Information technology security assessment system
DCFirst Claim
Patent Images
1. A computer implemented method comprising:
- on one or more computers, maintaining in a database an entity map that maps technical assets to respective companies or other entities with which the assets are associated, wherein mapping technical assets to respective companies or other entities comprises determining IP information by annotating a domain name with naming conventions for at least one of a mail server, an SMTP server, and an FTP server, thereby deriving a likely server name having assigned IP addresses,automatically useing sensors on the Internet to collect externally observable cyber-security characterizations of the technical assets that have been mapped to each of the entities and associating the observable cyber-security characterizations with a respective entity based at least in part on the derived server name,automatically deriving observations about the technical assets from the collected cyber-security characterizations, wherein the derived observations comprise (i) a number of technical assets that have been reported to be malicious and (ii) a duration of detected malicious activity associated with the technical assets,automatically generating a cyber-security rating for each of the entities using the entity map and the derived observations, andthrough a communication network, exposing to users in a user interface of a portal, information about the cyber-security ratings of the entities that is useful to decisions about entities with which to do business.
3 Assignments
Litigations
1 Petition
Accused Products
Abstract
A method and system for creating a composite security rating from security characterization data of a third party computer system. The security characterization data is derived from externally observable characteristics of the third party computer system. Advantageously, the composite security score has a relatively high likelihood of corresponding to an internal audit score despite use of externally observable security characteristics. Also, the method and system may include use of multiple security characterizations all solely derived from externally observable characteristics of the third party computer system.
-
Citations
20 Claims
-
1. A computer implemented method comprising:
-
on one or more computers, maintaining in a database an entity map that maps technical assets to respective companies or other entities with which the assets are associated, wherein mapping technical assets to respective companies or other entities comprises determining IP information by annotating a domain name with naming conventions for at least one of a mail server, an SMTP server, and an FTP server, thereby deriving a likely server name having assigned IP addresses, automatically useing sensors on the Internet to collect externally observable cyber-security characterizations of the technical assets that have been mapped to each of the entities and associating the observable cyber-security characterizations with a respective entity based at least in part on the derived server name, automatically deriving observations about the technical assets from the collected cyber-security characterizations, wherein the derived observations comprise (i) a number of technical assets that have been reported to be malicious and (ii) a duration of detected malicious activity associated with the technical assets, automatically generating a cyber-security rating for each of the entities using the entity map and the derived observations, and through a communication network, exposing to users in a user interface of a portal, information about the cyber-security ratings of the entities that is useful to decisions about entities with which to do business. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer implemented method comprising:
-
on one or more computers operating with a database, maintaining an entity map that maps technical assets that comprise an IP space to respective entities with which the assets are associated, the maintaining of the entity map comprising (a) automatically using sensors on the Internet to collect externally observable cyber-security characterizations of the technical assets that have been mapped to each of the entities, (b) associating the observable cyber-security characterizations with a respective entity based at least in part on the derived server name, (c) submitting names of the entities to regional Internet registries using various spellings of the names, (d) using domain names associated with the entities, (e) probing IP addresses around published IP addresses, (f) using a name server lookup to verify IP addresses associated with domain names, (g) using information received from Internet Service Providers, (h) annotating a domain name with naming conventions for at least one of a mail server, an SMTP server, and an FTP server, thereby deriving a likely server name having assigned IP addresses, and (i) applying heuristics, automatically deriving observations about the technical assets from the collected cyber-security characterizations, wherein the derived observations comprise (a) a number of technical assets that have been reported to be malicious and (b) a duration of detected malicious activity associated with the technical assets, automatically generating a cyber-security rating for each of the entities using the entity map and the derived observations, and through a communication network, exposing to users in a user interface the cyber-security ratings of the entities.
-
-
20. A system comprising:
one or more computers programmed to facilitate operations comprising; maintaining in a database an entity map that maps technical assets to respective companies or other entities with which the assets are associated, wherein mapping technical assets to respective companies or other entities comprises determining IP information by annotating a domain name with naming conventions for at least one of a mail server, an SMTP server, and an FTP server, thereby deriving a likely server name having assigned IP addresses, collecting, using sensors on the Internet, externally observable cyber-security characterizations of the technical assets that have been mapped to each of the entities and associating the observable cyber-security characterizations with a respective entity based at least in part on the derived server name, deriving observations about the technical assets from the collected cyber-security characterizations, wherein the derived observations comprise (i) a number of technical assets that have been reported to be malicious and (ii) a duration of detected malicious activity associated with the technical assets, generating a cyber-security rating for each of the entities using the entity map and the derived observations, and through a communication network, exposing to users in a user interface of a portal, information about the cyber-security ratings of the entities that is useful to decisions about entities with which to do business.
Specification