Contextualization of threat data
First Claim
1. A system comprising:
- a data processing apparatus; and
a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising;
receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets;
receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes;
determining, by analyzing the threat data, vulnerability trends for the particular attributes;
determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data;
for each of the attributes that is one of the particular attributes identified in the threat data;
determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and
determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating;
for each of two or more vulnerabilities identified in the threat data;
determining the particular attributes affected by the vulnerability; and
determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability;
generating a ranking of the two or more vulnerabilities using the corresponding scores;
generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking;
providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and
receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining threat data contextualization. One of the methods includes receiving data that identifies assets, attributes for each of the assets, and respective relevance ratings for the assets, receiving threat data that identifies vulnerabilities of particular attributes, determining vulnerability trends for the particular attributes, determining whether an attribute is one of the particular attributes identified in the threat data, updating the relevance ratings of the attribute using the vulnerability trends for the attribute, for each of two or more vulnerabilities identified in the threat data: determining the particular attributes affected by the vulnerability, and determining a score for the vulnerability using the respective relevance ratings for the particular attributes affected by the vulnerability, generating a ranking of the vulnerabilities using the corresponding scores, and generating instructions for presentation of a user interface that identifies each of the vulnerabilities.
-
Citations
21 Claims
-
1. A system comprising:
-
a data processing apparatus; and a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising; receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets; receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes; determining, by analyzing the threat data, vulnerability trends for the particular attributes; determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data; for each of the attributes that is one of the particular attributes identified in the threat data; determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating; for each of two or more vulnerabilities identified in the threat data; determining the particular attributes affected by the vulnerability; and determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability; generating a ranking of the two or more vulnerabilities using the corresponding scores; generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking; providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20, 21)
-
-
13. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
-
receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets; receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes; determining, by analyzing the threat data, vulnerability trends for the particular attributes; determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data; for each of the attributes that is one of the particular attributes identified in the threat data; determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating; for each of two or more vulnerabilities identified in the threat data; determining the particular attributes affected by the vulnerability; and determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability; generating a ranking of the two or more vulnerabilities using the corresponding scores; generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking; providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets. - View Dependent Claims (14, 15)
-
-
16. A computer-implemented method comprising:
-
receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets; receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes; determining, by analyzing the threat data, vulnerability trends for the particular attributes; determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data; for each of the attributes that is one of the particular attributes identified in the threat data; determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating; for each of two or more vulnerabilities identified in the threat data; determining the particular attributes affected by the vulnerability; and determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability; generating a ranking of the two or more vulnerabilities using the corresponding scores; generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking; providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets. - View Dependent Claims (17, 18)
-
Specification