Cyber vulnerability scan analyses with actionable feedback

US 9,699,209 B2
Filed: 04/29/2016
Issued: 07/04/2017
Est. Priority Date: 12/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

determining an external infrastructure of an entity, the entity being coupled to a network, the external infrastructure comprising one or more cyber assets utilized by the entity;

collecting infrastructure information regarding the one or more cyber assets;

performing passive cyber security vulnerability testing on the one or more cyber assets using the collected infrastructure information;

assessing cyber security vulnerabilities of the one or more cyber assets based on the performing of passive cyber security vulnerability testing;

calculating an association score for the one or more cyber assets based on the assessed cyber security vulnerabilities;

automatically recommending to the entity via the network, based on the association score, computer network changes for the one or more cyber assets to reduce the assessed cyber security vulnerabilities; and

determining that the entity has enacted at least a portion of the recommended computer network changes for the one or more cyber assets, and in response, automatically re-performing passive cyber security vulnerability testing on the one or more cyber assets based on the recommended computer network changes.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present technology relate to cyber attack vulnerability analyzes. In one embodiment, a method includes determining an external infrastructure of an entity, the external infrastructure including one or more cyber assets utilized by the entity, collecting infrastructure information regarding the one or more cyber assets, performing passive cyber security vulnerability testing on the one or more cyber assets using the collected infrastructure information, assessing cyber security vulnerabilities of the one or more cyber assets, calculating an association score for the one or more cyber assets based on the assessed cyber security vulnerabilities, and automatically recommending, based on the association score, computer network changes to reduce the cyber security vulnerabilities.

186 Citations

20 Claims

1. A method, comprising:
- determining an external infrastructure of an entity, the entity being coupled to a network, the external infrastructure comprising one or more cyber assets utilized by the entity;
  
  collecting infrastructure information regarding the one or more cyber assets;
  
  performing passive cyber security vulnerability testing on the one or more cyber assets using the collected infrastructure information;
  
  assessing cyber security vulnerabilities of the one or more cyber assets based on the performing of passive cyber security vulnerability testing;
  
  calculating an association score for the one or more cyber assets based on the assessed cyber security vulnerabilities;
  
  automatically recommending to the entity via the network, based on the association score, computer network changes for the one or more cyber assets to reduce the assessed cyber security vulnerabilities; and
  
  determining that the entity has enacted at least a portion of the recommended computer network changes for the one or more cyber assets, and in response, automatically re-performing passive cyber security vulnerability testing on the one or more cyber assets based on the recommended computer network changes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method according to claim 1, wherein the collecting of infrastructure information regarding the one or more cyber assets comprises evaluating domain name server information or domain host information for the one or more cyber assets.
  - 3. The method according to claim 2, further comprising:
    - determining cyber security failures of third party cyber assets associated with the domain name server information or the domain host information; and
      
      wherein the assessing of cyber security vulnerabilities of the one or more cyber assets is further based on the determining of cyber security failures of the third party cyber assets.
  - 4. The method according to claim 3, wherein the cyber security failures comprise any of a cyber attack or a privacy incident involving sensitive information.
  - 5. The method according to claim 1,wherein the collecting of infrastructure information regarding the one or more cyber assets comprises searching online resources to determine if user account or authentication information has been exposed, the user account or authentication information comprising one or more of:
    - email addresses, usernames, passwords, and encryption keys; and
      
      wherein the performing of passive cyber security vulnerability testing on the one or more cyber assets includes verifying the user account or authentication information by comparing the user account or authentication information of the collected infrastructure information with the user account or authentication information provided by the entity.
  - 6. The method according to claim 1, further comprising automatically determining, based on the assessed cyber security vulnerabilities, at least one of a change and a setting to at least one element of policy criteria of a cyber security policy.
  - 7. The method according to claim 6, further comprising:
    - in response to the entity enacting at least a portion of the recommended computer network changes for the one or more cyber assets, initiating the change or the setting to the at least one element of policy criteria of the cyber security policy.
  - 8. The method according to claim 1, further comprising dynamically re-assessing cyber security vulnerabilities of the one or more cyber assets based on the re-performed passive cyber security vulnerability testing.
  - 9. The method according to claim 1, wherein the assessing of cyber security vulnerabilities of the one or more cyber assets comprises:
    - assessing, using a plurality of motivation elements regarding the entity, a motivation of an actor to initiate a cyber attack, the motivation being one of a plurality of features of the entity.
  - 10. The method according to claim 9, wherein the actor is a hacker.
  - 11. The method according to claim 1, wherein the assessing of cyber security vulnerabilities of the one or more cyber assets comprises:
    - assessing, using a plurality of sophistication elements for the entity, a sophistication for the entity with respect to preventing a cyber security failure, the sophistication being one of a plurality of features of the entity; and
      
      assessing, using a plurality of motivation elements regarding the entity, a motivation of an actor to initiate the cyber security failure, the motivation being one of the plurality of features of the entity.
  - 12. The method according to claim 11, further comprising calculating a composite score from:
    - a motivation score, a sophistication score, and the association score;
      
      the motivation score representing the plurality of motivation elements, and the sophistication score representing the plurality of sophistication elements.
  - 13. The method according to claim 1, further comprising:
    - creating an aggregate association score of a portfolio of entities based on a plurality of association scores, the plurality of association scores including the association score for the one or more cyber assets; and
      
      benchmarking over time the aggregate association score of the portfolio of entities.
  - 14. The method according to claim 13, further comprising determining a position of the entity relative to the aggregate association score of the portfolio of entities, the portfolio of entities belonging to at least one of an industry group, a geographic location, a company size, a technology sector, or any combinations thereof.

15. A system, comprising:
- a processor; and
  
  a memory communicatively coupled with the processor, the memory storing instructions which when executed by the processor performs a method, the method comprising;
  
  determining an external infrastructure of an entity, the entity being coupled to a network, the external infrastructure comprising one or more cyber assets utilized by the entity;
  
  collecting infrastructure information regarding the one or more cyber assets;
  
  performing passive cyber security vulnerability testing on the one or more cyber assets using the collected infrastructure information;
  
  assessing cyber security vulnerabilities of the one or more cyber assets based on the performing of passive cyber security vulnerability testing;
  
  calculating an association score for the one or more cyber assets based on the assessed cyber security vulnerabilities;
  
  automatically recommending to the entity via the network, based on the association score, computer network changes for the one or more cyber assets to reduce the assessed cyber security vulnerabilities; and
  
  determining that the entity has enacted at least a portion of the recommended computer network changes for the one or more cyber assets, and in response, automatically re-performing passive cyber security vulnerability testing on the one or more cyber assets based on the recommended computer network changes.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system according to claim 15, wherein computer agents deployed by the system are configured to perform the determining of the external infrastructure of the entity and the collecting of infrastructure information regarding the one or more cyber assets.
  - 17. The system according to claim 16, wherein the collecting of infrastructure information regarding the one or more cyber assets comprises evaluating domain name server information or domain host information of the one or more cyber assets.
  - 18. The system according to claim 17, further comprising:
    - determining cyber security failures of third party cyber assets associated with the domain name server information or the domain host information; and
      
      wherein the assessing of cyber security vulnerabilities of the one or more cyber assets is further based on the determining of cyber security failures of the third party cyber assets.
  - 19. The system according to claim 15, wherein the collecting of infrastructure information regarding the one or more cyber assets comprises searching online resources to determine if user account or authentication information has been exposed, the user account or authentication information comprising any one or more of:
    - email addresses, usernames, passwords, and encryption keys.

20. A method, comprising:
- assessing a plurality of online resources of an entity, the entity being coupled to a network;
  
  collecting identifying information for the plurality of online resources;
  
  searching, based on the collected identifying information for the plurality of online resources, for information sources that have exposed sensitive information regarding the plurality of online resources;
  
  determining cyber security vulnerabilities using the exposed sensitive information;
  
  automatically recommending to the entity via the network, based on the cyber security vulnerabilities, computer network changes for the plurality of online resources to reduce the cyber security vulnerabilities; and
  
  determining that the entity has enacted at least a portion of the recommended computer network changes for the plurality of online resources of the entity, and in response, automatically re-performing searching for the information sources based on the recommended computer network changes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyence LLC. (Guidewire Software Incorporated)
Original Assignee
Cyence Inc. (Guidewire Software Incorporated)
Inventors
Tancioco, Jr., Fernando, Ng, George Y., Zhang, Feiyin
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US15/142,997
Publication Number

US 20160248800A1
Time in Patent Office

431 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 40/06   Asset management; Financial...

G06Q 40/08   Insurance

H04L 63/083   using passwords cryptograph...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Cyber vulnerability scan analyses with actionable feedback

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cyber vulnerability scan analyses with actionable feedback

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links