System for resource-centric threat modeling and identifying controls for securing technology resources

US 9,948,652 B2
Filed: 05/16/2016
Issued: 04/17/2018
Est. Priority Date: 05/16/2016
Status: Active Grant

First Claim

Patent Images

1. A system for identifying threat vectors and implementing controls for securing internal technology resources within a network, the system comprising:

at least one non-transitory storage device;

at least one processor; and

instruction code stored in said storage device, said instruction code being executable by the at least one processor and configured to cause said at least one processor to;

provide a threat vector analysis application for installation on a user device associated with a user;

electronically receive an analysis request associated with an internal resource from the user device, wherein receiving further comprises initiating the threat vector analysis application on the user device, whereby the initiating of the threat vector analysis application establishes a communicable link with a network associated with the internal resource;

electronically receive, via a distributed network of servers, information associated with the internal resource within the network;

determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource;

determine one or more controls associated with each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource;

dynamically generate a graphical representation of the internal resource and the one or more threat vectors based on at least the received analysis request; and

initiate, via the established communicable link, a presentation of a user interface for display on the user device, the user interface comprising the graphical representation of the internal resource and the one or more threat vectors associated with the internal resource;

determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors;

determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors;

determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors;

determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors;

determine one or more additional controls;

determine a cost associated with the incorporation of each of the one or more additional controls;

determine that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls; and

based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, incorporate the one or more additional controls.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, computer program products, and methods are described herein for identifying threat vectors and implementing controls for securing resources within a network. The present invention is configured to determine one or more threat vectors associated with the resource; determine one or more controls associated with each of the one or more threat vectors associated with the resource; determine whether the one or more controls associated with the at least one of the one or more threat vectors is capable of detecting the access by an external computing device via at least one of the one or more types of access; and dynamically generate a graphical representation of the resource and the one or more threat vectors based on at least the received analysis request.

145 Citations

View as Search Results

20 Claims

1. A system for identifying threat vectors and implementing controls for securing internal technology resources within a network, the system comprising:
- at least one non-transitory storage device;
  
  at least one processor; and
  
  instruction code stored in said storage device, said instruction code being executable by the at least one processor and configured to cause said at least one processor to;
  
  provide a threat vector analysis application for installation on a user device associated with a user;
  
  electronically receive an analysis request associated with an internal resource from the user device, wherein receiving further comprises initiating the threat vector analysis application on the user device, whereby the initiating of the threat vector analysis application establishes a communicable link with a network associated with the internal resource;
  
  electronically receive, via a distributed network of servers, information associated with the internal resource within the network;
  
  determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource;
  
  determine one or more controls associated with each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource;
  
  dynamically generate a graphical representation of the internal resource and the one or more threat vectors based on at least the received analysis request; and
  
  initiate, via the established communicable link, a presentation of a user interface for display on the user device, the user interface comprising the graphical representation of the internal resource and the one or more threat vectors associated with the internal resource;
  
  determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors;
  
  determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors;
  
  determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors;
  
  determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors;
  
  determine one or more additional controls;
  
  determine a cost associated with the incorporation of each of the one or more additional controls;
  
  determine that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls; and
  
  based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, incorporate the one or more additional controls.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the instruction code is further configured to cause the at least one processor to:
    - determine that the one or more controls associated with at least one of the one or more threat vectors is not capable of detecting the access to the internal resource;
      
      determine one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library;
      
      initiate, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation.
  - 3. The system of claim 1, wherein the instruction code is further configured to cause the at least one processor to:
    - determine one or more access types associated with each of the one or more threat vectors, wherein the one or more access types indicate one or more ways in which the internal resource is capable of being accessed via each of the one or more threat vectors.
  - 4. The system of claim 1, wherein the one or more controls are configured to be regulated to monitor access to the internal resource via at least one of the one or more threat vectors, reducing the exposure score associated with each of the one or more threat vectors.
  - 5. The system of claim 1, wherein the instruction code is further configured to cause the at least one processor to:
    - determine that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold;
      
      initiate, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation; and
      
      electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user;
      
      wherein incorporating the one or more additional controls lowers the exposure score to below the predetermined threshold.
  - 6. The system of claim 1, wherein the instruction code is further configured to cause the at least one processor to:
    - based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, initiate, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls; and
      
      electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls;
      
      wherein the one or more additional controls are incorporated in response to receiving the user selection.
  - 7. The system of claim 1, wherein:
    - the one or more additional controls are automatically incorporated in response to determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls.

8. A computerized method for identifying threat vectors and implementing controls for securing internal technology resources within a network, the method comprising:
- providing, using a computing device processor, a threat vector analysis application for installation on a user device associated with a user;
  
  electronically receiving, using a computing device processor, an analysis request associated with an internal resource from the user device, wherein receiving further comprises initiating the threat vector analysis application on the user device, whereby the initiating of the threat vector analysis application establishes a communicable link with a network associated with the internal resource;
  
  electronically receiving, via a distributed network of servers, information associated with the internal resource within the network;
  
  determining, using a computing device processor, one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource;
  
  determining, using a computing device processor, one or more controls associated with each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource;
  
  dynamically generating, using a computing device processor, a graphical representation of the internal resource and the one or more threat vectors based on at least the received analysis request;
  
  initiating, via the established communicable link, a presentation of a user interface for display on the user device, the user interface comprising the graphical representation of the internal resource and the one or more threat vectors associated with the internal resource;
  
  determining, using a computing device processor, a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors;
  
  determining, using a computing device processor, a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors;
  
  determining, using a computing device processor, a strength associated with each of the one or more controls associated with each of the one or more threat vectors; and
  
  determining, using a computing device processor, an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors;
  
  determining, using a computing device processor, one or more additional controls;
  
  determining, using a computing device processor, a cost associated with the incorporation of each of the one or more additional controls;
  
  determining, using a computing device processor, that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls; and
  
  based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, incorporating, using a computing device processor, the one or more additional controls.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the method further comprises:
    - determining that the one or more controls associated with at least one of the one or more threat vectors is not capable of detecting the access to the internal resource;
      
      determining one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library;
      
      initiating, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation.
  - 10. The method of claim 8, wherein the method further comprises determining one or more access types associated with each of the one or more threat vectors, wherein the one or more access types indicate one or more ways in which the internal resource is capable of being accessed via each of the one or more threat vectors.
  - 11. The method of claim 8, wherein the one or more controls are configured to be regulated to monitor access to the internal resource via at least one of the one or more threat vectors, thereby reducing the exposure score associated with each of the one or more threat vectors.
  - 12. The method of claim 8, wherein the method further comprises:
    - determining that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold;
      
      initiating, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation; and
      
      electronically receiving, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user;
      
      wherein incorporating the one or more additional controls lowers the exposure score to below the predetermined threshold.
  - 13. The method of claim 8, wherein the method further comprises:
    - based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, initiating, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls; and
      
      electronically receiving, via the established communication link, a user selection of at least one of the one or more additional controls;
      
      wherein the one or more additional controls are incorporated in response to receiving the user selection.
  - 14. The method of claim 8, wherein the one or more additional controls are automatically incorporated in response to determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls.

15. A computer program product for identifying threat vectors and implementing controls for securing internal technology resources within a network, the computer program product embodied on a non-transitory computer-readable medium comprising code configured to cause a first apparatus to:
- provide a threat vector analysis application for installation on a user device associated with a user;
  
  electronically receive an analysis request associated with an internal resource from the user device, wherein receiving further comprises initiating the threat vector analysis application on the user device, whereby the initiating of the threat vector analysis application establishes a communicable link with a network associated with the internal resource;
  
  electronically receive, via a distributed network of servers, information associated with the internal resource within the network;
  
  determine one or more threat vectors associated with the internal resource, wherein the one or more threat vectors indicate one or more paths of access to the internal resource;
  
  determine one or more controls associated with each of the one or more threat vectors associated with the internal resource, wherein the one or more controls are configured to determine access to the internal resource;
  
  dynamically generate a graphical representation of the internal resource and the one or more threat vectors based on at least the received analysis request; and
  
  initiate, via the established communicable link, a presentation of a user interface for display on the user device, the user interface comprising the graphical representation of the internal resource and the one or more threat vectors associated with the internal resource;
  
  determine a frequency score associated with each of the one or more threat vectors, wherein the frequency score indicates a number of occurrence of a threat via each of the one or more threat vectors;
  
  determine a magnitude of impact score associated with each of the one or more threat vectors, wherein the magnitude of impact score indicates a consequence of a loss event caused via each of the one or more threat vectors;
  
  determine a strength associated with each of the one or more controls associated with each of the one or more threat vectors;
  
  determine an exposure score associated with each of the one or more threat vectors based on at least the frequency score, the magnitude of impact score, and the strength associated with each of the one or more controls associated with each of the one or more threat vectors;
  
  determine one or more additional controls;
  
  determine a cost associated with the incorporation of each of the one or more additional controls;
  
  determine that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls; and
  
  based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, incorporate the one or more additional controls.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the non-transitory computer-readable medium comprises code configured to cause the first apparatus to:
    - determine that the one or more controls associated with at least one of the one or more threat vectors is not capable of detecting the access to the internal resource;
      
      determine one or more additional controls configured for detecting the access to the internal resource, wherein the one or more controls are stored in a controls library;
      
      initiate, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation.
  - 17. The computer program product of claim 15, wherein the non-transitory computer-readable medium comprises code configured to cause the first apparatus to:
    - determine one or more access types associated with each of the one or more threat vectors, wherein the one or more access types indicate one or more ways in which the internal resource is capable of being accessed via each of the one or more threat vectors.
  - 18. The computer program product of claim 15, wherein the non-transitory computer-readable medium comprises code configured to cause the first apparatus to:
    - determine that the exposure score associated with at least one of the one or more threat vectors is greater than a predetermined threshold;
      
      initiate, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls recommended to the user for incorporation; and
      
      electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls recommended to the user;
      
      wherein incorporating the one or more additional controls lowers the exposure.
  - 19. The computer program product of claim 15, wherein the non-transitory computer-readable medium comprises code configured to cause the first apparatus to:
    - based on determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls, initiate, via the established communicable link, a recommendation interface for display on the user device, the recommendation interface comprising the one or more additional controls; and
      
      electronically receive, via the established communication link, a user selection of at least one of the one or more additional controls;
      
      wherein the one or more additional controls are incorporated in response to receiving the user selection.
  - 20. The computer program product of claim 15, wherein the one or more additional controls are automatically incorporated in response to determining that the cost associated with the incorporation of each of the one or more additional controls is lower than a difference between the exposure score associated with the at least one of the one or more threat vectors before implementation of the one or more additional controls and after the implementation of the one or more additional controls.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Yu, Sounil, Sloane, Brandon Matthew
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Khan, Sher A

Application Number

US15/156,024
Publication Number

US 20170331849A1
Time in Patent Office

701 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/6209   to a single file or object,...

G06F 2221/034   Test or assess a computer o...

H04L 2463/146   Tracing the source of attacks

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

System for resource-centric threat modeling and identifying controls for securing technology resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

145 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for resource-centric threat modeling and identifying controls for securing technology resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links