METHODS AND SYSTEMS FOR INTEGRATING RECONNAISSANCE WITH SECURITY ASSESSMENTS FOR COMPUTING NETWORKS

US 20120174228A1
Filed: 12/29/2010
Published: 07/05/2012
Est. Priority Date: 12/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method for security in a network environment, comprising:

performing a security reconnaissance process on a network to be assessed for security threats utilizing information associated with the network;

identifying, based on the security reconnaissance process, an attack surface of the network to be assessed for the security threats; and

automatically determining an appropriate security assessment to be performed on the attack surface of the network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reconnaissance and assessment (RA) tool can receive base information about the network, such as basic network information and details about an entity and personnel associated with network. The RA tool can utilize the base information to perform reconnaissance procedures on the network to identify the attack surface of the network. The RA tool can perform reconnaissance on the network, itself, and on other external sources, such as third party databases, search engines, and partner networks. Once the attack surface is identified, the RA tool can automatically perform appropriate security assessments on the attack surface. Additionally, if additional information is determined about the network during the security assessments, the RA tool can perform additional reconnaissance and security assessments based on the additional information.

Citations

36 Claims

1. A method for security in a network environment, comprising:
- performing a security reconnaissance process on a network to be assessed for security threats utilizing information associated with the network;
  
  identifying, based on the security reconnaissance process, an attack surface of the network to be assessed for the security threats; and
  
  automatically determining an appropriate security assessment to be performed on the attack surface of the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the information comprises an identity of an entity associated with the network and wherein the security reconnaissance process comprises:
    - searching an external source based on the identity of the entity, to identify the attack surface of the network.
  - 3. The method of claim 2, wherein the entity comprises at least one of an organization associated with the network and a person associated with the network.
  - 4. The method of claim 1, wherein the information comprises an identity of an entity associated with the network and wherein the security reconnaissance process comprises:
    - searching for a network access point based on the identity of the entity.
  - 5. The method of claim 4, wherein the network access point comprises at least one of an email address associated with the network and a website associated with the network.
  - 6. The method of claim 1, wherein the information comprises network addresses associated with the network and wherein the security reconnaissance process comprises:
    - scanning the network addresses to identify the attack surface of the network.
  - 7. The method of claim 1, wherein the security reconnaissance process comprises:
    - scanning for wireless access points associated with the network.
  - 8. The method of claim 1, and wherein the security reconnaissance process comprises:
    - installing an agent on the network to identify the attack surface of the network.
  - 9. The method of claim 1, the method further comprising:
    - performing the appropriate security assessment on the network;
      
      identifying, from the appropriate security assessment, additional information about the network; and
      
      performing an additional security reconnaissance process on the network utilizing the additional information.
  - 10. The method of claim 1, wherein automatically determining the appropriate security assessment comprises:
    - determining a type of a part of the attack surface; and
      
      selecting at least one security assessment procedure that matches the type of the part of the attack surface of the network.
  - 11. The method of claim 10, wherein selecting the at least one security assessment procedure, comprises:
    - searching a database of security assessment procedures to identify the at least one security assessment procedure that matches the type of the part of the attack surface.
  - 12. The method of claim 10, wherein selecting the at least one security assessment procedure, comprises:
    - utilizing expert systems or heuristics to select the at least one security assessment procedure that matches the type of the part of the attack surface.

13. A computer readable storage medium embodying instruction for causing a processor to perform the method comprising:
- performing a security reconnaissance process on a network to be assessed for security threats utilizing information associated with the network;
  
  identifying, based on the security reconnaissance process, an attack surface of the network to be assessed for the security threats; and
  
  automatically determining an appropriate security assessment to be performed on the attack surface of the network.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The computer readable storage medium of claim 13, wherein the information comprises an identity of an entity associated with the network and wherein the security reconnaissance process comprises:
    - searching an external source based on the identity of the entity, to identify the attack surface of the network.
  - 15. The computer readable storage medium of claim 14, wherein the entity comprises at least one of an organization associated with the network and a person associated with the network.
  - 16. The computer readable storage medium of claim 13, wherein the information comprises an identity of an entity associated with the network and wherein the security reconnaissance process comprises:
    - searching for a network access point based on the identity of the entity.
  - 17. The computer readable storage medium of claim 16, wherein the network access point comprises at least one of an email address associated with the network and a website associated with the network.
  - 18. The computer readable storage medium of claim 13, wherein the information comprises network addresses associated with the network and wherein the security reconnaissance process comprises:
    - scanning the network addresses to identify the attack surface of the network.
  - 19. The computer readable storage medium of claim 13, wherein the security reconnaissance process comprises:
    - scanning for wireless access points associated with the network.
  - 20. The computer readable storage medium of claim 13, and wherein the security reconnaissance process comprises:
    - installing an agent on the network to identify the attack surface of the network.
  - 21. The computer readable storage medium of claim 13, the method further comprising:
    - performing the appropriate security assessment on the network;
      
      identifying, from the appropriate security assessment, additional information about the network; and
      
      performing an additional security reconnaissance process on the network utilizing the additional information.
  - 22. The computer readable storage medium of claim 13, wherein automatically determining the appropriate security assessment comprises:
    - determining a type of a part of the attack surface; and
      
      selecting at least one security assessment procedure that matches the type of the part of the attack surface of the network.
  - 23. The computer readable storage medium of claim 22, wherein selecting the at least one security assessment procedure, comprises:
    - searching a database of security assessment procedures to identify the at least one security assessment procedure that matches the type of the part of the attack surface.
  - 24. The computer readable storage medium of claim 22, wherein selecting the at least one security assessment procedure, comprises:
    - utilizing expert systems or heuristics to select the at least one security assessment procedure that matches the type of the part of the attack surface.

25. A system for testing security, comprising:
- a processor; and
  
  a computer readable storage medium coupled to the processor and comprising instruction for causing the processor to perform the method comprising;
  
  performing a security reconnaissance process on a network to be assessed for security threats utilizing information associated with the network;
  
  identifying, based on the security reconnaissance process, an attack surface of the network to be assessed for the security threats; and
  
  automatically determining an appropriate security assessment to be performed on the attack surface of the network.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The system of claim 25, wherein the information comprises an identity of an entity associated with the network and wherein the security reconnaissance process comprises:
    - searching an external source based on the identity of the entity, to identify the attack surface of the network.
  - 27. The system of claim 26, wherein the entity comprises at least one of an organization associated with the network and a person associated with the network.
  - 28. The system of claim 25, wherein the information comprises an identity of an entity associated with the network and wherein the security reconnaissance process comprises:
    - searching for a network access point based on the identity of the entity.
  - 29. The system of claim 28, wherein the network access point comprises at least one of an email address associated with the network and a website associated with the network.
  - 30. The system of claim 25, wherein the information comprises network addresses associated with the network and wherein the security reconnaissance process comprises:
    - scanning the network addresses to identify the attack surface of the network.
  - 31. The system of claim 25, wherein the security reconnaissance process comprises:
    - scanning for wireless access points associated with the network.
  - 32. The system of claim 25, and wherein the security reconnaissance process comprises:
    - installing an agent on the network to identify the attack surface of the network.
  - 33. The system of claim 25, the method further comprising:
    - performing the appropriate security assessment on the network;
      
      identifying, from the appropriate security assessment, additional information about the network; and
      
      performing an additional security reconnaissance process on the network utilizing the additional information.
  - 34. The system of claim 25, wherein automatically determining the appropriate security assessment comprises:
    - determining a type of a part of the attack surface; and
      
      selecting at least one security assessment procedure that matches the type of the part of the attack surface of the network.
  - 35. The system of claim 34, wherein selecting the at least one security assessment procedure, comprises:
    - searching a database of security assessment procedures to identify the at least one security assessment procedure that matches the type of the part of the attack surface.
  - 36. The system of claim 34, wherein selecting the at least one security assessment procedure, comprises:
    - utilizing expert systems or heuristics to select the at least one security assessment procedure that matches the type of the part of the attack surface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rapid7, Inc.
Original Assignee
Rapid7, Inc.
Inventors
Giakouminakis, Anastasios, Loder, Chad, Li, Richard

Granted Patent

US 10,447,709 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

METHODS AND SYSTEMS FOR INTEGRATING RECONNAISSANCE WITH SECURITY ASSESSMENTS FOR COMPUTING NETWORKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR INTEGRATING RECONNAISSANCE WITH SECURITY ASSESSMENTS FOR COMPUTING NETWORKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links