COMPUTER SECURITY METHOD, SYSTEM AND MODEL

US 20120159624A1
Filed: 12/21/2010
Published: 06/21/2012
Est. Priority Date: 12/21/2010
Status: Abandoned Application

First Claim

Patent Images

1. A computer security method, comprising:

receiving a security alert associated with an electronic attack to at least one computer system of a data network;

identifying a first set of business services which may be affected by the electronic attack;

estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful;

identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack;

identifying a second set of business services which may be affected by the at least one counteraction;

estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed; and

comparing the first potential cost and the second potential cost.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer security method includes receiving a security alert associated with an electronic attack to at least one computer system of a data network, identifying a first set of business services which may be affected by the electronic attack, estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful, identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack, identifying a second set of business services which may be affected by the at least one counteraction, estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed, and comparing the first potential cost and the second potential cost.

37 Citations

View as Search Results

15 Claims

1. A computer security method, comprising:
- receiving a security alert associated with an electronic attack to at least one computer system of a data network;
  
  identifying a first set of business services which may be affected by the electronic attack;
  
  estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful;
  
  identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack;
  
  identifying a second set of business services which may be affected by the at least one counteraction;
  
  estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed; and
  
  comparing the first potential cost and the second potential cost.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, further comprising:
    - displaying a suggestion to an operator of the at least one computer system to employ the at least one counteraction if the first potential cost is higher than the second potential cost.
  - 3. The method according to claim 1, further comprising:
    - displaying a warning to an operator to the at least one computer system not to employ the at least one counteraction if the first potential cost is lower than the second potential cost.
  - 4. The method according to claim 1, further comprising:
    - employing the at least one counteraction with an automatic administration interface of the at least one computer system if the first potential cost is higher than the second potential cost.
  - 5. The method according to claim 1, whereinin the step of identifying the at least one counteraction, a plurality of possible counteractions is identified;
    - the steps of identifying the second set of business services and estimating the second potential cost are performed for each one of the identified possible counteraction; and
      
      based on the step of comparing, the possible counteraction having the least associated second cost is selected.
  - 6. The method according to claim 1, further comprising:
    - classifying the security alert according to a plurality of predefined threat types; and
      
      providing the at least one possible counteraction based on the classification of the security alert.
  - 7. The method according to claim 6, wherein the plurality of predefined threat types optionally comprises at least one of a virus attack, a denial of service attack, a back door attack, a database query attack, a service discovery attack, and a hacking attack.
  - 8. The method according to claim 1, wherein the first potential cost is estimated based on a likelihood of success of the electronic attack.
  - 9. The method according to claim 8, whereina plurality of security alerts associated with the electronic attack is received from a plurality of computer systems;
    - andthe likelihood of the success of the electronic attack is determined based the plurality of received security alerts.
  - 10. The method according to claim 1, wherein the first and second potential costs are estimated based on at least one of the type of the business services affected, a number of users affected and a time of day, week, or year.

11. A computer security system, comprising:
- a resource model that associates business services provided by at least one data network with resources of the at least one data network;
  
  a business impact model that provides estimates of monetary cost caused by disturbances of each one of the business services;
  
  a security alert module that maps a received security alert associated with an electronic attack to at least one resource of the at least one data network targeted by the electronic attack; and
  
  a defense system that provides possible counteractions to a received security alert, wherein the defense system selects at least one counteraction based on the estimated cost of employing the at least one counteraction provided by the business impact model.
- View Dependent Claims (12, 13)
- - 12. The system according to claim 11, wherein the defense system selectively deactivates resources and/or business services of the at least one data network to counteract the electronic attack and the business impact model estimates a cost of the counteraction based on estimated costs of disabling the business services dependent on the deactivated resources and/or business services, respectively.
  - 13. The system according to claim 11, wherein the security alert module comprises a knowledge database that associates a received security alert with resources of the at least one data network based on at least one of automated learning from, statistical analysis of, and heuristics based on previous electronic attacks.

14. A computer security model for use in a software product for assessing a business impact of an electronic attack, the model comprising:
- alerts associated with an electronic attack for assessing a received security alert;
  
  targets associated with resources of at least one data network for mapping a received security alert to at least one resource;
  
  counteractions associated with at least one of an alert and a target for preventing or mitigating the electronic attack; and
  
  business impacts associated with at least one of a target and a counteraction for providing an estimated cost on a business service of a successful attack or employed counteraction, respectively.
- View Dependent Claims (15)
- - 15. The model according to claim 14, wherein the estimated cost provided by a business impact depends at least on one of a duration of a disturbance to the business service, a time of a disturbance of the business service, a cost of repair of the business service, and a degree of disturbance of the business service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Technology Solutions Intellectual Property GmbH (Allgeier SE)
Original Assignee
Fujitsu Technology Solutions Intellectual Property GmbH (Allgeier SE)
Inventors
Knig, Christoph

Application Number

US12/974,328
Publication Number

US 20120159624A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

COMPUTER SECURITY METHOD, SYSTEM AND MODEL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTER SECURITY METHOD, SYSTEM AND MODEL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links