System, method, and software for cyber threat analysis

US 8,601,587 B1
Filed: 09/03/2010
Issued: 12/03/2013
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

one or more memory units;

one or more processing units operable to;

generate a network model of a network infrastructure that is used by an organization;

assign a business weighting value to each of a plurality of network elements of the network infrastructure according to a relative business importance of the each network element to the organization;

generate an attack vector associated with at least one network element of the plurality of network elements according to a determined vulnerability of the network infrastructure, the attack vector representing one or more illicit actions that may be performed to compromise the network infrastructure;

simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more network elements of the plurality of network elements due to the attack vector; and

determine a criticality level of the attack vector associated with the at least one network element, the determining including combining the business weighting values assigned to the one or more network elements with the one or more resulting ramifications of the one or more network elements as determined from the simulating, the criticality level including monetary cost to the organization; and

a first storage and a second storage, the first storage operable to store a plurality of the weighting values that are assigned to corresponding ones of the plurality of network elements and the second storage operable to store at least the determined vulnerability, wherein the first storage, the second storage, and the network model comprise a plurality of federated memory stores so as to simulate effects of one or more network elements of the plurality of network elements in a first segment of the network infrastructure having a different level of security relative to another network element of the plurality of network elements in a second segment of the network infrastructure.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to certain embodiments, a cyber threat analysis system generates a network model of a network infrastructure that is used by an organization, assigns a weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization, and generates an attack vector according to a determined vulnerability of the network infrastructure. The attack vector represents one or more illicit actions that may be performed to compromise the network infrastructure. The system may simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more of the plurality of network elements due to the attack vector, and determine a criticality level of the attack vector according to the weighting value of the one or more network elements.

111 Citations

View as Search Results

23 Claims

1. A system comprising:
- one or more memory units;
  
  one or more processing units operable to;
  
  generate a network model of a network infrastructure that is used by an organization;
  
  assign a business weighting value to each of a plurality of network elements of the network infrastructure according to a relative business importance of the each network element to the organization;
  
  generate an attack vector associated with at least one network element of the plurality of network elements according to a determined vulnerability of the network infrastructure, the attack vector representing one or more illicit actions that may be performed to compromise the network infrastructure;
  
  simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more network elements of the plurality of network elements due to the attack vector; and
  
  determine a criticality level of the attack vector associated with the at least one network element, the determining including combining the business weighting values assigned to the one or more network elements with the one or more resulting ramifications of the one or more network elements as determined from the simulating, the criticality level including monetary cost to the organization; and
  
  a first storage and a second storage, the first storage operable to store a plurality of the weighting values that are assigned to corresponding ones of the plurality of network elements and the second storage operable to store at least the determined vulnerability, wherein the first storage, the second storage, and the network model comprise a plurality of federated memory stores so as to simulate effects of one or more network elements of the plurality of network elements in a first segment of the network infrastructure having a different level of security relative to another network element of the plurality of network elements in a second segment of the network infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the one or more processing units are operable to generate the attack vector from a vulnerability determined by a vulnerability scanning tool, the vulnerability representing a security weakness of the network infrastructure.
  - 3. The system of claim 2, wherein the vulnerability comprises an external vulnerability, the vulnerability scanning tool operable to perform a discovery operation to determine the external vulnerability.
  - 4. The system of claim 2, further comprising a node credential database including administrative privileges for the plurality of network elements, the vulnerability scanning tool operable to:
    - receive one or more administrative privileges for the at least one network element; and
      
      determine an internal vulnerability of the at least one network element using the administrative privileges of the at least one network element, the internal vulnerability comprising the vulnerability.
  - 5. The system of claim 1, wherein the one or more processing units are operable to:
    - generate the attack vector using a network security modeling tool.
  - 6. The system of claim 1, wherein the criticality level further comprises one or more of the following:
    - a level of breached security of the organization;
      
      reduced performance of the network infrastructure;
      
      downtime of one or more of the network elements; and
      
      downtime of one or more services provided by the network infrastructure.
  - 7. The system of claim 1, wherein the attack vector comprises one or more hypothetical vulnerabilities.
  - 8. The system of claim 1, wherein the one or more processing units are operable to display the criticality level via a display.
  - 9. The system of claim 1, wherein the at least one network element comprises a first network element and the one or more network elements comprises a second network element different from the first network element.

10. A method comprising:
- generating a network model of a network infrastructure that is used by an organization;
  
  assigning a business weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization;
  
  generating an attack vector associated with at least one network element of the plurality of network elements according to a determined vulnerability of the network infrastructure, the attack vector representing one or more illicit actions that may be performed to compromise the network infrastructure;
  
  simulating, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more network elements of the plurality of network elements due to the attack vector;
  
  determining, using one or more processors, a criticality level of the attack vector associated with the at least one network element, the determining including combining the business weighting values assigned to the one or more network elements with the one or more resulting ramifications of the one or more network elements as determined from the simulating, the criticality level including monetary cost to the organization;
  
  assigning a plurality of weighting values to corresponding ones of the plurality of network elements;
  
  storing the plurality of weighting values in a first storage; and
  
  storing at least the determined vulnerability in a second storage, wherein the first storage, the second storage, and the network model comprise a plurality of federated memory stores so as to simulate effects of one or more network elements of the plurality of network elements in a first segment of the network infrastructure having a different level of security relative to another network element of the plurality of network elements in a second segment of the network infrastructure.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein generating the attack vector further comprises generating the attack vector from a vulnerability determined by a vulnerability scanning tool, the vulnerability representing a security weakness of the network infrastructure.
  - 12. The method of claim 11, further comprising:
    - performing a discovery operation to determine the vulnerability, the vulnerability comprising an external vulnerability.
  - 13. The method of claim 11, further comprising:
    - receiving administrative privileges for the at least one network element; and
      
      determining an internal vulnerability of the at least one network element using the administrative privileges of the at least one network element, the internal vulnerability comprising the vulnerability.
  - 14. The method of claim 10, wherein the one or more processors are operable to:
    - generate the attack vector using a network security modeling tool.
  - 15. The method of claim 10, wherein the criticality level further comprises one or more of the following:
    - a level of breached security of the organization;
      
      reduced performance of the network infrastructure;
      
      downtime of one or more of the network elements; and
      
      downtime of one or more services provided by the network infrastructure.
  - 16. The method of claim 10, wherein the attack vector comprises one or more hypothetical vulnerabilities.

17. Software embodied in a non-transitory computer-readable medium, the software when executed by one or more processing units operable to perform operations comprising:
- generating a network model of a network infrastructure that is used by an organization;
  
  assigning a business weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization;
  
  generating an attack vector associated with at least one network element of the plurality of network elements according to a determined vulnerability of the network infrastructure, the attack vector representing one or more illicit actions that may be performed to compromise the network infrastructure;
  
  simulating, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more network elements of the plurality of network elements due to the attack vector;
  
  determining a criticality level of the attack vector associated with the at least one network element, the determining including combining the business weighting values assigned to the one or more network elements with the one or more resulting ramifications of the one or more network elements as determined from the simulating, the criticality level including monetary cost to the organization;
  
  storing a plurality of the weighting values that are assigned to corresponding ones of the plurality of network elements in a first storage; and
  
  storing at least the determined vulnerability in a second storage, wherein the first storage, the second storage, and the network model comprise a plurality of federated memory stores so as to simulate effects of one or more network elements of the plurality of network elements in a first segment of the network infrastructure having a different level of security relative to another network element of the plurality of network elements in a second segment of the network infrastructure.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The software of claim 17, further comprising a vulnerability scanning tool, the vulnerability scanning tool operable to identify a vulnerability in the network infrastructure, and generate the attack vector from the identified vulnerability.
  - 19. The software of claim 18, wherein the vulnerability comprises an external vulnerability, the vulnerability scanning tool operable to perform a discovery operation to determine the external vulnerability.
  - 20. The software of claim 18, wherein the vulnerability scanning tool is operable to:
    - receive administrative privileges for the at least one network element; and
      
      determine an internal vulnerability of the at least one network element using the administrative privileges of the at least one network element, the internal vulnerability comprising the vulnerability.
  - 21. The software of claim 17, further comprising a network security modeling tool, the network security modeling tool operable to generate the attack vector.
  - 22. The software of claim 17, wherein the criticality level further comprises one or more of the following:
    - a level of breached security of the organization;
      
      reduced performance of the network infrastructure;
      
      downtime of one or more of the network elements; and
      
      downtime of one or more services provided by the network infrastructure.
  - 23. The software of claim 17, wherein the attack vector comprises one or more hypothetical vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Forcepoint LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Powell, William S., Chen, Thomas L.
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
NGUYEN, TRONG H

Application Number

US12/875,854
Time in Patent Office

1,187 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

System, method, and software for cyber threat analysis

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and software for cyber threat analysis

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links