System, method, and software for cyber threat analysis

US 9,241,008 B2
Filed: 12/02/2013
Issued: 01/19/2016
Est. Priority Date: 09/04/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first memory unit and a second memory unit;

one or more processing units operable to;

generate a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security;

determine a vulnerability of a first network element of the first network elements of the network infrastructure;

simulate, using the network model, an attack vector on the determined vulnerability of the first network element of the network infrastructure to determine a resulting ramification on a second network element of the second network elements due to the attack vector; and

determine, using the resulting ramification, a criticality level of the attack vector associated with the second network element;

displaying the criticality level of the attack vector on a user interface of the system in order to alert a user as to the effect of the determined vulnerability; and

wherein the first memory unit is configured as a first federated memory with the first segment of the network infrastructure stored thereon, the second memory unit is configured as second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to certain embodiments, a cyber threat analysis system generates a network model of a network infrastructure that is used by an organization, assigns a weighting value to each of a plurality of network elements of the network infrastructure according to a relative importance of the each network element to the organization, and generates an attack vector according to a determined vulnerability of the network infrastructure. The attack vector represents one or more illicit actions that may be performed to compromise the network infrastructure. The system may simulate, using a network modeling tool, the attack vector on the network model to determine one or more resulting ramifications of one or more of the plurality of network elements due to the attack vector, and determine a criticality level of the attack vector according to the weighting value of the one or more network elements.

Citations

20 Claims

1. A system comprising:
- a first memory unit and a second memory unit;
  
  one or more processing units operable to;
  
  generate a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security;
  
  determine a vulnerability of a first network element of the first network elements of the network infrastructure;
  
  simulate, using the network model, an attack vector on the determined vulnerability of the first network element of the network infrastructure to determine a resulting ramification on a second network element of the second network elements due to the attack vector; and
  
  determine, using the resulting ramification, a criticality level of the attack vector associated with the second network element;
  
  displaying the criticality level of the attack vector on a user interface of the system in order to alert a user as to the effect of the determined vulnerability; and
  
  wherein the first memory unit is configured as a first federated memory with the first segment of the network infrastructure stored thereon, the second memory unit is configured as second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the vulnerability represents a security weakness of the network infrastructure.
  - 3. The system of claim 2, wherein the vulnerability comprises an external vulnerability.
  - 4. The system of claim 2, further comprising a node credential database including administrative privileges for each network element of the first and second network elements;
    - anda vulnerability scanning tool configured to determine the vulnerability, the vulnerability scanning tool operable to;
      
      receive the administrative privilege for each network element; and
      
      determine the vulnerability of each network element using the administrative privileges, wherein the vulnerability is an internal vulnerability.
  - 5. The system of claim 1, wherein the one or more processing units are operable to:
    - generate the attack vector using a network security modeling tool.
  - 6. The system of claim 1, wherein the criticality level comprises a value representative of one or more of:
    - a level of breached security of the organization;
      
      reduced performance of the network infrastructure;
      
      downtime of a network element of the first and second network elements; and
      
      downtime of a service provided by the network infrastructure.
  - 7. The system of claim 1, wherein the attack vector comprises one or more hypothetical vulnerabilities internal or external to the organization.

8. A method comprising:
- generating, using one or more processors, a network model of a network infrastructure that is used by an organization, wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security;
  
  determining a vulnerability of a first network element of the first network elements of the network infrastructure;
  
  simulating, using the one or more processors and the network model stored across a plurality of federated memory stores including a first and a second federated memory store, an attack vector on the on the determined vulnerability of the first network element to determine a ramification of the attack vector on a second network element of the second network elements due to the attack vector attacking the first network element, wherein the first federated memory store is configured as a first federated memory with the first segment of the network infrastructure stored thereon and the second federated memory store is configured as a second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model;
  
  determining, using the one or more processors and using the determined ramification, a criticality level of the attack vector associated with the second network element; and
  
  displaying, using the one or more processors, the criticality level of the attack vector on a user interface in order to alert a user as to the effect of the determined vulnerability.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the attack vector represents a security weakness of the network infrastructure.
  - 10. The method of claim 9, wherein determining the vulnerability comprises an external vulnerability.
  - 11. The method of claim 9, further comprising:
    - receiving administrative privileges for each network element of the first and second network elements; and
      
      determining the vulnerability, includes determining a vulnerability internal to the organization on each network element using the administrative privileges.
  - 12. The method of claim 11, wherein determining the criticality level further comprises determining a value representative of one or more of:
    - a level of breached security of the organization;
      
      reduced performance of the network infrastructure;
      
      downtime of one or more network elements of the first and second network elements; and
      
      downtime of one or more services provided by the network infrastructure.
  - 13. The method of claim 8, wherein the one or more processors are operable to:
    - generate the attack vector using a network security modeling tool.
  - 14. The method of claim 8, wherein the attack vector comprises one or more hypothetical vulnerabilities internal or external to the organization.

15. A non-transitory computer-readable storage device including instructions stored thereon, the instructions, which when executed by a machine, cause the machine to perform operations comprising:
- generating a network model of a network infrastructure that is used by an organization,wherein the network infrastructure includes a plurality of segments including a first segment and a second segment, the first segment including first network elements with a first level of security and the second segment including second network elements with a second level of security different from the first level of security;
  
  determining a vulnerability of a first network element of the first network elements of the network infrastructure;
  
  simulating, using the network model stored across a plurality of federated memory stores including a first and a second federated memory store, an attack vector on the determined vulnerability of the first network element to determine a ramification of the attack vector on a second network element of the second network elements due to the attack vector attacking the first network element, wherein the first federated memory store is configured as a first federated memory with the first segment of the network infrastructure stored thereon and the second federated memory store is configured as a second federated memory with the second segment of the network infrastructure stored thereon, and the simulation is configured to simulate a cascading effect of the attack vector on the second network element due to the attack vector attacking the vulnerability of the first network element using the first and second federated memories which are autonomous memories independently managed by respective administrators of the first and second segments to independently control sensitive information generated and gathered throughout collection, storage, and analysis of vulnerabilities on the network model;
  
  determining, using the determined ramification, a criticality level of the attack vector associated with the second network element; and
  
  displaying the criticality level of the attack vector on a user interface in order to alert a user as to the effect of the determined vulnerability.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The storage device of claim 15, wherein the attack vector represents a security weakness of the network infrastructure.
  - 17. The storage device of claim 16, wherein the instruction for determining the vulnerability comprise instructions, which when executed by the machine, cause the machine to perform operations comprising determining the vulnerability comprises an external vulnerability.
  - 18. The storage device of claim 16, further comprising instructions, which when executed by the machine, cause the machine to perform operations comprising:
    - receiving administrative privileges for each network element of the first and second network elements; and
      
      determining the vulnerability, includes determining a vulnerability internal to the organization on each network element using the administrative privileges.
  - 19. The storage device of claim 15, further comprising instructions, which when executed by the machine, cause the machine to perform operations comprising:
    - generating the attack vector using a network security modeling tool.
  - 20. The storage device of claim 15, wherein the instructions for determining the criticality level further comprise instructions, which when executed by the machine, cause the machine to perform operations comprising determining a value representative of one or more of:
    - a level of breached security of the organization;
      
      reduced performance of the network infrastructure;
      
      downtime of one or more network elements of the first and second network elements; and
      
      downtime of one or more services provided by the network infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Francisco Partners Management LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Powell, William Shane, Chen, Thomas L.
Primary Examiner(s)
Gelagay, Shewaye
Assistant Examiner(s)
NGUYEN, TRONG H

Application Number

US14/094,492
Publication Number

US 20140245449A1
Time in Patent Office

778 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

System, method, and software for cyber threat analysis

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and software for cyber threat analysis

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links