System and method for risk detection and analysis in a computer network
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.
-
Citations
51 Claims
-
1-28. -28. (canceled)
-
29. A method for performing risk assessment in a computer network, the method comprising:
-
generating a network topology model for the computer network that includes a set of network nodes, a set of services associated with the set of network nodes, and a set of actual vulnerabilities associated with the set of network nodes;
using the network topology model to generate an attack graph comprising one or more graph nodes wherein each graph node represents a state of a single service in the computer network; and
determining one or more potential attacks from one or more start points to one or more end points in the network topology model based on the attack graph. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A method of determining start points for performing risk assessment in a computer network, the method comprising:
-
collecting a set of access control lists and filtering rules from one or more network devices in the computer network; and
analyzing the set of access control lists and filtering rules to determine potential inbound traffic that represents possible start points for potential attacks on the network.
-
-
49. A method for generating an attack graph, the method comprising:
-
determining one or more services in a computer network; and
generating an attack graph through the use of a network topology model, the attack graph comprising one or more graph nodes wherein each graph node represents a state of a single service in the computer network. - View Dependent Claims (50, 51)
-
Specification