SYSTEMS FOR NETWORK RISK ASSESSMENT INCLUDING PROCESSING OF USER ACCESS RIGHTS ASSOCIATED WITH A NETWORK OF DEVICES

US 20170214710A1
Filed: 04/07/2017
Published: 07/27/2017
Est. Priority Date: 12/29/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized method comprising:

by a system of one or more computers,determining, based on information describing network traffic, a network topology of a network, the network topology comprising a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and each node being associated with one or more network devices;

determining, for each node, respective compromise risks of network devices associated with the node; and

providing, for presentation in a user interface, visual representations of one or more of the nodes and associated compromise risks, wherein the visual representations are colored according to associated compromise risks.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes obtaining information describing network traffic between a plurality of network devices within a network. A network topology of the network is determined based on the information describing network traffic, with the network topology including nodes connected by an edge to one or more other nodes, and with each node being associated with one or more network devices. Indications of user access rights of users are associated to respective nodes included in the network topology. User interface data associated with the network topology is generated.

Citations

20 Claims

1. A computerized method comprising:
- by a system of one or more computers,determining, based on information describing network traffic, a network topology of a network, the network topology comprising a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and each node being associated with one or more network devices;
  
  determining, for each node, respective compromise risks of network devices associated with the node; and
  
  providing, for presentation in a user interface, visual representations of one or more of the nodes and associated compromise risks, wherein the visual representations are colored according to associated compromise risks.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computerized method of claim 1, wherein determining the compromise risk for a particular network device is based on aggregated Common Vulnerability Scoring System (CVSS) values associated with the particular network device.
  - 3. The computerized method of claim 1, wherein determining the compromise risk for a particular network device is based on a highest Common Vulnerability Scoring System (CVSS) value associated with the particular network device.
  - 4. The computerized method of claim 1, wherein each node is associated with one or more network devices belonging to a same subnet.
  - 5. The computerized method of claim 1, wherein a compromise risk for a particular network device is based on information indicating exploitability of the particular network device and information indicating value associated with the particular network device.
  - 6. The computerized method of claim 1, wherein a compromise risk associated with a node is based on a highest compromise risk of a network device associated with the node.

7. The computerized method of 1, wherein the visual representations comprise circles.

8. A system comprising one or more computer systems and one or more computer storage media storing instructions that when executed by the computer systems cause the computer systems to perform operations comprising:
- determining, based on information describing network traffic, a network topology of a network, the network topology comprising a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and each node being associated with one or more network devices;
  
  determining, for each node, respective compromise risks of network devices associated with the node; and
  
  providing, for presentation in a user interface, visual representations of one or more of the nodes and associated compromise risks, wherein the visual representations are colored according to associated compromise risks.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein determining the compromise risk for a particular network device is based on aggregated Common Vulnerability Scoring System (CVSS) values associated with the particular network device.
  - 10. The system of claim 8, wherein determining the compromise risk for a particular network device is based on a highest Common Vulnerability Scoring System (CVSS) value associated with the particular network device.
  - 11. The system of claim 8, wherein each node is associated with one or more network devices belonging to a same subnet.
  - 12. The system of claim 8, wherein a compromise risk for a particular network device is based on information indicating exploitability of the particular network device and information indicating value associated with the particular network device.
  - 13. The system of claim 8, wherein a compromise risk associated with a node is based on a highest compromise risk of a network device associated with the node.
  - 14. The system of claim 8, wherein the visual representations comprise circles.

15. Non-transitory computer storage media storing instruction that when executed by a system of one or more computers, cause the one or more computers to perform operations comprising:
- determining, based on information describing network traffic, a network topology of a network, the network topology comprising a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and each node being associated with one or more network devices;
  
  determining, for each node, respective compromise risks of network devices associated with the node; and
  
  providing, for presentation in a user interface, visual representations of one or more of the nodes and associated compromise risks, wherein the visual representations are colored according to associated compromise risks.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer storage media of claim 15, wherein determining the compromise risk for a particular network device is based on aggregated Common Vulnerability Scoring System (CVSS) values associated with the particular network device.
  - 17. The non-transitory computer storage media of claim 15, wherein determining the compromise risk for a particular network device is based on a highest Common Vulnerability Scoring System (CVSS) value associated with the particular network device.
  - 18. The non-transitory computer storage media of claim 15, wherein each node is associated with one or more network devices belonging to a same subnet.
  - 19. The non-transitory computer storage media of claim 15, wherein a compromise risk for a particular network device is based on information indicating exploitability of the particular network device and information indicating value associated with the particular network device.
  - 20. The non-transitory computer storage media of claim 15, wherein a compromise risk associated with a node is based on a highest compromise risk of a network device associated with the node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Cohen, Stephen, Seiver, Miles

Granted Patent

US 9,985,983 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 2012/5609   Topology

H04L 2012/5623   Network design, dimensionin...

H04L 41/0853   by actively collecting conf...

H04L 41/0866   Checking the configuration

H04L 41/12   Discovery or management of ...

H04L 43/0876   Network utilisation, e.g. v...

H04L 43/12   Network monitoring probes

H04L 45/02   Topology update or discovery

H04L 63/0236   Filtering by address, proto...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

H04W 12/08   Access security

H04W 84/005   Moving wireless networks

SYSTEMS FOR NETWORK RISK ASSESSMENT INCLUDING PROCESSING OF USER ACCESS RIGHTS ASSOCIATED WITH A NETWORK OF DEVICES

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS FOR NETWORK RISK ASSESSMENT INCLUDING PROCESSING OF USER ACCESS RIGHTS ASSOCIATED WITH A NETWORK OF DEVICES

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links