System and method for risk detection and analysis in a computer network
First Claim
Patent Images
1. A method for performing risk assessment in a computer network, the method comprising:
- generating a network topology model for the computer network, the network topology model including a set of network nodes, a set of actual vulnerabilities associated with the network nodes, and a set of access rules associated with the network nodes;
determining, among the set of network nodes, one or more start points, by analyzing a set of access control lists and filtering rules from one or more network devices, the set of access control lists and filtering rules collected by a network discovery agent to determine the start points, and one or more end points of one or more potential attack paths through the network topology model;
generating an attack graph comprising a set of graph nodes wherein each graph node represents a state of a single service in the network;
simulating one or more attacks from one or more start points to one or more end points using the attack graph; and
storing the results of the attack simulation in a computer memory.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.
307 Citations
13 Claims
-
1. A method for performing risk assessment in a computer network, the method comprising:
-
generating a network topology model for the computer network, the network topology model including a set of network nodes, a set of actual vulnerabilities associated with the network nodes, and a set of access rules associated with the network nodes; determining, among the set of network nodes, one or more start points, by analyzing a set of access control lists and filtering rules from one or more network devices, the set of access control lists and filtering rules collected by a network discovery agent to determine the start points, and one or more end points of one or more potential attack paths through the network topology model; generating an attack graph comprising a set of graph nodes wherein each graph node represents a state of a single service in the network; simulating one or more attacks from one or more start points to one or more end points using the attack graph; and storing the results of the attack simulation in a computer memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification