Systems for network risk assessment including processing of user access rights associated with a network of devices

US 9,882,925 B2
Filed: 09/16/2016
Issued: 01/30/2018
Est. Priority Date: 12/29/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized method comprising:

by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors,obtaining information describing network traffic between a plurality of network devices within a network;

determining, based on the information describing network traffic, a network topology of the network, the network topology comprising a plurality of nodes each connected to one or more of the plurality of nodes, wherein each node is associated with one or more network devices, and wherein the network topology is associated with indications of user access rights of a plurality of user accounts to respective nodes included in the network topology;

determining, for each of the plurality of user accounts, a risk associated with the user account being compromised with respect to the network, the risk being based on;

user access rights of the user account to nodes included in the network topology, andinformation informing vulnerability of the user account being compromised; and

generating user interface data describing the risks associated with the user accounts, the user interface data including indications of user accounts organized according to respective risk.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network risk assessment. One of the methods includes obtaining information describing network traffic between a plurality of network devices within a network. A network topology of the network is determined based on the information describing network traffic, with the network topology including nodes connected by an edge to one or more other nodes, and with each node being associated with one or more network devices. Indications of user access rights of users are associated to respective nodes included in the network topology. User interface data associated with the network topology is generated.

Citations

19 Claims

1. A computerized method comprising:
- by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors,obtaining information describing network traffic between a plurality of network devices within a network;
  
  determining, based on the information describing network traffic, a network topology of the network, the network topology comprising a plurality of nodes each connected to one or more of the plurality of nodes, wherein each node is associated with one or more network devices, and wherein the network topology is associated with indications of user access rights of a plurality of user accounts to respective nodes included in the network topology;
  
  determining, for each of the plurality of user accounts, a risk associated with the user account being compromised with respect to the network, the risk being based on;
  
  user access rights of the user account to nodes included in the network topology, andinformation informing vulnerability of the user account being compromised; and
  
  generating user interface data describing the risks associated with the user accounts, the user interface data including indications of user accounts organized according to respective risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computerized method of claim 1, wherein an indication of user access rights of a particular user account to a particular node comprises one or more of:
    - information indicating that a user associated with the particular user account is permitted access to a space that includes at least one network device associated with the particular node,information indicating that the particular user account can provide information to, or receive information from, at least one network device associated with the particular node, orinformation indicating that the particular user account is permitted to access, or has actually attempted to access, at least one network device associated with the particular node.
  - 3. The method of claim 1, wherein information informing vulnerability of a particular user account being compromised comprises one or more of a complexity of a password associated with the particular user account, a location from which a user associated with the particular user account logs in, a length of time the user has been associated with the network, or information associated with an importance of the particular user account.
  - 4. The method of claim 1, further comprising:
    - determining, for each of the plurality of nodes, a risk associated with the node being compromised, wherein the risk associated with each user account being compromised is based, at least in part, on risks associated with nodes that are associated with user access rights of the user account.
  - 5. The method of claim 4, further comprising:
    - receiving information identifying nodes indicated as being important, wherein the risk associated with each user account is based, at least in part, on user access rights of the user account that are associated with the indicated nodes.
  - 6. The method of claim 1, wherein a generated user interface is configured to receive a selection of a user account, and wherein upon receiving a selection of a particular user account the generated user interface is configured to present the network topology with particular nodes that are associated with user access rights of the particular user account being shaded or colored.
  - 7. The method of claim 6, wherein the generated user interface is configured to present a total risk associated with the particular nodes that are associated with user access rights of the particular user account, the total risk being determined based on risks associated with each of the particular nodes.

8. A system comprising one or more computer systems and one or more computer storage media storing instructions that when executed by the system of one or more computers cause the one or more computers to perform operations comprising:
- obtaining information describing network traffic between a plurality of network devices within a network;
  
  determining, based on the information describing network traffic, a network topology of the network, the network topology comprising a plurality of nodes each connected to one or more of the plurality of nodes, wherein each node is associated with one or more network devices, and wherein the network topology is associated with indications of user access rights of a plurality of user accounts to respective nodes included in the network topology;
  
  determining, for each of the plurality of user accounts, a risk associated with the user account being compromised with respect to the network, the risk being based on;
  
  user access rights of the user account to nodes included in the network topology, andinformation informing vulnerability of the user account being compromised; and
  
  generating user interface data describing the risks associated with the user accounts, the user interface data including indications of user accounts organized according to respective risk.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein an indication of user access rights of a particular user account to a particular node comprises one or more of:
    - information indicating that a user associated with the particular user account is permitted access to a space that includes at least one network device associated with the particular node,information indicating that the particular user account can provide information to, or receive information from, at least one network device associated with the particular node, orinformation indicating that the particular user account is permitted to access, or has actually attempted to access, at least one network device associated with the particular node.
  - 10. The system of claim 8, wherein information informing vulnerability of a particular user account being compromised comprises one or more of a complexity of a password associated with the particular user account, a location from which a user associated with the particular user account logs in, a length of time the user has been associated with the network, or information associated with an importance of the particular user account.
  - 11. The system of claim 8, wherein the operations further comprise:
    - determining, for each of the plurality of nodes, a risk associated with the node being compromised, wherein the risk associated with each user account being compromised is based, at least in part, on risks associated with nodes that are associated with user access rights of the user account.
  - 12. The system of claim 11, wherein the operations further comprise:
    - receiving information identifying nodes indicated as being important, wherein the risk associated with each user account is based, at least in part, on user access rights of the user account that are associated with the indicated nodes.
  - 13. The system of claim 8, wherein a generated user interface is configured to receive a selection of a user account, and wherein upon receiving a selection of a particular user account the generated user interface is configured to present the network topology with particular nodes that are associated with user access rights of the particular user account being shaded or colored.

14. Non-transitory computer storage media storing instructions that when executed by a system of one or more computers cause the one or more computers to perform operations comprising:
- obtaining information describing network traffic between a plurality of network devices within a network;
  
  determining, based on the information describing network traffic, a network topology of the network, the network topology comprising a plurality of nodes each connected to one or more of the plurality of nodes, wherein each node is associated with one or more network devices, and wherein the network topology is associated with indications of user access rights of a plurality of user accounts to respective nodes included in the network topology;
  
  determining, for each of the plurality of user accounts, a risk associated with the user account being compromised with respect to the network, the risk being based on;
  
  user access rights of the user account to nodes included in the network topology, andinformation informing vulnerability of the user account being compromised; and
  
  generating user interface data describing the risks associated with the user accounts, the user interface data including indications of user accounts organized according to respective risk.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer storage media of claim 14, wherein an indication of user access rights of a particular user account to a particular node comprises one or more of:
    - information indicating that a user associated with the particular user account is permitted access to a space that includes at least one network device associated with the particular node,information indicating that the particular user account can provide information to, or receive information from, at least one network device associated with the particular node, orinformation indicating that the particular user account is permitted to access, or has actually attempted to access, at least one network device associated with the particular node.
  - 16. The non-transitory computer storage media of claim 14, wherein information informing vulnerability of a particular user account being compromised comprises one or more of a complexity of a password associated with the particular user account, a location from which a user associated with the particular user account logs in, a length of time the user has been associated with the network, or information associated with an importance of the particular user account.
  - 17. The non-transitory computer storage media of claim 14, wherein the operations further comprise:
    - determining, for each of the plurality of nodes, a risk associated with the node being compromised, wherein the risk associated with each user account being compromised is based, at least in part, on risks associated with nodes that are associated with user access rights of the user account.
  - 18. The non-transitory computer storage media of claim 17, wherein the operations further comprise:
    - receiving information identifying nodes indicated as being important, wherein the risk associated with each user account is based, at least in part, on user access rights of the user account that are associated with the indicated nodes.
  - 19. The non-transitory computer storage media of claim 14, wherein a generated user interface is configured to receive a selection of a user account, and wherein upon receiving a selection of a particular user account the generated user interface is configured to present the network topology with particular nodes that are associated with user access rights of the particular user account being shaded or colored.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Seiver, Miles, Rosenblum, Charles
Primary Examiner(s)
McNally, Michael S

Application Number

US15/267,589
Publication Number

US 20170070529A1
Time in Patent Office

501 Days
Field of Search

726 25
US Class Current
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 43/0876   Network utilisation, e.g. v...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/1433   Vulnerability analysis

Systems for network risk assessment including processing of user access rights associated with a network of devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems for network risk assessment including processing of user access rights associated with a network of devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links