Systems for network risk assessment including processing of user access rights associated with a network of devices
First Claim
1. A computerized method comprising:
- by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors,accessing or actively testing for, and processing information describing network traffic between a plurality of network devices;
determining, based on the information describing network traffic, a network topology of the network, wherein the network topology comprises a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and wherein each node is associated with one or more network devices and each edge represents a communication path between two nodes;
access and process user account access records indicating historical user access to network nodes;
associating identifications of user accounts with respective nodes which records indicate those users have accessed;
access and process user account access rights indicating user account access rights to specific network devices;
associating identifications of user accounts permitted to access network devices with respective nodes associated with the network devices;
integrating user access records with user access privileges in order to identify permissions issues;
generating user interface data comprising an interactive graph expressing the network topology;
overlaying other relevant data sources on the aforementioned graph (like physical access logs or privileges);
including one or more indications of user access rights/user access records to respective nodes of the network topology; and
deriving recommendations or alerts for the system administrator.
8 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes accessing information describing network traffic between network devices. A network topology of the network is determined based on the information describing network traffic, where the network topology includes nodes connected by an edge to one or more other nodes, and each node is associated with a network device and each edge represents two nodes that can communicate with each other. User account access information indicating access rights and/or access records may be overlaid on the network topology and the system can provide various visualizations of the network topology to illustrate security risks associated with specific user accounts or nodes, identify compromise values/likelihoods/risks of particular user accounts and/or network accounts, and identify network segmentation issues, among others.
-
Citations
20 Claims
-
1. A computerized method comprising:
-
by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors, accessing or actively testing for, and processing information describing network traffic between a plurality of network devices; determining, based on the information describing network traffic, a network topology of the network, wherein the network topology comprises a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and wherein each node is associated with one or more network devices and each edge represents a communication path between two nodes; access and process user account access records indicating historical user access to network nodes; associating identifications of user accounts with respective nodes which records indicate those users have accessed; access and process user account access rights indicating user account access rights to specific network devices; associating identifications of user accounts permitted to access network devices with respective nodes associated with the network devices; integrating user access records with user access privileges in order to identify permissions issues; generating user interface data comprising an interactive graph expressing the network topology; overlaying other relevant data sources on the aforementioned graph (like physical access logs or privileges); including one or more indications of user access rights/user access records to respective nodes of the network topology; and deriving recommendations or alerts for the system administrator. - View Dependent Claims (2, 3, 4)
-
-
5. A computerized method comprising:
-
by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors, obtaining information describing network traffic between a plurality of network devices; determining, based on the information describing network traffic, a network topology of the network, wherein the network topology comprises a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and wherein each node is associated with one or more network devices and each edge represents a communication path; access user account access information indicating user account access rights to specific network devices, wherein the user account access information comprises one or more access control lists; associating, from the user account access information, identifications of user accounts permitted to access network devices with respective nodes associated with the network devices; and generating user interface data comprising a graph identifying the network topology. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product, encoded on one or more non-transitory computer storage media, comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
obtaining information describing network traffic between a plurality of network devices; determining, based on the information describing network traffic, a network topology of the network, wherein the network topology comprises a plurality of nodes each connected by an edge to one or more of the plurality of nodes, and wherein each node is associated with one or more network devices and each edge represents a communication path; accessing user account access information indicating user account access rights to specific network devices, wherein the user account access information at least indicates actual access attempts to network devices in one or more periods of time; associating, from the user account access information, identifications of user accounts permitted to access network devices with respective nodes associated with the network devices; and generating user interface data comprising a graph identifying the network topology. - View Dependent Claims (19, 20)
-
Specification