Computer asset vulnerabilities
First Claim
1. A computer-implemented method comprising:
- receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that is an external facing asset, wherein the asset topology identifies one or more first computer related assets each of which is an external facing asset and one or more second computer related assets each of which is not an external facing asset;
receiving threat data that identifies vulnerabilities of computer related assets;
determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets;
identifying, using the threat data, one or more first vulnerabilities of the first computer related asset;
determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets;
determining, using the threat data, one or more second vulnerabilities of the second computer related asset;
determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary'"'"'s device;
determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary'"'"'s device; and
providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network path between computer assets. One of the methods includes receiving an asset topology that includes an identifier for each computer-related asset that may be an entry point for an attack simulation, receiving threat data that identifies vulnerabilities of computer-related assets, determining a first computer-related asset that may be an entry point for an attack simulation, identifying one or more first vulnerabilities of the first computer-related asset, determining a path from the first computer-related asset to a second computer-related asset, determining one or more second vulnerabilities of the second computer-related asset, determining a probability that the second computer-related asset will be compromised by an adversary, and determining a change to the asset topology to reduce the probability that the second computer-related asset will be compromised by an adversary.
67 Citations
26 Claims
-
1. A computer-implemented method comprising:
-
receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that is an external facing asset, wherein the asset topology identifies one or more first computer related assets each of which is an external facing asset and one or more second computer related assets each of which is not an external facing asset; receiving threat data that identifies vulnerabilities of computer related assets; determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets; identifying, using the threat data, one or more first vulnerabilities of the first computer related asset; determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets; determining, using the threat data, one or more second vulnerabilities of the second computer related asset; determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary'"'"'s device; determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary'"'"'s device; and providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system comprising:
-
a data processing apparatus; and a non-transitory computer readable storage medium in data communication with the data processing apparatus and storing instructions executable by the data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising; receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that may be an entry point for an attack simulation, wherein the asset topology identifies one or more first computer related assets each of which is a potential entry point for an attack simulation and one or more second computer related assets each of which is not a potential entry point for an attack simulation; receiving threat data that identifies vulnerabilities of computer related assets; determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets; identifying, using the threat data, one or more first vulnerabilities of the first computer related asset; determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets; determining, using the threat data, one or more second vulnerabilities of the second computer related asset; determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary; determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary; and providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.
-
-
26. A non-transitory computer readable storage medium storing instructions executable by a data processing apparatus and upon such execution cause the data processing apparatus to perform operations comprising:
-
receiving an asset topology that identifies an entity'"'"'s computer related assets, how the computer related assets are connected together via one or more networks controlled by the entity, and an identifier for each computer related asset that is an external facing asset, wherein the asset topology identifies one or more first computer related assets each of which is an external facing asset and one or more second computer related assets each of which is not an external facing asset; receiving threat data that identifies vulnerabilities of computer related assets; determining, using the identifiers for the computer related assets that may be an entry point for an attack simulation, a first computer related asset that is one of the first computer related assets; identifying, using the threat data, one or more first vulnerabilities of the first computer related asset that is an external facing asset; in response to identifying the one or more first vulnerabilities of the first computer related asset, determining, using the asset topology and the threat data, a path from the first computer related asset to a second computer related asset that is one of the second computer related assets; in response to determining the path from the first computer related asset to the second computer related asset that is one of the second computer related assets, determining, using the threat data, one or more second vulnerabilities of the second computer related asset that is not an external facing asset; determining, using the one or more second vulnerabilities of the second computer related asset, a probability that the second computer related asset will be compromised by an adversary'"'"'s device; determining, using the asset topology and the threat data, a change to the asset topology to reduce the probability that the second computer related asset will be compromised by an adversary'"'"'s device based on the one or more second vulnerabilities of the second computer related asset; and providing information about the change to the asset topology for presentation to a user or implementing the change to the asset topology.
-
Specification