ASSESSING EFFECTIVENESS OF CYBERSECURITY TECHNOLOGIES
First Claim
1. A method for assessing effectiveness of one or more cybersecurity technologies in a computer network, the method comprising:
- testing each of two or more component stages of an attack model at a first computer network element twice,wherein a first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, andwherein a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element; and
for each one of the twice-tested component stages, comparing results from the first test and the second test,wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for assessing effectiveness of one or more cybersecurity technologies in a computer network includes testing each of two or more component stages of an attack model at a first computer network element twice. A first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element. For each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element.
42 Citations
20 Claims
-
1. A method for assessing effectiveness of one or more cybersecurity technologies in a computer network, the method comprising:
-
testing each of two or more component stages of an attack model at a first computer network element twice, wherein a first one of the tests is conducted with a first one of the cybersecurity technologies operable to protect the first computer network element, and wherein a second one of the tests is conducted with the first cybersecurity technology not operable to protect the first computer network element; and for each one of the twice-tested component stages, comparing results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first cybersecurity technology on each respective one of the twice-tested component stages at the computer network element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
defining a set of attack, mission, and defense elements at a computer network element to test; posing one or more hypotheses regarding one or more of the defined attack, mission, and defense elements; executing testing of the one or more hypotheses, wherein executing the testing comprises; testing each of two or more component stages of an attack model at a first computer network element twice, wherein a first one of the tests is conducted with a first one of the defensive cybersecurity technologies operable to protect the first computer network element, and wherein a second one of the tests is conducted with the first defensive cybersecurity technology not operable to protect the first computer network element; and analyzing the first computer network element, wherein analyzing the first computer network element comprises for each one of the twice-tested component stages, comparing results from the first test and the second test, and wherein the comparison yields or leads to information helpful in assessing effectiveness of the first defensive cybersecurity technology on each respective one of the twice-tested component stages at the computer network element; and identifying one or more missing or uncertain elements.
-
-
18. The method of claim 18, wherein the component stages of the attack model are selected from the group consisting of reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action on target
-
19. A system comprising:
-
a computer-based processor; and a computer-based memory coupled to the computer-based processor and having stored thereon instructions executable by the computer-based processor to cause the computer-based processor to facilitate assessing effectiveness of one or more defensive cybersecurity technologies in a computer network, wherein assessing effectiveness comprises; testing each of two or more component stages of an attack model at a first computer network element twice, wherein a first one of the tests is conducted with a first one of the defensive cybersecurity technologies operable to protect the first computer network element, and wherein a second one of the tests is conducted with the first defensive cybersecurity technology not operable to protect the first computer network element; and for each one of the twice-tested component stages, comparing, with the computer-based processor, results from the first test and the second test, wherein the comparison yields or leads to information helpful in assessing effectiveness of the first defensive cybersecurity technology on each respective one of the twice-tested component stages at the computer network element. - View Dependent Claims (20)
-
Specification