×

Systems for network risk assessment including processing of user access rights associated with a network of devices

  • US 9,648,036 B2
  • Filed: 07/13/2016
  • Issued: 05/09/2017
  • Est. Priority Date: 12/29/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method comprising:

  • by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors,accessing;

    network device information indicating one or more of;

    configuration information of network devices within a network, ora network topology indicating communication paths between network devices determined using, at least, monitored network traffic between the network devices; and

    user account information indicating;

    user access rights of respective user accounts, andone or more of;

    profile information of respective user accounts,user account rules enforced on the network, ornetwork actions associated with the user accounts;

    for each of the network devices and user accounts;

    determining a vulnerability indicating a likelihood of the network device or user account being compromised, the vulnerability based on values of a plurality of vulnerability metrics determined using network device information associated with the network device or user account information associated with the user account;

    determining an importance indicating a priority an attacker would place on compromising the network device or the user account, the importance based on values of a plurality of importance metrics determined using network device information associated with the network device or user account information associated with the user account;

    providing, for presentation, an interactive user interface comprising a visual representation of;

    at least some of the determined vulnerabilities for the network devices and/or the user accounts;

    at least some of the determined importances for the network devices and/or the user accounts,wherein the interactive user interface is operable to modify, in response to received input indicating a weighting for one or more network device, user account, vulnerability metric, or importance metric, the determined vulnerabilities and/or importances, included in the interactive user interface;

    receiving, in the interactive user interface, input associated with modifying an adjustable user interface element indicating a time period associated with determining vulnerabilities and determining importances; and

    updating, in the interactive user interface based on the indicated time period, the visual representation, thereby presenting increases or decreases in respective vulnerabilities or importances, for the network devices and/or the user accounts.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×