Computer asset vulnerabilities

US 9,979,743 B2
Filed: 08/31/2015
Issued: 05/22/2018
Est. Priority Date: 08/13/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that is an external facing asset, wherein the asset topology identifies one or more first computer related assets each of which is an external facing asset and one or more second computer related assets each of which is not an external facing asset;

receiving threat data that identifies vulnerabilities of computer related assets;

determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets;

identifying, using the threat data, one or more first vulnerabilities of the first computer related asset;

determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets;

determining, using the threat data, one or more second vulnerabilities of the second computer related asset;

determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary'"'"'s device;

determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary'"'"'s device; and

providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and determining a change to the asset topology to reduce the probability that the second computer-related asset will be compromised by an adversary.

67 Citations

View as Search Results

26 Claims

1. A computer-implemented method comprising:
- receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that is an external facing asset, wherein the asset topology identifies one or more first computer related assets each of which is an external facing asset and one or more second computer related assets each of which is not an external facing asset;
  
  receiving threat data that identifies vulnerabilities of computer related assets;
  
  determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets;
  
  identifying, using the threat data, one or more first vulnerabilities of the first computer related asset;
  
  determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets;
  
  determining, using the threat data, one or more second vulnerabilities of the second computer related asset;
  
  determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary'"'"'s device;
  
  determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary'"'"'s device; and
  
  providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1, comprising:
    - determining, for each of the first computer related assets and each of the second computer related assets, a path from the first computer related asset to the second computer related asset.
  - 3. The method of claim 2, comprising:
    - receiving new threat data over a predetermined period of time;
      
      determining, using the new threat data, paths from the first computer related assets to the second computer related assets over the predetermined period of time; and
      
      determining trends in the paths from the first computer related assets to the second computer related assets over the predetermined period of time.
  - 4. The method of claim 3, wherein determining the trends in the paths from the first computer related assets to the second computer related assets over the predetermined period of time comprises determining a recurring path of compromise that has a high probability that one or more assets on the recurring path will be compromised by an adversary'"'"'s device over at least a threshold value of times during the predetermined period of time.
  - 5. The method of claim 3, comprising:
    - determining, using the trends in the paths from the first computer related assets to the second computer related assets, a probability that a particular second computer related asset will be compromised by an adversary'"'"'s device over the predetermined period of time that is greater than probabilities that the other second computer related assets will be compromised by an adversary'"'"'s device over the predetermined period of time; and
      
      determining, using the asset topology and the new threat data, a change to the asset topology to reduce the probability that the particular second computer related asset will be compromised by an adversary'"'"'s device.
  - 6. The method of claim 5, comprising:
    - providing information about the change to the asset topology for presentation to a user.
  - 7. The method of claim 5, comprising:
    - implementing the change to the asset topology.
  - 8. The method of claim 7, wherein:
    - determining, using the asset topology and the new threat data, a change to the asset topology to reduce the probability that the particular second computer related asset will be compromised by an adversary'"'"'s device comprises determining a software update to apply to one of the computer related assets identified by the asset topology; and
      
      implementing the change to the asset topology comprises applying the software update to the one of the computer related assets identified by the asset topology.
  - 9. The method of claim 1, comprising determining, for the one or more first vulnerabilities, a first probability that the vulnerability will be compromised by an adversary'"'"'s device.
  - 10. The method of claim 9, wherein determining, using the asset topology and the threat data, the path from the first computer related asset to the second computer related asset comprises:
    - determining, for each computer related asset on the path between the first computer related asset and the second computer related asset, one or more vulnerabilities for the computer related asset; and
      
      determining, for the one or more vulnerabilities of the computer related asset, corresponding probabilities that the computer related asset will be compromised by an adversary'"'"'s device.
  - 11. The method of claim 10, comprising:
    - for at least one of the computer related assets on the path between the first computer related asset and the second computer related asset;
      
      determining, using the asset topology, all of subsequent computer related assets directly connected to the computer related asset not including any computer related assets used to access the computer related asset;
      
      determining, for each of the subsequent computer related assets, one or more vulnerabilities of the subsequent computer related asset;
      
      determining, for each of the subsequent computer related assets using the vulnerabilities of the subsequent computer related asset, a probability that the subsequent computer related asset will be compromised by an adversary'"'"'s device; and
      
      selecting a particular subsequent computer related asset with the probability greater than the probabilities of the other subsequent computer related assets as the next computer related asset in the path between the first computer related asset and the second computer related asset.
  - 12. The method of claim 1, wherein determining the probability that the second computer related asset will be compromised by an adversary'"'"'s device comprises:
    - determining, for each of the vulnerabilities of the second computer related asset, a particular probability; and
      
      combining all of the particular probabilities for the vulnerabilities of the second computer related to determine the probability that the second computer related asset will be compromised by an adversary'"'"'s device.
  - 13. The method of claim 1, wherein receiving the asset topology that identifies the entity'"'"'s computer related assets comprising analyzing one or more computer networks of the entity to determine the asset topology.
  - 14. The method of claim 1, wherein receiving the asset topology that identifies the entity'"'"'s computer related assets comprises receiving the asset topology that identifies the one or more first computer related assets each of which is directly connected to a network that is not controlled by the entity without intervening hardware and the one or more second computer related assets each of which is not directly connected to a network that is not controlled by the entity.
  - 15. The method of claim 14, wherein receiving the asset topology that identifies the entity'"'"'s computer related assets comprises receiving the asset topology and an identifier for at least one of the first computer related assets that is directly connected to the Internet.
  - 16. The method of claim 14, wherein receiving the asset topology that identifies the entity'"'"'s computer related assets comprises receiving the asset topology and an identifier for at least one of the first computer related assets that is a wireless router.
  - 17. The method of claim 1, comprising:
    - determining, for each of the computer-related assets, a category to which the computer-related asset belongs;
      
      determining, for a particular category from the determined categories, paths from an external facing asset to each of the assets in the category; and
      
      determining, using the paths from the external facing asset to each of the assets in the category, a category probability of compromise for the particular category.
  - 18. The method of claim 17, comprising:
    - comparing the category probability of compromise for the particular category with a second category probability of compromise for a second category;
      
      ranking the particular category and the second category using the category probability of compromise and the second category probability of compromise; and
      
      generating instructions for the presentation of a user interface that includes the ranking of the particular category and the second category.
  - 19. The method of claim 17, wherein:
    - determining, for each of the computer-related assets, the category to which the computer-related asset belongs comprises determining, for each of the computer-related assets, a business function of the entity to which the computer-related asset belongs; and
      
      determining, for the particular category from the determined categories, the paths from the external facing asset to each of the assets in the category comprises determining, for a particular business function from the determined business functions, the paths from the external facing asset to each of the assets in the category, the method comprising determining, for the particular business function, an overall probability of impact to the particular business function using probabilities that the computer-related assets which belong to the particular business function will be compromised by an adversary'"'"'s device.
  - 20. The method of claim 1, comprising:
    - determining a particular computer-related asset or a type of computer-related assets that are a potential target of an attack by the adversary'"'"'s device, wherein determining the path from the first computer related asset to the second computer related asset that is one of the second computer related assets comprises;
      
      determining a path from the first computer-related asset to the particular computer-related asset;
      
      ordetermining a path from the first computer-related asset to the second computer related asset that includes at least one computer-related asset of the type of computer-related assets that are a potential target of the attack.
  - 21. The method of claim 20, wherein determining the particular computer-related asset or the type of computer-related assets that are the potential target of an attack by the adversary'"'"'s device comprises determining the particular computer-related asset or the type of computer related assets that are the potential target of an attack by the adversary'"'"'s device using the threat data.
  - 22. The method of claim 20, wherein determining the particular computer-related asset or the type of computer-related assets that are the potential target of an attack by the adversary'"'"'s device comprises determining the type of computer-related assets that support a particular business function of an entity.
  - 23. The method of claim 1, comprising:
    - determining a type of computer-related assets that are a potential target of an attack by the adversary'"'"'s device, wherein determining the path from the first computer related asset to the second computer related asset that is one of the second computer related assets comprises determining a path from the first computer-related asset to the second computer related asset that includes only computer-related asset of the type of computer-related assets that are a potential target of the attack, both the first computer-related asset and the second computer related asset being of the type of computer-related assets that are a potential target of the attack.
  - 24. The method of claim 1, wherein receiving the threat data that identifies vulnerabilities of computer related assets comprises receiving, for each computer related asset in a plurality of computer related assets, threat data that indicates an identified computer vulnerability for the first computer related asset, wherein the plurality of computer related assets includes the first computer related asset that is an external facing asset.

25. A system comprising:
- a data processing apparatus; and
  
  a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising;
  
  receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that may be an entry point for an attack simulation, wherein the asset topology identifies one or more first computer related assets each of which is a potential entry point for an attack simulation and one or more second computer related assets each of which is not a potential entry point for an attack simulation;
  
  receiving threat data that identifies vulnerabilities of computer related assets;
  
  determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets;
  
  identifying, using the threat data, one or more first vulnerabilities of the first computer related asset;
  
  determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets;
  
  determining, using the threat data, one or more second vulnerabilities of the second computer related asset;
  
  determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary;
  
  determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary; and
  
  providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.

26. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
- receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that is an external facing asset, wherein the asset topology identifies one or more first computer related assets each of which is an external facing asset and one or more second computer related assets each of which is not an external facing asset;
  
  receiving threat data that identifies vulnerabilities of computer related assets;
  
  determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets;
  
  identifying, using the threat data, one or more first vulnerabilities of the first computer related asset that is an external facing asset;
  
  in response to identifying the one or more first vulnerabilities of the first computer related asset, determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets;
  
  in response to determining the path from the first computer related asset to the second computer related asset that is one of the second computer related assets, determining, using the threat data, one or more second vulnerabilities of the second computer related asset that is not an external facing asset;
  
  determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary'"'"'s device;
  
  determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary'"'"'s device based on the one or more second vulnerabilities of the second computer related asset; and
  
  providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Hovor, Elvis, Mulchandani, Shaan, Carver, Matthew
Primary Examiner(s)
Reza, Mohammad W

Application Number

US14/841,007
Publication Number

US 20170048266A1
Time in Patent Office

995 Days
Field of Search

726 25
US Class Current
CPC Class Codes

H04L 63/14 for detecting or protecting...

H04L 63/1433 Vulnerability analysis

Computer asset vulnerabilities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Computer asset vulnerabilities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links