CRITICALITY ANALYSIS OF ATTACK GRAPHS
First Claim
1. A computer-implemented method comprising:
- providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network;
determining, for each asset, a criticality of the respective asset to operation of a process;
determining a lateral movement path between a first node represented by a first asset and a second node represented by second asset within the graph;
determining a path value representative of a criticality in preventing an attack through the lateral movement path; and
providing an indication of the path value representative of the criticality in preventing an attack through the lateral movement path.
1 Assignment
0 Petitions
Accused Products
Abstract
Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network, determining, for each asset, a criticality of the respective asset to operation of a process, determining a lateral movement path between a first node represented by a first asset and a second node represented by second asset within the graph, determining a path value representative of a criticality in preventing an attack through the lateral movement path, and providing an indication of the path value representative of the criticality in preventing an attack through the lateral movement path.
34 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network; determining, for each asset, a criticality of the respective asset to operation of a process; determining a lateral movement path between a first node represented by a first asset and a second node represented by second asset within the graph; determining a path value representative of a criticality in preventing an attack through the lateral movement path; and providing an indication of the path value representative of the criticality in preventing an attack through the lateral movement path. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network; determining, for each asset, a criticality of the respective asset to operation of a process; determining a lateral movement path between a first node represented by a first asset and a second node represented by second asset within the graph; determining a path value representative of a criticality in preventing an attack through the lateral movement path; and providing an indication of the path value representative of the criticality in preventing an attack through the lateral movement path. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
-
providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network; determining, for each asset, a criticality of the respective asset to operation of a process; determining a lateral movement path between a first node represented by a first asset and a second node represented by second asset within the graph; determining a path value representative of a criticality in preventing an attack through the lateral movement path; and providing an indication of the path value representative of the criticality in preventing an attack through the lateral movement path.
-
Specification