Methods and apparatus for determining network risk based upon incomplete network configuration data
First Claim
1. A method for a computer system including a display device, the method comprising:
- receiving, by the computer system, configuration data for at least one network device in a network;
determining, by the computer system, a network topology for at least a portion of the network in response to the configuration data, wherein the network topology indicates a location of a first server and existence of a threat source remote from the first server location, and wherein the network topology comprises incomplete information about the first server location;
determining, by the computer system, at least a first vulnerability to said threat source associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes; and
determining, by the computer system, a coverage factor score for the first server location correlating to the incomplete information, based on the network topology and the configuration data;
determining, by the computer system, a first security exposure of the first server location with respect to the threat source by analyzing the configuration data to determine a reachability of the first server location from the threat source; and
accounting for the incomplete information by determining, by the computer system, a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology; and
outputting a visual representation of the first security exposure and thefirst vulnerability certainty on the display device.
9 Assignments
0 Petitions
Accused Products
Abstract
A method for a computer system includes receiving configuration data from a network device in a network, determining a topology for a portion of the network from the configuration data, wherein the topology indicates a server location and a threat server at a threat server location in the network, determining a vulnerability including vulnerability attributes for the first server location, and when configuration data for the first server location is incomplete, the method includes determining a security exposure of the first server location with respect to the threat server in response to the configuration data, the topology, and to the configuration data associated the host server location, determining a vulnerability certainty for the first server location with respect the vulnerability in response to the configuration data associated the host server location, and outputting a visual representation of the security exposure and the vulnerability certainty on a display.
-
Citations
23 Claims
-
1. A method for a computer system including a display device, the method comprising:
-
receiving, by the computer system, configuration data for at least one network device in a network; determining, by the computer system, a network topology for at least a portion of the network in response to the configuration data, wherein the network topology indicates a location of a first server and existence of a threat source remote from the first server location, and wherein the network topology comprises incomplete information about the first server location; determining, by the computer system, at least a first vulnerability to said threat source associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes; and determining, by the computer system, a coverage factor score for the first server location correlating to the incomplete information, based on the network topology and the configuration data; determining, by the computer system, a first security exposure of the first server location with respect to the threat source by analyzing the configuration data to determine a reachability of the first server location from the threat source; and accounting for the incomplete information by determining, by the computer system, a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology; and outputting a visual representation of the first security exposure and the first vulnerability certainty on the display device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 21, 22, 23)
-
-
8. A non-transitory computer-readable storage medium storing computer-system executable-code, the code comprising:
-
code that directs a computer system to receive configuration data for at least one network device in a network; code that directs the computer system to determine a network topology for at least a portion of the network in response to the configuration data, wherein the network topology indicates a location of a first server device and existence of a threat source remote from the first server location and wherein the network topology comprises incomplete information about the first server location; code that directs the computer system to determine at least a first vulnerability associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes; code that directs the computer system to determine a coverage factor score for the first server location correlating to the incomplete information, based on the network topology and the configuration data; code that directs the computer system to determine a first security exposure of the first server location with respect to the threat source by analyzing the configuration data to determine a reachability of the first server location from the threat source; code that directs the computer system to account for the incomplete information by determining a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology; and code that directs the computer system to output a visual representation of the first security exposure and the first vulnerability certainty on the display device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system comprising:
-
a display device configured to output data to a user; a memory configured to store configuration data for at least one network device in a network; and a processor coupled to the memory, wherein the processor is configured to; determine a network topology for at least a portion of the network in response to the configuration data, wherein the network topology indicates a first server location and existence of a threat source remote from the first server location, and wherein the network topology comprises incomplete information about the first server location, determine at least a first vulnerability associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes, determine a coverage factor score for the first server location correlating to the incomplete information, based on the network topology and the configuration data, determine a first security exposure of the first server location with respect to the threat source by analyzing the configuration data to determine a reachability of the first server location from the threat source, account for the incomplete information by determining a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology, and output a visual representation of the first security exposure and the first vulnerability certainty on the display device. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification