Contextualization of threat data

US 9,886,582 B2
Filed: 08/31/2015
Issued: 02/06/2018
Est. Priority Date: 08/31/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a data processing apparatus; and

a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising;

receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets;

receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes;

determining, by analyzing the threat data, vulnerability trends for the particular attributes;

determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data;

for each of the attributes that is one of the particular attributes identified in the threat data;

determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and

determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating;

for each of two or more vulnerabilities identified in the threat data;

determining the particular attributes affected by the vulnerability; and

determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability;

generating a ranking of the two or more vulnerabilities using the corresponding scores;

generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking;

providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and

receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining threat data contextualization. One of the methods includes receiving data that identifies assets, attributes for each of the assets, and respective relevance ratings for the assets, receiving threat data that identifies vulnerabilities of particular attributes, determining vulnerability trends for the particular attributes, determining whether an attribute is one of the particular attributes identified in the threat data, updating the relevance ratings of the attribute using the vulnerability trends for the attribute, for each of two or more vulnerabilities identified in the threat data: determining the particular attributes affected by the vulnerability, and determining a score for the vulnerability using the respective relevance ratings for the particular attributes affected by the vulnerability, generating a ranking of the vulnerabilities using the corresponding scores, and generating instructions for presentation of a user interface that identifies each of the vulnerabilities.

Citations

21 Claims

1. A system comprising:
- a data processing apparatus; and
  
  a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising;
  
  receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets;
  
  receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes;
  
  determining, by analyzing the threat data, vulnerability trends for the particular attributes;
  
  determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data;
  
  for each of the attributes that is one of the particular attributes identified in the threat data;
  
  determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and
  
  determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating;
  
  for each of two or more vulnerabilities identified in the threat data;
  
  determining the particular attributes affected by the vulnerability; and
  
  determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability;
  
  generating a ranking of the two or more vulnerabilities using the corresponding scores;
  
  generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking;
  
  providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and
  
  receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20, 21)
- - 2. The system of claim 1, the operations comprising:
    - receiving, from a device, a request for presentation of threat information to a user, wherein determining, by analyzing the threat data, the vulnerability trends for the particular attributes comprises determining, by analyzing the threat data, the vulnerability trends for the particular attributes in response to receiving the request for presentation of the threat information to a user.
  - 3. The system of claim 1, the operations comprising:
    - updating, for the entity'"'"'s computer asset that includes the changed attribute, the updated relevance rating in response to receiving the indication of the change to the attributes of the entity'"'"'s computer assets.
  - 4. The system of claim 1, wherein:
    - the relevance ratings for each of the attributes for the entity'"'"'s computer assets comprise asset relevance ratings;
      
      receiving the data that identifies the entity'"'"'s computer assets, the attributes for each of the entity'"'"'s computer assets, and the respective relevance ratings for each of the entity'"'"'s computer assets comprises receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, which of the entity'"'"'s computer assets and corresponding attributes are used for each of the entity'"'"'s business imperatives, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets, wherein at least one of the entity'"'"'s business imperatives identifies two or more of the attributes for the entity'"'"'s computer assets that are used for a goal or a project of the entity, the operations comprising;
      
      for each of the entity'"'"'s business imperatives;
      
      determining the attributes used by the business imperative; and
      
      determining, for each of the attributes used by the business imperative, a business imperative relevance rating for the attribute using a quantity of attributes used by the business imperative; and
      
      determining, for each of two or more vulnerabilities identified in the threat data, a business imperative score for the vulnerability by combining the business imperative relevance ratings for each of the particular attributes affected by the vulnerability.
  - 5. The system of claim 4, wherein determining, for each of the attributes used by the business imperative, a business imperative relevance rating for the attribute comprises determining, for each of the attributes used by a highest priority business imperative included in the entity'"'"'s business imperatives that uses at least one of the particular attributes affected by the vulnerability, the business imperative relevance rating for the particular attribute using a total quantity of attributes used by the highest priority business imperative.
  - 6. The system of claim 4, wherein receiving the data that identifies the entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, which of the entity'"'"'s computer assets and corresponding attributes are used for each of the entity'"'"'s business imperatives, and the respective relevance ratings for each of the attributes for the entity'"'"'s computer assets comprises:
    - providing, for presentation to a user, a user interface for input of identifiers for the entity'"'"'s computer assets, the asset relevance ratings and the attributes for each of the entity'"'"'s computer assets, and the business imperatives;
      
      receiving the data including the identifiers for the entity'"'"'s computer assets, the asset relevance ratings and the attributes for each of the entity'"'"'s computer assets, and the business imperatives in response to user interaction with the user interface; and
      
      determining, using the asset relevance ratings for each of the entity'"'"'s computer assets, the respective relevance ratings for each of the attributes for the corresponding computer asset.
  - 7. The system of claim 1, wherein receiving the threat data that identifies the vulnerabilities of the particular attributes comprises:
    - receiving structured threat data or unstructured threat data from a computer connected to the data processing apparatus by a network connection; and
      
      parsing the structured threat data or the unstructured threat data to determine the vulnerabilities and the particular attributes identified in the threat data.
  - 8. The system of claim 1, wherein:
    - determining, by analyzing the threat data, the vulnerability trends for the particular attributes comprises determining, for each of the particular attributes, a quantity of times the particular attribute is identified in the threat data with a vulnerability to which the particular attribute corresponds; and
      
      determining the weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute comprises determining the weight for the respective relevance rating of the corresponding attribute using the quantity of times the particular attribute is identified in the threat data with the vulnerability to which the particular attribute corresponds.
  - 9. The system of claim 1, wherein determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data comprises:
    - comparing, for each of the attributes, a name for the attribute or an alternate spelling of the name for the attribute with a string, for each of the particular attributes, from the threat data that identifies the particular attribute; and
      
      determining, for each of the attributes, that the attribute is one of the particular attributes when the name or the alternate spelling of the name is the same as one of the strings that identifies a corresponding one of the particular attributes.
  - 10. The system of claim 1, wherein:
    - determining, by analyzing the threat data, the vulnerability trends for the particular attribute comprises determining a quantity of times the particular attribute is identified in the threat data with a vulnerability to which the particular attribute corresponds;
      
      determining the weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the attribute comprises;
      
      determining whether the quantity of times the attribute is identified in the threat data satisfies a threshold value; and
      
      selecting a first weight in response to determining that the quantity of times the attribute is identified in the threat data satisfies the threshold value;
      
      orselecting a second weight in response to determining that the quantity of times the attribute is identified in the threat data does not satisfy the threshold value; and
      
      determining the updated relevance rating by combining the weight with the respective relevance rating comprises adding the selected weight value to the respective relevance rating to determine the updated relevance rating for the corresponding attribute.
  - 11. The system of claim 1, the operations comprising:
    - determining a particular industry for the entity;
      
      determining, for each of the subsets of threat data, an industry for the subset of threat data; and
      
      including, for each of the subsets of threat data with an industry that is the same as the particular industry, the subset of threat data in the ranking.
  - 12. The system of claim 1, wherein receiving the data that identifies the entity'"'"'s computer assets, the attributes for each of the entity'"'"'s computer assets, and the respective relevance ratings for each of the attributes for the entity'"'"'s computer assets comprises receiving data representing user input indicating the respective relevance ratings for each of the entity'"'"'s computer assets.
  - 19. The system of claim 1, wherein determining the weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute comprises determining, for each of the attributes that is one of the particular attributes identified in the threat data, the weight for the respective relevance rating of the corresponding attribute using a quantity of documents in the threat data that identify the corresponding attribute.
  - 20. The system of claim 4, wherein determining, for each of the attributes used by the business imperative, the business imperative relevance rating for the attribute using the quantity of attributes used by the business imperative comprises determining, for each of the attributes used by the business imperative, the business imperative relevance rating that indicates a percentage to which the business imperative uses the attribute compared to the other attributes used by the business imperative.
  - 21. The system of claim 4, wherein determining, for each of the attributes used by the business imperative, the business imperative relevance rating for the attribute using the quantity of attributes used by the business imperative comprises:
    - determining a total quantity of attributes used by the business imperative; and
      
      assigning, to each of the attributes used by the business imperative, a business imperative relevance rating that indicates a percentage for the attribute out of the total quantity of attributes.

13. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets;
  
  receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes;
  
  determining, by analyzing the threat data, vulnerability trends for the particular attributes;
  
  determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data;
  
  for each of the attributes that is one of the particular attributes identified in the threat data;
  
  determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and
  
  determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating;
  
  for each of two or more vulnerabilities identified in the threat data;
  
  determining the particular attributes affected by the vulnerability; and
  
  determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability;
  
  generating a ranking of the two or more vulnerabilities using the corresponding scores;
  
  generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking;
  
  providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and
  
  receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets.
- View Dependent Claims (14, 15)
- - 14. The computer readable storage medium of claim 13, the operations comprising:
    - receiving, from a device, a request for presentation of threat information to a user, wherein determining, by analyzing the threat data, the vulnerability trends for the particular attributes comprises determining, by analyzing the threat data, the vulnerability trends for the particular attributes in response to receiving the request for presentation of the threat information to a user.
  - 15. The computer readable storage medium of claim 13, the operations comprising:
    - updating, for the entity'"'"'s computer asset that includes the changed attribute, the updated relevance rating in response to receiving the indication of the change to the attributes of the entity'"'"'s computer assets.

16. A computer-implemented method comprising:
- receiving data that identifies an entity'"'"'s computer assets, attributes for each of the entity'"'"'s computer assets, and respective relevance ratings for each of the attributes for the entity'"'"'s computer assets;
  
  receiving threat data that identifies vulnerabilities of particular attributes, the threat data comprising two or more subsets of threat data each of which identifies a vulnerability of a different one of the particular attributes;
  
  determining, by analyzing the threat data, vulnerability trends for the particular attributes;
  
  determining, for each of the attributes, whether the attribute is one of the particular attributes identified in the threat data;
  
  for each of the attributes that is one of the particular attributes identified in the threat data;
  
  determining a weight for the respective relevance rating of the corresponding attribute using the vulnerability trends for the corresponding attribute; and
  
  determining an updated relevance rating of the corresponding attribute by combining the weight with the respective relevance rating;
  
  for each of two or more vulnerabilities identified in the threat data;
  
  determining the particular attributes affected by the vulnerability; and
  
  determining a score for the vulnerability by combining the updated relevance ratings for each of the particular attributes affected by the vulnerability;
  
  generating a ranking of the two or more vulnerabilities using the corresponding scores;
  
  generating instructions for presentation of a user interface that identifies each of the two or more vulnerabilities according to the ranking;
  
  providing the instructions to a device to cause the device to present the user interface to a user to allow the user to change the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets based on the vulnerabilities; and
  
  receiving an indication of a change to the entity'"'"'s computer assets or the attributes of the entity'"'"'s computer assets.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, comprising:
    - receiving, from a device, a request for presentation of threat information to a user, wherein determining, by analyzing the threat data, the vulnerability trends for the particular attributes comprises determining, by analyzing the threat data, the vulnerability trends for the particular attributes in response to receiving the request for presentation of the threat information to a user.
  - 18. The method of claim 16, comprising:
    - updating, for the entity'"'"'s computer asset that includes the changed attribute, the updated relevance rating in response to receiving the indication of the change to the attributes of the entity'"'"'s computer assets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Hovor, Elvis, Rozmiarek, David William, Burkett, Robin Lynn, Carver, Matthew, El-Sharkawi, Mohamed H.
Primary Examiner(s)
King, John B
Assistant Examiner(s)
Golriz, Arya

Application Number

US14/841,048
Publication Number

US 20170061132A1
Time in Patent Office

890 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

G06F 3/04847   Interaction techniques to c...

H04L 63/1433   Vulnerability analysis

Contextualization of threat data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Contextualization of threat data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links