×

Systems for computer network security risk assessment including user compromise analysis associated with a network of devices

  • US 10,044,745 B1
  • Filed: 07/11/2016
  • Issued: 08/07/2018
  • Est. Priority Date: 10/12/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method for determining security risks of a network that includes user accounts accessing different network devices included in the network, the method comprising:

  • by a computing device having one or more computer processors and a non-transitory computer readable storage device storing software instruction for execution by the one or more computer processors,receiving information indicating respective compromise likelihoods of a set of user accounts of the network;

    obtaining information describing a network topology of the network, wherein the network topology comprises a plurality of nodes each connected by an edge to one or more of the plurality of nodes, each node being associated with a compromise likelihood, each edge being associated with a communication weight, and wherein one or more nodes are high value nodes;

    determining, for a particular user account of the set of user accounts, expected values associated with a plurality of unique paths to a particular high value node of the one or more high value nodes, each of the plurality of unique paths initiating at a node to which the particular user account can authenticate and each associated expected value indicating risk associated with access to the particular high value node by the particular user account from the node, and wherein determining the expected values comprises;

    accessing user access logs identifying nodes to which user accounts are authorized to authenticate, and identifying, based on the user access logs, a plurality of nodes to which the particular user account is authorized to authenticate,determining a first unique path and a second unique path of the plurality of unique paths to the particular high value node, the first unique path initiating at a first of the identified nodes to which the particular user account is authorized to authenticate and the second unique path initiating at a second of the identified nodes to which the particular user account is authorized to authenticate, anddetermining, for the particular user account, a first expected value for the first unique path and a second expected value for the second unique path based on the information describing the network topology and the compromise likelihood of the particular user account, including respective communication weights included in the first unique path and the second unique path of the network topology, wherein the communication weights are indicative of probabilities associated with user transition between nodes; and

    generating, for presentation, an interactive user interface describing one or more of the first unique path and the second unique path of the plurality of unique paths.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×