Generating Accurate Preemptive Security Device Policy Tuning Recommendations
First Claim
1. A method of determining a likelihood of an attack on a first computer system of a first business, the method comprising the steps of:
- a hardware processor of a computer determining characteristics of the first business, the characteristics including an industry, a size, and a geographical location of the first business, a type of sensitive data managed by the first computer system, a security vulnerability in the first computer system, and an address of a source or a destination of data traffic through a security device in the first computer system;
the computer determining characteristics of a second business which has a second computer system currently or recently under attack, the characteristics of the second business including an industry, a size, and a geographical location of the second business, a type of sensitive data managed by the second computer system, a security vulnerability in the second computer system, and an address of an entity responsible for the current or recent attack on the second computer system;
the computer determining a similarity between the characteristics of the first and second businesses; and
based on the similarity, the computer determining a likelihood that the entity responsible for the current or recent attack on the second computer system will attack the first computer system of the first business.
2 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.
-
Citations
19 Claims
-
1. A method of determining a likelihood of an attack on a first computer system of a first business, the method comprising the steps of:
-
a hardware processor of a computer determining characteristics of the first business, the characteristics including an industry, a size, and a geographical location of the first business, a type of sensitive data managed by the first computer system, a security vulnerability in the first computer system, and an address of a source or a destination of data traffic through a security device in the first computer system; the computer determining characteristics of a second business which has a second computer system currently or recently under attack, the characteristics of the second business including an industry, a size, and a geographical location of the second business, a type of sensitive data managed by the second computer system, a security vulnerability in the second computer system, and an address of an entity responsible for the current or recent attack on the second computer system; the computer determining a similarity between the characteristics of the first and second businesses; and based on the similarity, the computer determining a likelihood that the entity responsible for the current or recent attack on the second computer system will attack the first computer system of the first business. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for determining a likelihood of an attack on a first computer system of a first business, the computer program product comprising:
-
one or more hardware computer-readable storage devices and program instructions stored on the one or more storage devices, the program instructions executing by a hardware processor and the program instructions comprising; program instructions to determine characteristics of the first business, the characteristics including an industry, a size, and a geographical location of the first business, a type of sensitive data managed by the first computer system, a security vulnerability in the first computer system, and an address of a source or a destination of data traffic through a security device in the first computer system; program instructions to determine characteristics of a second business which has a second computer system currently or recently under attack, the characteristics of the second business including an industry, a size, and a geographical location of the second business, a type of sensitive data managed by the second computer system, a security vulnerability in the second computer system, and an address of an entity responsible for the current or recent attack on the second computer system; program instructions to determine a similarity between the characteristics of the first and second businesses; and program instructions to determine, based on the similarity, a likelihood that the entity responsible for the current or recent attack on the second computer system will attack the first computer system of the first business. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system for determining a likelihood of an attack on a first computer system of a first business, the computer system comprising:
-
one or more hardware processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more hardware processors via the one or more memories, the program instructions comprising; first program instructions to determine characteristics of the first business, the characteristics including an industry, a size, and a geographical location of the first business, a type of sensitive data managed by the first computer system, a security vulnerability in the first computer system, and an address of a source or a destination of data traffic through a security device in the first computer system; second program instructions to determine characteristics of a second business which has a second computer system currently or recently under attack, the characteristics of the second business including an industry, a size, and a geographical location of the second business, a type of sensitive data managed by the second computer system, a security vulnerability in the second computer system, and an address of an entity responsible for the current or recent attack on the second computer system; third program instructions to determine a similarity between the characteristics of the first and second businesses; and fourth program instructions to determine, based on the similarity, a likelihood that the entity responsible for the current or recent attack on the second computer system will attack the first computer system of the first business. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification