System for generation and reuse of resource-centric threat modeling templates and identifying controls for securing technology resources
First Claim
1. A system for generation and implementation of threat vector templates and implementing controls for securing technology resources, the system comprising:
- at least one non-transitory storage device;
at least one processor; and
instruction code stored in said storage device, said instruction code being executable by the at least one processor and configured to cause said at least one processor to;
electronically receive an analysis request associated with an internal resource from a user device associated with a user;
determine that an internal resource in a network requires protection from unauthorized external access;
electronically receive information associated with the internal resource within the network, wherein the information associated with the internal resource comprises at least a resource category;
determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource;
electronically retrieve from a controls library, a control template associated with a resource category matching the resource category of the internal resource, wherein the control template comprises a map of one or more controls to be applied to each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource;
apply the control template to the internal resource, whereby the one or more controls associated with the at least one of the one or more threat vectors is configured for detecting the access to the internal resource via at least one of one or more types of access;
determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors;
determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors;
determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors;
determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors;
determine that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold;
determine one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library;
initiate, via an established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation;
electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user; and
incorporate the one or more additional controls selected by the user, wherein incorporating the one or more additional controls lowers the exposure score to below the predetermined threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, computer program products, and methods are described herein for creating reusable resource-centric threat models and identifying controls for securing resources within a network. The present invention is configured to determine that an internal resource in a network requires protection from unauthorized external access; electronically receive information associated with the internal resource within the network; determine one or more threat vectors associated with the internal resource; electronically retrieve from a controls library, a control template associated with a resource category matching the resource category of the internal resource; and apply the control template to the internal resource.
58 Citations
20 Claims
-
1. A system for generation and implementation of threat vector templates and implementing controls for securing technology resources, the system comprising:
-
at least one non-transitory storage device; at least one processor; and instruction code stored in said storage device, said instruction code being executable by the at least one processor and configured to cause said at least one processor to; electronically receive an analysis request associated with an internal resource from a user device associated with a user; determine that an internal resource in a network requires protection from unauthorized external access; electronically receive information associated with the internal resource within the network, wherein the information associated with the internal resource comprises at least a resource category; determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource; electronically retrieve from a controls library, a control template associated with a resource category matching the resource category of the internal resource, wherein the control template comprises a map of one or more controls to be applied to each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource; apply the control template to the internal resource, whereby the one or more controls associated with the at least one of the one or more threat vectors is configured for detecting the access to the internal resource via at least one of one or more types of access; determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors; determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors; determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors; determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors; determine that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold; determine one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library; initiate, via an established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation; electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user; and incorporate the one or more additional controls selected by the user, wherein incorporating the one or more additional controls lowers the exposure score to below the predetermined threshold. - View Dependent Claims (2, 3, 4)
-
-
5. A computerized method for generation and implementation of threat vector templates and implementing controls for securing technology resources, the method comprising:
-
electronically receiving, using a computing device processor, an analysis request associated with an internal resource from a user device associated with a user; determining, using a computing device processor, that an internal resource in a network requires protection from unauthorized external access; electronically receiving, using a computing device processor, information associated with the internal resource within the network, wherein the information associated with the internal resource comprises at least a resource category; determining, using a computing device processor, one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource; electronically retrieving, using a computing device processor, from a controls library, a control template associated with a resource category matching the resource category of the internal resource, wherein the control template comprises a map of one or more controls to be applied to each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource; applying, using a computing device processor, the control template to the internal resource, whereby the one or more controls associated with the at least one of the one or more threat vectors is configured for detecting the access to the internal resource via at least one of one or more types of access; determining, using a computing device processor, a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors; determining, using a computing device processor, a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors; determining, using a computing device processor, a strength associated with each of the one or more controls associated with each of the one or more threat vectors; determining, using a computing device processor, an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors; determining, using a computing device processor, that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold; determining, using a computing device processor, one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library; initiating, using a computing device processor, via an established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation; electronically receiving, using a computing device processor, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user; and incorporating, using a computing device processor, the one or more additional controls selected by the user, wherein incorporating the one or more additional controls lowers the exposure score to below the predetermined threshold. - View Dependent Claims (6, 7, 8)
-
-
9. A computer program product for generation and implementation of threat vector templates and implementing controls for securing technology resources, the computer program product embodied on a non-transitory computer-readable medium comprising code causing a first apparatus to:
-
electronically receive an analysis request associated with an internal resource from a user device associated with a user; determine that an internal resource in a network requires protection from unauthorized external access; electronically receive information associated with the internal resource within the network, wherein the information associated with the internal resource comprises at least a resource category; determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource; electronically retrieve from a controls library, a control template associated with a resource category matching the resource category of the internal resource, wherein the control template comprises a map of one or more controls to be applied to each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource; apply the control template to the internal resource, whereby the one or more controls associated with the at least one of the one or more threat vectors is configured for detecting the access to the internal resource via at least one of one or more types of access; determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors; determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors; determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors; determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors; determine that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold; determine one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library; initiate, via an established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation; electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user; and incorporate the one or more additional controls selected by the user, wherein incorporating the one or more additional controls lowers the exposure score to below the predetermined threshold. - View Dependent Claims (10)
-
-
11. A computerized method for generation and implementation of threat vector templates and implementing controls for securing technology resources, the method comprising:
-
electronically receiving, using a computing device processor, an analysis request associated with an internal resource from a user device associated with a user; determining, using a computing device processor, that an internal resource in a network requires protection from unauthorized external access; electronically receive information associated with the internal resource within the network, wherein the information associated with the internal resource comprises at least a resource category; determining, using a computing device processor, one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource; electronically retrieving, using a computing device processor, from a controls library, a control template associated with a resource category matching the resource category of the internal resource, wherein the control template comprises a map of one or more controls to be applied to each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource; applying, using a computing device processor, the control template to the internal resource, whereby the one or more controls associated with the at least one of the one or more threat vectors is configured for detecting the access to the internal resource via at least one of one or more types of access; determining, using a computing device processor, a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors; determining, using a computing device processor, a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors;
determining, using a computing device processor, a strength associated with each of the one or more controls associated with each of the one or more threat vectors;determining, using a computing device processor, an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors; determining, using a computing device processor, one or more additional controls; determining, using a computing device processor, a cost associated with the incorporation of each of the one or more additional controls; determining, using a computing device processor, that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls; and based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, incorporating, using a computing device processor, the one or more additional controls. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for generation and implementation of threat vector templates and implementing controls for securing technology resources, the system comprising:
-
at least one non-transitory storage device; at least one processor; and instruction code stored in said storage device, said instruction code being executable by the at least one processor and configured to cause said at least one processor to; electronically receive an analysis request associated with an internal resource from a user device associated with a user; determine that an internal resource in a network requires protection from unauthorized external access; electronically receive information associated with the internal resource within the network, wherein the information associated with the internal resource comprises at least a resource category; determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource; electronically retrieve from a controls library, a control template associated with a resource category matching the resource category of the internal resource, wherein the control template comprises a map of one or more controls to be applied to each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource; apply the control template to the internal resource, whereby the one or more controls associated with the at least one of the one or more threat vectors is configured for detecting the access to the internal resource via at least one of one or more types of access; determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors; determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors; determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors; determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors; determine one or more additional controls; determine a cost associated with the incorporation of each of the one or more additional controls; determine that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls; and based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, incorporate the one or more additional controls. - View Dependent Claims (17, 18, 19, 20)
-
Specification