System and method for cyber attacks analysis and decision support

US 9,930,061 B2
Filed: 08/22/2016
Issued: 03/27/2018
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for cyber attack risk assessment, the method comprising using at least one hardware processor for:

(i) continuously collecting global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives;

(ii) collecting organizational profile data, comprising;

(a) multiple assets, each relevant to at least one of the attacker objectives, and(b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and

(iii) continuously computing multiple cyber attack risk scores, comprising an enterprise cyber attack risk score, and an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to;

(a) the attack methods directed at the attacker objectives relevant to the asset,(b) the defensive controls provided to protect the asset, and(c) a control maturity score representing the capability of the defensive controls to protect the asset;

wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods,wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group,wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups,wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors,wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack,wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives,wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls, and the multiple control groups, andwherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for cyber attack risk assessment is disclosed. The method uses at least one hardware processor for: continuously collecting, from a networked resource, cyber attack data having multiple attack methods directed at multiple objectives. The method also collects organizational profile data, having: assets, each relevant to at least one of the objectives, and defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods. The method continuously computes: an enterprise risk score, and an asset risk score for each of the assets. Each asset risk score is computed with respect to: the attack methods directed at the objectives relevant to the asset, the defensive controls provided to protect the asset, and a maturity score representing the capability of the defensive controls to protect the asset. The method also continuously displays a dynamic rendition of the risk scores.

Citations

13 Claims

1. A method for cyber attack risk assessment, the method comprising using at least one hardware processor for:
- (i) continuously collecting global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives;
  
  (ii) collecting organizational profile data, comprising;
  
  (a) multiple assets, each relevant to at least one of the attacker objectives, and(b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and
  
  (iii) continuously computing multiple cyber attack risk scores, comprising an enterprise cyber attack risk score, and an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to;
  
  (a) the attack methods directed at the attacker objectives relevant to the asset,(b) the defensive controls provided to protect the asset, and(c) a control maturity score representing the capability of the defensive controls to protect the asset;
  
  wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods,wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group,wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups,wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors,wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack,wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives,wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls, and the multiple control groups, andwherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the attacker objectives comprise any activities selected from the group comprising:
    - destroying data, copying data, changing data vandalizing data, stealing data, and denying access to data.

3. A non-transitory computer-readable storage medium (CRM) comprising computer-executable code for cyber attack risk assessment, the code configured to:
- (i) continuously collect global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives;
  
  (ii) collect organizational profile data, comprising;
  
  (a) multiple assets, each relevant to at least one of the attacker objectives, and(b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and
  
  (iii) continuously compute multiple cyber attack risk scores, comprising;
  
  (a) an enterprise cyber attack risk score,(b) an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to;
  
  (i) the attack methods directed at the attacker objectives relevant to the asset,(ii) the defensive controls provided to protect the asset, and(iii) a control maturity score representing the capability of the defensive controls to protect the asset;
  
  wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods,wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group,wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups,wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method,wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors;
  
  wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack;
  
  wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives;
  
  wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls, and the multiple control groups, andwherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers.
- View Dependent Claims (4, 5, 6)
- - 4. The CRM of claim 3, wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group.
  - 5. The CRM of claim 3, wherein the PoS parameter is computed as the minimum PoS parameter reflecting a plurality of attack methods breaking through each attack method'"'"'s respective set of defensive controls.
  - 6. The CRM of claim 3, wherein the attacker objectives comprise any activities selected from the group comprising:
    - destroying data, copying data, changing data vandalizing data, stealing data, and denying access to data.

7. A system for cyber attack risk assessment, the system comprising:
- at least one hardware processor;
  
  a network component; and
  
  a non-transitory computer-readable storage medium comprising computer-executable code for cyber attack risk assessment, the code configured to;
  
  (i) continuously collect, using the network component, global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives;
  
  (ii) collect organizational profile data, comprising;
  
  (a) multiple assets, each relevant to at least one of the attacker objectives, and(b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and
  
  (iii) continuously compute multiple cyber attack risk scores, comprising;
  
  (a) an enterprise cyber attack risk score, and(b) an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to;
  
  (i) the attack methods directed at the attacker objectives relevant to the asset,(ii) the defensive controls provided to protect the asset, and(iii) a control maturity score representing the capability of the defensive controls to protect the asset;
  
  wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods,wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group,wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups,wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors;
  
  wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack,wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives, andwherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls and the multiple control groups, andwherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods.
  - 9. The system of claim 8, wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group.
  - 10. The system of claim 8, wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of at least one of the attack methods to break through the respective control group.
  - 11. The system of claim 10, wherein the PoS parameter is computed as the minimum PoS parameter reflecting a plurality of attack methods breaking through each attack method'"'"'s respective control group.
  - 12. The system of claim 10, wherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers.
  - 13. The system of claim 7, wherein the attacker objectives comprise any activities selected from the group comprising:
    - destroying data, copying data, changing data vandalizing data, stealing data, and denying access to data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAUL Acquisition SUB LLC
Original Assignee
Cytegic Ltd (MasterCard Incorporated)
Inventors
Zandani, Shay
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US15/243,103
Publication Number

US 20160359899A1
Time in Patent Office

582 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

System and method for cyber attacks analysis and decision support

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for cyber attacks analysis and decision support

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links