Adaptive risk analysis methods and apparatus
First Claim
1. A method for a computer system including a display device comprising:
- receiving, by the computer system, configuration data for at least one network device in a network, wherein the configuration data includes at least one device configuration file;
receiving, by the computer system, a network topology for at least a portion of the network, wherein the network topology indicates a first server location and a threat source remote from the first server location, and configuration data associated with at least the portion of the network, wherein the network topology comprises incomplete information about the first server location;
determining, by the computer system, at least a first vulnerability to the threat source associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes; and
determining, by the computer system, a first security exposure of the first server location by determining a reachability of the first server location from the threat source using at least the configuration data;
determining, by the computer system, a coverage factor score for the first server location correlating to the incomplete information, based on the network topology, and the at least one device configuration file;
accounting for the incomplete information by determining, by the computer system, a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology;
thereafterreceiving updated network data selected from a group consisting of;
updated configuration data, updated network topology;
determining a second security exposure of the first server location with respect to the threat source in response to the updated network data, and to configuration data associated with the first server location; and
displaying an indication of a difference between the first security exposure and the second security exposure on the display device.
9 Assignments
0 Petitions
Accused Products
Abstract
A computer system method includes receiving a network topology and associated configuration data, wherein the network topology indicates a host location and a threat location, determining a vulnerability associated with the host location, determining a security exposure for the host location with respect to the threat location from the configuration data, the network topology, and to incomplete configuration data for the host location, determining a first vulnerability certainty for the host location with respect the vulnerability in response to incomplete configuration data, thereafter receiving updated network data selected from a group consisting of: updated configuration data, updated network topology, determining an updated security exposure for the host location with respect to the threat location from the updated network data, and to the incomplete configuration data, and displaying a difference between of the first security exposure and the second security exposure on the display.
-
Citations
24 Claims
-
1. A method for a computer system including a display device comprising:
-
receiving, by the computer system, configuration data for at least one network device in a network, wherein the configuration data includes at least one device configuration file; receiving, by the computer system, a network topology for at least a portion of the network, wherein the network topology indicates a first server location and a threat source remote from the first server location, and configuration data associated with at least the portion of the network, wherein the network topology comprises incomplete information about the first server location; determining, by the computer system, at least a first vulnerability to the threat source associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes; and determining, by the computer system, a first security exposure of the first server location by determining a reachability of the first server location from the threat source using at least the configuration data; determining, by the computer system, a coverage factor score for the first server location correlating to the incomplete information, based on the network topology, and the at least one device configuration file; accounting for the incomplete information by determining, by the computer system, a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology;
thereafterreceiving updated network data selected from a group consisting of;
updated configuration data, updated network topology;determining a second security exposure of the first server location with respect to the threat source in response to the updated network data, and to configuration data associated with the first server location; and displaying an indication of a difference between the first security exposure and the second security exposure on the display device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 23, 24)
-
-
8. A non-transitory computer-readable storage medium storing computer-system executable-code comprising:
-
code that directs a computer system to receive configuration data for at least one network device in a network, wherein the configuration data includes at least one device configuration file; code that directs the computer system to receive a network topology for at least a portion of the network, wherein the network topology indicates a first server location and a threat source remote from the first server location, and configuration data associated with at least the portion of the network, wherein the network topology comprises incomplete information about the first server location; code that directs the computer system to determine at least a first vulnerability associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes; and code that directs the computer system to determine a first security exposure of the first server location by determining a reachability of the first server location from the threat source using at least the configuration data; code that directs the computer system to determine a coverage factor score for the first server location correlating to the incomplete information, based on the network topology, and the at least one device configuration file; code that directs the computer system to account for the incomplete information by determining a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology; code that directs the computer system to receive updated network data selected from a group consisting of;
updated configuration data, and updated network topology;code that directs the computer system to determine a second security exposure of the first server location with respect to the threat source in response to the updated network data, and to configuration data associated with the first server location; and code that directs the computer system to display an indication of a difference between the first security exposure and the second security exposure on a display device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a display device configured to output data to a user; a memory configured to store configuration data for at least one network device in a network, wherein the configuration data is based on at least one device configuration file; and a processor coupled to the memory, wherein the processor is configured to receive a network topology for at least a portion of the network, wherein the network topology indicates a first server location and a threat source remote from the first server location, and configuration data associated with at least the portion of the network, wherein the network topology comprises incomplete information about the first server location; wherein the processor is configured to determine at least a first vulnerability associated with the first server location, wherein the vulnerability includes a plurality of vulnerability attributes, and wherein the processor is configured to determine a first security exposure of the first server location by determining a reachability of the first server location from the threat source using at least the configuration data, wherein the processor is configured to determine a coverage factor score for the first server location correlating to the incomplete information, based on the network topology, and the at least one device configuration file; wherein the processor is configured to account for the incomplete information by determining a first vulnerability certainty associated with the first server location with respect to the vulnerability by calculating a probability that the first vulnerability exists based on the coverage factor score for the first server location and the network topology, wherein the processor is configured to receive updated network data selected from a group consisting of;
updated configuration data, updated network topology,wherein the processor is configured to determine a second security exposure of the first server location with respect to the threat source in response to the updated network data, and to configuration data associated with the first server location, and wherein the processor is configured to display an indication of a difference between the first security exposure and the second security exposure on the display device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification