MANAGEMENT OF INFORMATION TECHNOLOGY RISK USING VIRTUAL INFRASTRUCTURES
First Claim
1. A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts, each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method, the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator, the method comprising:
- receiving at the risk orchestrator a threat indication message from the threat indicator, the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable;
calculating a downtime probability resulting from the threat;
calculating a host downtime probability for each host, the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable;
for each risk-managed VM, calculating a risk value associated with the VM, the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM, the impact value being a value reflecting a relative importance of the VM to the organization;
identifying each risk-managed VM requiring risk mitigation, the identifying being in accordance with a policy, prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk;
performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation, in the order of the prioritization.
2 Assignments
0 Petitions
Accused Products
Abstract
Information Technology Risk to an organization is associated with a plurality of virtual machines (VMs) each running on a plurality of hosts, each host being a computer system connected to a network and in communication with a risk orchestrator, which receives threat indication messages (TIMs) from threat indicators. Each TIM indicates a status of a threat to which a hosts is vulnerable. Downtime probability (DTP) resulting from the threat and an overall host DTP for each host are calculated. For each VM, a risk value associated with the VM is calculated as a function of the host DTP for and an impact for the VM, the impact being a value reflecting a relative importance of the VM to the organization. Each VM requiring risk mitigation is identified and prioritized in accordance with a policy, and a configured mitigation control action may be carried out for each VM requiring risk mitigation.
-
Citations
21 Claims
-
1. A method for managing risk to an organization associated with each of a plurality of virtual machines (VMs) each running on one of a plurality of hosts, each host being a physical computer system connected to one or more networks and in communication with a risk orchestrator for carrying out the method, the risk orchestrator being an application in communication with the plurality of hosts and a threat indicator, the method comprising:
-
receiving at the risk orchestrator a threat indication message from the threat indicator, the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable; calculating a downtime probability resulting from the threat; calculating a host downtime probability for each host, the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable; for each risk-managed VM, calculating a risk value associated with the VM, the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM, the impact value being a value reflecting a relative importance of the VM to the organization; identifying each risk-managed VM requiring risk mitigation, the identifying being in accordance with a policy, prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation, in the order of the prioritization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A machine readable storage medium embodying computer code for a risk orchestrator, the risk orchestrator managing risk to an organization associated with each of a plurality of virtual machines (VMs), each VM running on one of a plurality of hosts, each host being a physical computer system connected to one or more networks and in communication with the risk orchestrator, the risk orchestrator being an application in communication with the plurality of hosts and at least one threat indicator, risk orchestrator causing a computer system to carry out a method, the method comprising:
-
receiving at the risk orchestrator a threat indication message from one of the threat indicators, the threat indication message indicating a status of a threat to which a plurality of hosts in a threat group are vulnerable; calculating a downtime probability resulting from the threat; calculating a host downtime probability for each host, the host downtime probability being a function of all the downtime probabilities from all threats for which the host is vulnerable; for each risk-managed VM, calculating a risk value associated with the VM, the risk value being a function of the host downtime probability for the host on which the VM is running and an impact value for the VM, the impact value being a value reflecting a relative importance of the VM to the organization; identifying each risk-managed VM requiring risk mitigation, the identifying being in accordance with a policy, prioritizing the risk-managed VMs requiring risk mitigation in an order starting with one of the risk-managed VMs having a highest associated risk; performing a configured mitigation control action on each of the risk-managed VMs requiring risk mitigation, in the order of the prioritization. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification