Communication network security risk exposure management systems and methods

US 7,743,421 B2
Filed: 05/18/2005
Issued: 06/22/2010
Est. Priority Date: 05/18/2005
Status: Active Grant

First Claim

Patent Images

1. A risk analysis system comprising:

a risk analyzer configured to determine a consolidated security risk to a feature of a communication network by analyzing assets of the communication network which are associated with the communication network feature and vulnerabilities affecting the assets which are associated with the communication network feature and calculating the consolidated security risk to the communication network feature based on the vulnerabilities, the consolidated security risk being in addition to any security risks calculated for the assets based on the vulnerabilities; and

a user interface operatively coupled to the risk analyzer.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Communication network security risk exposure management systems and methods are disclosed. Risks to a communication network are determined by analyzing assets of the communication network and vulnerabilities affecting the assets. Assets may include physical assets such as equipment or logical assets such as software or data. Risk analysis may be adapted to assess risks to a particular feature of a communication network by analyzing assets of the communication network which are associated with that feature and one or more of vulnerabilities which affect the feature and vulnerabilities which affect the assets associated with the feature. A feature may be an asset itself or a function or service offered in the network and supported by particular assets, for example.

71 Citations

View as Search Results

20 Claims

1. A risk analysis system comprising:
- a risk analyzer configured to determine a consolidated security risk to a feature of a communication network by analyzing assets of the communication network which are associated with the communication network feature and vulnerabilities affecting the assets which are associated with the communication network feature and calculating the consolidated security risk to the communication network feature based on the vulnerabilities, the consolidated security risk being in addition to any security risks calculated for the assets based on the vulnerabilities; and
  
  a user interface operatively coupled to the risk analyzer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The risk analysis system of claim 1, wherein the assets comprise one or more of:
    - physical assets and logical assets.
  - 3. The risk analysis system of claim 2, wherein the physical assets comprise equipment in the communication network.
  - 4. The risk analysis system of claim 2, wherein the logical assets comprise one or more of:
    - software for execution by processors in the communication network and information stored by equipment in the communication network.
  - 5. The risk analysis system of claim 1, further comprising one or more of:
    - an event manager configured to receive information associated with vulnerabilities and assets, and to update current vulnerabilities and assets based on the received information;
      
      a network model manager configured to capture a representation of the communication network and the determined consolidated security risk; and
      
      a report manager configured to receive through the user interface risk report selection inputs and to generate a report of the determined consolidated security risk in accordance with the received selection inputs.
  - 6. The risk analysis system of claim 1, wherein the user interface comprises one or more of:
    - a simulation interface configured to receive information associated with temporary changes to the vulnerabilities, assets, or both;
      
      a configuration interface configured to receive one or more of network configuration information associated with vulnerabilities, assets, or both, and risk analysis configuration information for configuring an analysis process applied to the vulnerabilities and assets by the risk analyzer;
      
      a network map configured to present a representation of the communication network and the determined consolidated security risk; and
      
      a report interface configured to receive risk report selection inputs for configuring a report of the determined consolidated security risk.
  - 7. The risk analysis system of claim 1, further comprising:
    - a data system configured to provide access to risk exposure management information.
  - 8. The risk analysis system of claim 1, wherein the risk analyzer is further configured to determine the consolidated security risk by analyzing vulnerabilities which affect the communication network feature.
  - 9. The risk analysis system of claim 8, wherein the risk analyzer comprises:
    - a direct exposure calculator configured to determine a direct exposure risk to the communication network feature based on the vulnerabilities which affect the communication network feature;
      
      an indirect exposure calculator configured to determine an indirect exposure risk to the communication network feature based on the vulnerabilities affecting the assets which are associated with the communication network feature;
      
      a total exposure calculator configured to determine a total exposure risk to the communication network feature as a function of the direct exposure risk and the indirect exposure risk; and
      
      a risk calculator configured to determine the consolidated security risk to the communication network feature based on the total exposure risk.
  - 10. The risk analysis system of claim 9, wherein the vulnerabilities affecting the assets which are associated with the communication network feature are determined in a sequence according to a traversal order of the assets.
  - 11. The risk analysis system of claim 1, wherein the user interface is configured to receive from a user risk analysis configuration information specifying the communication network feature.
  - 12. The risk analysis system of claim 11, wherein the risk analyzer is further configured to provide through the user interface an indication of the determined consolidated security risk.
  - 13. The risk analysis system of claim 7, wherein the data system is configured to provide access to one or more of:
    - a vulnerabilities database configured to store information associated with the vulnerabilities;
      
      an asset database configured to store information associated with the assets;
      
      a security state database configured to store information associated with the determined consolidated security risk; and
      
      a user interface database configured to store information associated with the user interface.

14. A communication network security risk analysis method comprising:
- providing vulnerabilities affecting assets of a communication network; and
  
  determining a consolidated security risk to a feature of a communication network by analyzing the assets which are associated with the communication network feature and the vulnerabilities affecting the assets which are associated with the communication network feature and calculating the consolidated security risk to the feature based on the vulnerabilities, the consolidated security risk being in addition to any security risks calculated for the assets based on the vulnerabilities,wherein the assets comprise one or more of;
  
  physical assets comprising equipment in the communication network; and
  
  logical assets comprising one or more of;
  
  software for execution by processors in the communication network and information stored by equipment in the communication network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - providing an indication of the determined consolidated security risk.
  - 16. The method of claim 14, further comprising:
    - receiving information associated with vulnerabilities and assets;
      
      updating current vulnerabilities and assets based on the received information.
  - 17. The method of claim 14, further comprising:
    - receiving risk analysis configuration information; and
      
      adapting an analysis process applied to the vulnerabilities and assets in accordance with the received risk analysis configuration information.
  - 18. A machine-readable medium storing instructions which when executed perform the method of claim 14.
  - 19. The method of claim 14, further comprising:
    - providing vulnerabilities which affect the feature of the communication network,wherein determining further comprises determining the consolidated security risk by analyzing the vulnerabilities which affect the feature of the communication network.
  - 20. A machine-readable medium storing instructions which when executed perform the method of claim 19.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Cosquer, Francois J. N., Marquet, Bertrand, D'Souza, Scott David, Leclerc, Yvon, MacIntosh, Robert W.
Primary Examiner(s)
Revak; Christopher A

Application Number

US11/132,118
Publication Number

US 20060265751A1
Time in Patent Office

1,861 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/1441 Countermeasures against mal...

Communication network security risk exposure management systems and methods

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communication network security risk exposure management systems and methods

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links