance score to each of multiple sub-goals, wherein (i) each sub-goal of the multiple sub-goals is included in at least one of the determined multiple paths of attack, and (ii) for at least one given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based on a number of paths of attack of the determined multiple paths of attack which include the given sub-goal;
  
  d. selecting one sub-goal included in at least one of the determined multiple paths of attack, the selecting of the one sub-goal being based on the importance score assigned to at least one of the multiple sub-goals; and
  
  e. providing a recommendation to protect the selected one sub-goal, the providing of the recommendation comprising at least one operation selected from the group consisting of;
  
  i. causing a display device to display information about the recommendation;
  
  ii. recording the information about the recommendation in a file; and
  
  iii. electronically transmitting the information about the recommendation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein, for each given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based on the number of paths of attack of the determined multiple paths of attack which include the given sub-goal.
  - 3. The method of claim 1, wherein, for at least one given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based only on the number of paths of attack of the determined multiple paths of attack which include the given sub-goal.
  - 4. The method of claim 1, wherein, for each given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based only on the number of paths of attack of the determined multiple paths of attack which include the given sub-goal.
  - 5. The method of claim 1, wherein, for at least one given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is equal to the number of paths of attack of the determined multiple paths of attack which include the given sub-goal.
  - 6. The method of claim 1, wherein the selecting of the one sub-goal included in at least one of the determined multiple paths of attack comprises selecting one sub-goal whose assigned importance score meets a predefined criterion.
  - 7. The method of claim 1, wherein, for at least one given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based on (i) the number of paths of attack of the determined multiple paths of attack which include the given sub-goal, and (ii) at least one member selected from the group consisting of:
    - a cost of remediation of the given sub-goal, a cost of exploitation of an attacker step leading to the given sub-goal, a cost of remediation of an attacker step leading to the given sub-goal, and a probability of success of an attacker step leading to the given sub-goal.

8. A method for providing, by a penetration testing system, a recommendation for improving the security of a networked system against attackers, the method comprising:
- a. initializing a list of sub-goals that should be protected to be an empty list;
  
  b. obtaining a halting condition, the halting condition including a Boolean condition applied to the list of sub-goals;
  
  c. carrying out one or more penetration tests of the networked system by the penetration testing system;
  
  d. based on results of the one or more penetration tests of the networked system, determining multiple paths of attack available to the attackers, each path of attack of the determined multiple paths of attack being an ordered sequence of one or more attacker steps and one or more sub-goals;
  
  e. initializing a group of relevant paths of attack to consist of the determined multiple paths of attack;
  
  f. assigning a calculated importance score to each of one or more sub-goals, wherein (i) each sub-goal of the one or more sub-goals is included in at least one path of attack included in the group of relevant paths of attack, and (ii) for at least one given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is based on a number of paths of attack in the group of relevant paths of attack which include the given sub-goal;
  
  g. selecting one sub-goal included in at least one member of the group of relevant paths of attack and adding the one sub-goal to the list of sub-goals, the selecting of the one sub-goal being based on the importance scores assigned to at least one of the one or more sub-goals;
  
  h. modifying the group of relevant paths of attack by removing from it every path of attack that includes the one sub-goal;
  
  i. evaluating the halting condition for the list of sub-goals;
  
  j. in response to determining that (i) the halting condition is not satisfied, and (ii) the group of relevant paths of attack is not empty, repeating steps f to j; and
  
  k. in response to determining that (i) the halting condition is satisfied, or (ii) the group of relevant paths of attack is empty, providing a recommendation to protect one or more sub-goals from the list of sub-goals, the providing of the recommendation comprising at least one operation selected from the group consisting of;
  
  i. causing a display device to display information about the recommendation;
  
  ii. recording the information about the recommendation in a file; and
  
  iii. electronically transmitting the information about the recommendation.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, wherein, for each given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is based on the number of paths of attack in the group of relevant paths of attack which include the given sub-goal.
  - 10. The method of claim 8, wherein, for at least one given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is based only on the number of paths of attack in the group of relevant paths of attack which include the given sub-goal.
  - 11. The method of claim 8, wherein, for each given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is based only on the number of paths of attack in the group of relevant paths of attack which include the given sub-goal.
  - 12. The method of claim 8, wherein, for at least one given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is equal to the number of paths of attack in the group of relevant paths of attack which include the given sub-goal.
  - 13. The method of claim 8, wherein the selecting of the one sub-goal included in at least one member of the group of relevant paths of attack comprises selecting one sub-goal whose assigned importance score meets a predefined criterion.
  - 14. The method of claim 8, wherein, for at least one given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is based on (i) the number of paths of attack in the group of relevant paths of attack which include the given sub-goal, and (ii) at least one member selected from the group consisting of:
    - a cost of remediation of the given sub-goal, a cost of exploitation of an attacker step leading to the given sub-goal, a cost of remediation of an attacker step leading to the given sub-goal, and a probability of success of an attacker step leading to the given sub-goal.
  - 15. The method of claim 8, wherein (i) the list of sub-goals is an ordered list of sub-goals, (ii) the adding of the one sub-goal to the list of sub-goals includes adding the one sub-goal at an end of the ordered list of sub-goals such that the one sub-goal becomes a last member of the ordered list of sub-goals, and (iii) the providing a recommendation to protect one or more sub-goals from the list of sub-goals includes providing a recommendation to protect the one or more sub-goals from the list of sub-goals according to an order of the one or more sub-goals in the ordered list of sub-goals.
  - 16. The method of claim 8, wherein the halting condition is true if and only if the list of sub-goals consists of one sub-goal.
  - 17. The method of claim 8, wherein the halting condition is true if and only if the list of sub-goals consists of a pre-determined number of sub-goals.
  - 18. The method of claim 8, wherein the halting condition is true if and only if a sum of remediation costs of all members of the list of sub-goals satisfies a second Boolean condition.

19. A system for providing a recommendation for improving the security of a networked system against attackers, the system comprising:
- a. a penetration-testing-campaign module including;
  
  i. one or more penetration-testing-campaign hardware processors; and
  
  ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign hardware processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to carry out one or more penetration tests of the networked system;
  
  b. a sub-goal-selection module including;
  
  i. one or more sub-goal-selection hardware processors; and
  
  ii. a sub-goal-selection non-transitory computer readable storage medium for instructions execution by the one or more sub-goal-selection hardware processors, the sub-goal-selection non-transitory computer readable storage medium having stored;
  
  1) instructions to receive, from the penetration-testing-campaign module, results of the one or more penetration tests of the networked system;
  
  2) instructions to determine, based on said received results, multiple paths of attack available to the attackers, each path of attack of the determined multiple paths of attack being an ordered sequence of one or more attacker steps and one or more sub-goals;
  
  3) instructions to assign a calculated importance score to each of multiple sub-goals, wherein (i) each sub-goal of the multiple sub-goals is included in at least one of the determined multiple paths of attack, and (ii) for at least one given sub-goal of the multiple sub-goals, the importance score assigned to the given sub-goal is based on a number of paths of attack of the determined multiple paths of attack which include the given sub-goal; and
  
  4) instructions to select one sub-goal included in at least one of the determined multiple paths of attack, the selecting of the one sub-goal being based on the importance score assigned to at least one of the multiple sub-goals; and
  
  c. a reporting module including;
  
  i. one or more reporting hardware processors; and
  
  ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting hardware processors, the reporting non-transitory computer readable storage medium having stored;
  
  1) instructions to receive, from the sub-goal-selection module, an identification of the selected one sub-goal; and
  
  2) instructions to provide a recommendation to protect the selected one sub-goal, the instructions to provide the recommendation including at least one member selected from the group consisting of;
  
  I. instructions to cause a display device to display information about the recommendation;
  
  II. instructions to record the information about the recommendation in a file; and
  
  III. instructions to electronically transmit the information about the recommendation.

20. A system for providing a recommendation for improving the security of a networked system against attackers, the system comprising:
- a. a penetration-testing-campaign module including;
  
  i. one or more penetration-testing-campaign hardware processors; and
  
  ii. a penetration-testing-campaign non-transitory computer readable storage medium for instructions execution by the one or more penetration-testing-campaign hardware processors, the penetration-testing-campaign non-transitory computer readable storage medium having stored instructions to carry out one or more penetration tests of the networked system;
  
  b. a sub-goals-selection module including;
  
  i. one or more sub-goals-selection hardware processors; and
  
  ii. a sub-goals-selection non-transitory computer readable storage medium for instructions execution by the one or more sub-goals-selection hardware processors, the sub-goals-selection non-transitory computer readable storage medium having stored;
  
  1) first instructions to initialize a list of sub-goals that should be protected to be an empty list;
  
  2) second instructions to obtain a halting condition, the halting condition including a Boolean condition applied to the list of sub-goals;
  
  3) third instructions to receive, from the penetration-testing-campaign module, results of the one or more penetration tests of the networked system;
  
  4) fourth instructions to determine, based on said received results of the one or more tests of the networked system, multiple paths of attack available to the attackers, each path of attack of the determined multiple paths of attack being an ordered sequence of one or more attacker steps and one or more sub-goals;
  
  5) fifth instructions to initialize a group of relevant paths of attack to consist of the determined multiple paths of attack;
  
  6) sixth instructions to assign a calculated importance score to each of one or more sub-goals, wherein (i) each sub-goal of the one or more sub-goals is included in at least one path of attack included in the group of relevant paths of attack, and (ii) for at least one given sub-goal of the one or more sub-goals, the importance score assigned to the given sub-goal is based on a number of paths of attack in the group of relevant paths of attack which include the given sub-goal;
  
  7) seventh instructions to select one sub-goal included in at least one member of the group of relevant paths of attack and to add the one sub-goal to the list of sub-goals, the selecting of the one sub-goal being based on the importance scores assigned to at least one of the one or more sub-goals;
  
  8) eighth instructions to modify the group of relevant paths of attack by removing from it every path of attack that includes the one sub-goal;
  
  9) ninth instructions to evaluate the halting condition for the list of sub-goals;
  
  10) tenth instructions, to be carried out in response to determining that (i) the halting condition is not satisfied, and (ii) the group of relevant paths of attack is not empty, to repeat the sixth instructions to the tenth instructions; and
  
  11) eleventh instructions, to be carried out in response to determining that (i) the halting condition is satisfied, or (ii) the group of relevant paths of attack is empty, to select one or more sub-goals from the list of sub-goals; and
  
  c. a reporting module including;
  
  i. one or more reporting hardware processors; and
  
  ii. a reporting non-transitory computer readable storage medium for instructions execution by the one or more reporting hardware processors, the reporting non-transitory computer readable storage medium having stored;
  
  1) instructions to receive, from the sub-goals-selection module, an identification of the one or more selected sub-goals; and
  
  2) instructions to provide a recommendation to protect the one or more selected sub-goals, the instructions to provide the recommendation including at least one member selected from the group consisting of;
  
  I. instructions to cause a display device to display information about the recommendation;
  
  II. instructions to record the information about the recommendation in a file; and
  
  III. instructions to electronically transmit the information about the recommendation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Original Assignee
XM Cyber Ltd. (Schwarz Unternehmenskommunikation GmbH & Co. KG)
Inventors
Segal, Ronen, Lasser, Menahem
Primary Examiner(s)
Holder, Bradley W

Application Number

US16/716,302
Time in Patent Office

134 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1433 Vulnerability analysis

Systems and methods for determining optimal remediation recommendations in penetration testing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

128 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for determining optimal remediation recommendations in penetration testing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

128 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links