Cyber risk analysis and remediation using network monitored sensors and methods of use
First Claim
1. A system, comprising:
- one or more computing systems that are subject to a cyber risk policy, the cyber risk policy comprising breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a policy for the computing systems and a network;
one or more data collecting devices deployed within the network that collect entity information and monitor network traffic of the network that is related to security information;
a processor configured to;
utilize the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity;
automatically detect occurrence of one or more of the events that are indicative of a cyber security breach based on the network traffic;
automatically determine the breach parameters that apply for the one or more events that occurred;
generate a remediation of cyber security parameters for the network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation of cyber security parameters at least includes modifying a password requirement associated with the one or more computer systems; and
perform the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity; and
a memory coupled to the processor and configured to provide the processor with instructions.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network.
121 Citations
20 Claims
-
1. A system, comprising:
-
one or more computing systems that are subject to a cyber risk policy, the cyber risk policy comprising breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a policy for the computing systems and a network; one or more data collecting devices deployed within the network that collect entity information and monitor network traffic of the network that is related to security information; a processor configured to; utilize the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity; automatically detect occurrence of one or more of the events that are indicative of a cyber security breach based on the network traffic; automatically determine the breach parameters that apply for the one or more events that occurred; generate a remediation of cyber security parameters for the network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation of cyber security parameters at least includes modifying a password requirement associated with the one or more computer systems; and perform the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 20)
-
-
15. A method, comprising:
-
establishing breach parameters for one or more computer systems and a network, the breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a cyber security policy of the one or more computer systems and a network; collecting entity information and monitoring network traffic of the network that is related to security information; utilizing the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity; automatically detecting occurrence of one or more of the events that are indicative of a cyber security breach based on the network traffic; automatically determining the breach parameters that apply for the one or more events that occurred; generating a remediation of cyber security parameters for a network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation at least includes modifying a password requirement associated with the one or more computer systems; and performing the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity. - View Dependent Claims (16, 17, 18)
-
-
19. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising instructions for:
-
establishing breach parameters for one or more computer systems and a network, the breach parameters defining one or more events that are indicative of a cyber security breach, the breach parameters being associated with a remediation provision in a cyber security policy of the one or more computer systems and a network; collecting entity information and monitoring network traffic of the network that is related to security information; utilizing the entity information and the network traffic to calculate a composite score from a motivation score and a sophistication score, wherein the motivation score is indicative of a desire level of a malicious actor to cause a cyber security risk for the entity and the sophistication score is indicative of a cyber security sophistication of the entity; automatically detecting occurrence of one or more events that are indicative of a cyber security breach based on the network traffic; automatically determining one or more breach parameters that apply for the one or more events that occurred, wherein the one or more breach parameters define the one or more events that are indicative of the cyber security breach, wherein the one or more breach parameters are associated with a remediation provision in a policy for one or more computing systems; generating a remediation of cyber security parameters for the network based on the applicable breach parameters determined and the associated remediation provision, wherein the remediation of the cyber security parameters at least includes modifying a password requirement associated with the one or more computing systems; and performing the remediation based on the breach parameters, wherein the remediation causes network changes that selectively reduce the motivation score for the entity or selectively increase the sophistication score of the entity, wherein at least one of the network changes includes increasing a password complexity associated with the system and prompting a user associated with the entity to create an associated password that complies with the password complexity.
-
Specification