System, method, and software for cyber threat analysis
First Claim
1. A system comprising:
- a first memory unit and a second memory unit;
one or more processing units operable to;
generate a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security;
determine a vulnerability of a first network element of the first network elements of the network infrastructure;
simulate, using the network model, an attack vector on the determined vulnerability of the first network element of the network infrastructure to determine a resulting ramification on a second network element of the second network elements due to the attack vector; and
determine, using the resulting ramification, a criticality level of the attack vector associated with the second network element;
displaying the criticality level of the attack vector on a user interface of the system in order to alert a user as to the effect of the determined vulnerability; and
wherein the first memory unit is configured as a first federated memory with the first segment of the network infrastructure stored thereon, the second memory unit is configured as second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model.
12 Assignments
0 Petitions
Accused Products
Abstract
According to certain embodiments, a cyber threat analysis system generates a network model of a network infrastructure that is used by an organization, assigns a weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization, and generates an attack vector according to a determined vulnerability of the network infrastructure. The attack vector represents one or more illicit actions that may be performed to compromise the network infrastructure. The system may simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more of the plurality of network elements due to the attack vector, and determine a criticality level of the attack vector according to the weighting value of the one or more network elements.
-
Citations
20 Claims
-
1. A system comprising:
-
a first memory unit and a second memory unit; one or more processing units operable to; generate a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security; determine a vulnerability of a first network element of the first network elements of the network infrastructure; simulate, using the network model, an attack vector on the determined vulnerability of the first network element of the network infrastructure to determine a resulting ramification on a second network element of the second network elements due to the attack vector; and determine, using the resulting ramification, a criticality level of the attack vector associated with the second network element; displaying the criticality level of the attack vector on a user interface of the system in order to alert a user as to the effect of the determined vulnerability; and wherein the first memory unit is configured as a first federated memory with the first segment of the network infrastructure stored thereon, the second memory unit is configured as second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
generating, using one or more processors, a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security; determining a vulnerability of a first network element of the first network elements of the network infrastructure; simulating, using the one or more processors and the network model stored across a plurality of federated memory stores including a first and a second federated memory store, an attack vector on the on the determined vulnerability of the first network element to determine a ramification of the attack vector on a second network element of the second network elements due to the attack vector attacking the first network element, wherein the first federated memory store is configured as a first federated memory with the first segment of the network infrastructure stored thereon and the second federated memory store is configured as a second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model; determining, using the one or more processors and using the determined ramification, a criticality level of the attack vector associated with the second network element; and displaying, using the one or more processors, the criticality level of the attack vector on a user interface in order to alert a user as to the effect of the determined vulnerability. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage device including instructions stored thereon, the instructions, which when executed by a machine, cause the machine to perform operations comprising:
-
generating a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security; determining a vulnerability of a first network element of the first network elements of the network infrastructure; simulating, using the network model stored across a plurality of federated memory stores including a first and a second federated memory store, an attack vector on the determined vulnerability of the first network element to determine a ramification of the attack vector on a second network element of the second network elements due to the attack vector attacking the first network element, wherein the first federated memory store is configured as a first federated memory with the first segment of the network infrastructure stored thereon and the second federated memory store is configured as a second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model; determining, using the determined ramification, a criticality level of the attack vector associated with the second network element; and displaying the criticality level of the attack vector on a user interface in order to alert a user as to the effect of the determined vulnerability. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification