Asset risk analysis
First Claim
1. A computer-implemented method, comprising:
- receiving, at a data processing apparatus, threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset;
receiving, at the data processing apparatus, vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; and
determining, with the data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat;
analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat;
determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes;
determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and an agent-based countermeasure; and
determining a likelihood that the network-based countermeasure protects the particular asset; and
determining a likelihood that the agent-based countermeasure protects the particular asset; and
determining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for asset risk analysis. One method includes receiving threat definition data for threats, vulnerability detection data for assets, and countermeasure detection data for assets. The method further includes determining a respective risk metric for each of the assets for each of the threats. This includes analyzing the vulnerability detection data for an asset to determine whether the asset is vulnerable to a threat, determining from the threat definition data and the countermeasure detection data whether the asset is protected by one of the countermeasures identified for the threat, and determining the risk metric for the asset for the threat according to whether the asset is vulnerable to the threat and whether the asset is protected by one of the countermeasures identified for the threat.
151 Citations
32 Claims
-
1. A computer-implemented method, comprising:
-
receiving, at a data processing apparatus, threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset; receiving, at the data processing apparatus, vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; and determining, with the data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat; analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat; determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes; determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and an agent-based countermeasure; and determining a likelihood that the network-based countermeasure protects the particular asset; and determining a likelihood that the agent-based countermeasure protects the particular asset; and determining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
a processor; and a computer storage medium coupled to the processor and including instructions, which, when executed by the processor, causes the processor to perform operations comprising; receiving threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset; receiving vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; and determining a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat; analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat; determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes; determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and a host-based countermeasure; and determining a likelihood that the network-based countermeasure protects the particular asset; and determining a likelihood that the host-based countermeasure protects the particular asset; and determining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory computer-storage medium encoded with a computer program including instructions operable to cause data processing apparatus to perform operations comprising:
-
receiving, at a data processing apparatus, threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset; receiving, at the data processing apparatus, vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; and determining, with the data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat; analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat; determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes; determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and a host-based countermeasure; and determining a likelihood that the network-based countermeasure protects the particular asset; and determining a likelihood that the host-based countermeasure protects the particular asset; and determining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat.
-
-
32. A computer-implemented method, comprising:
-
receiving configuration data for each of one or more assets, the configuration data describing for each asset configuration of the asset; receiving threat definition data including, for each of one or more threats, applicability data and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset, wherein the applicability data describes asset configurations applicable to the threat; receiving, for each of one or more assets, vulnerability detection data and countermeasure detection data, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; and determining, with a data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat; analyzing the vulnerability detection data for the particular asset to determine a predicate categorization for the particular asset for the particular threat from a group comprising;
vulnerable, not vulnerable, and unknown vulnerability;determining, from the threat definition data and the countermeasure detection data, a predicate categorization for the particular asset for the particular threat from a group comprising;
protected, not protected, or unknown protection; anddetermining, from the applicability data and configuration data a predicate categorization for the particular asset for the particular threat from a group comprising;
applicable, not applicable, or unknown applicability; andwherein the risk metric for each of the assets for each of the threats is one of vulnerable, protected, not protected, unknown, and not vulnerable, and for each asset and each threat;
the vulnerable risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of vulnerable and not-protected, the protected risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of protected and either applicable or unknown applicability, the not protected risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of not protected and unknown vulnerability, the unknown risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of unknown protection and unknown vulnerability, and the not vulnerable risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of either not vulnerable or not applicable.
-
Specification