[특허]Asset risk analysis

Asset risk analysis 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/06
출원번호	US-0627706 (2009-11-30)
등록번호	US-8495745 (2013-07-23)
발명자 / 주소	Schrecker, Sven Ritter, Stephen Nakawatase, Ryan
출원인 / 주소	McAfee, Inc.
대리인 / 주소	Patent Capital Group
인용정보	피인용 횟수 : 7 인용 특허 : 19

초록 ▼

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for asset risk analysis. One method includes receiving threat definition data for threats, vulnerability detection data for assets, and countermeasure detection data for assets. The method further includes determining a respective risk metric for each of the assets for each of the threats. This includes analyzing the vulnerability detection data for an asset to determine whether the asset is vulnerable to a threat, determining from the threat definition data and the countermeasure detection data whether the asset is protected by one of the countermeasures identified for the threat, and determining the risk metric for the asset for the threat according to whether the asset is vulnerable to the threat and whether the asset is protected by one of the countermeasures identified for the threat.

대표청구항 ▼

1. A computer-implemented method, comprising: receiving, at a data processing apparatus, threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset;receiving, at the data processing apparatus, vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; anddetermining, with the data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat: analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat;determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes: determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and an agent-based countermeasure; anddetermining a likelihood that the network-based countermeasure protects the particular asset; anddetermining a likelihood that the agent-based countermeasure protects the particular asset; anddetermining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat. 2. The method of claim 1, wherein the vulnerability detection data for an asset further identifies threats to which the asset is not vulnerable, and determining the risk metric for the particular asset and the particular threat is further based on whether the particular asset is not vulnerable to the particular threat. 3. The method of claim 1, wherein the threat definition data further includes, for each of the one or more threats, applicability data describing one or more configurations of assets that the threat applies to, the method further comprising: receiving configuration data for each asset, the configuration data describing a configuration of each asset. 4. The method of claim 3, wherein determining the risk metric for the particular asset for the particular threat further comprises determining from the applicability data for the particular threat and the configuration data for the particular asset whether the particular threat applies to the configuration of the particular asset, and then determining the risk metric according to whether the particular threat applies to the configuration of the particular asset. 5. The method of claim 4, wherein: analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat includes determining a predicate categorization for the particular asset for the particular threat of vulnerable, not vulnerable, or unknown vulnerability;determining from the threat definition data and the countermeasure detection data whether the particular asset is protected by one of the countermeasures identified for the particular threat includes determining a predicate categorization for the particular asset for the particular threat of protected, not protected, or unknown protection; anddetermining from the applicability data for the particular threat and the configuration data for the particular asset whether the particular threat applies to the configuration of the particular asset includes determining a predicate categorization for the particular asset for the particular threat of applicable, not applicable, or unknown applicability. 6. The method of claim 5, wherein: the risk metric for each of the assets for each of the threats is one of: vulnerable, protected, not protected, unknown, and not vulnerable; andfor each asset and each threat: the risk metric is vulnerable when the asset has predicate categorizations for the threat of vulnerable and not-protected, and a predicate categorization for the threat of either applicable or unknown applicability;the risk metric is protected when the asset has a predicate categorization for the threat of protected, a predicate categorization for the threat of either vulnerable or unknown vulnerability, and a predicate categorization for the threat of either applicable or unknown applicability;the risk metric is not protected when the asset has predicate categorizations for the threat of protected and unknown vulnerability, and a predicate categorization for the threat of either applicable or unknown applicability;the risk metric is unknown when the asset has predicate categorizations for the threat of unknown protection and unknown vulnerability, and a predicate categorization for the threat of either applicable or unknown applicability; andotherwise, the risk metric is not vulnerable. 7. The method of claim 1, wherein receiving countermeasure detection data comprises: receiving protection data identifying one or more assets protected by a sensor;receiving sensor countermeasure data describing one or more countermeasures provided by the sensor; andgenerating countermeasure detection data for each of the one or more assets protected by the sensor, the countermeasure detection data describing the one or more countermeasures provided by the sensor. 8. The method of claim 7, wherein the sensor countermeasure data identifies one or more signatures blocked by the sensor, and associates each signature with an attack identifier for a particular threat corresponding to the signature. 9. The method of claim 1, wherein the protection data is received from one or more users. 10. The method of claim 1, wherein the identification of a countermeasure in the threat definition data includes a product identifier, a version identifier, and data describing one or more settings of the countermeasure. 11. The method of claim 1, further comprising: receiving the vulnerability detection data from multiple sources, wherein at least two of the multiple sources provide vulnerability detection data in different formats; andnormalizing the received vulnerability detection data so that the data is in a common format. 12. The method of claim 1, further comprising: receiving the countermeasure detection data from multiple sources, wherein at least two of the multiple sources provide countermeasure detection data in different formats; andnormalizing the countermeasure detection data so that the data is in a common format. 13. The method of claim 1, wherein: the threat definition data further includes a respective risk score for each of the one or more threats, the risk score for a threat measuring how likely the threat is to affect an asset; andthe risk metric for the particular asset relative to the particular threat is further determined from the risk score for the particular threat. 14. The method of claim 1, wherein: the threat definition data further includes a respective confidence score for each countermeasure for each of the one or more threats, the confidence score for a counter measure and a threat measuring how likely the countermeasure is to reduce a risk that the threat will affect an asset; andthe risk metric for the particular asset relative to the particular threat is further determined from the confidence scores for one or more countermeasures determined to be protecting the particular asset from the particular threat. 15. The method of claim 1, further comprising generating a report summarizing the risk metric of each of the one or more assets. 16. A system comprising: a processor; anda computer storage medium coupled to the processor and including instructions, which, when executed by the processor, causes the processor to perform operations comprising: receiving threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset;receiving vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; anddetermining a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat: analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat;determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes: determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and a host-based countermeasure; anddetermining a likelihood that the network-based countermeasure protects the particular asset; anddetermining a likelihood that the host-based countermeasure protects the particular asset; anddetermining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat. 17. The system of claim 16, wherein the vulnerability detection data for an asset further identifies threats to which the asset is not vulnerable, and determining the risk metric for the particular asset and the particular threat is further based on whether the particular asset is not vulnerable to the particular threat. 18. The system of claim 16, wherein the threat definition data further includes, for each of the one or more threats, applicability data describing one or more configurations of assets that the threat applies to, the system further operable to perform operations comprising: receiving configuration data for each asset, the configuration data describing a configuration of each asset. 19. The system of claim 18, wherein determining the risk metric for the particular asset for the particular threat further comprises determining from the applicability data for the particular threat and the configuration data for the particular asset whether the particular threat applies to the configuration of the particular asset, and then determining the risk metric according to whether the particular threat applies to the configuration of the particular asset. 20. The system of claim 19, wherein: analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat includes determining a predicate categorization for the particular asset for the particular threat of vulnerable, not vulnerable, or unknown vulnerability;determining from the threat definition data and the countermeasure detection data whether the particular asset is protected by one of the countermeasures identified for the particular threat includes determining a predicate categorization for the particular asset for the particular threat of protected, not protected, or unknown protection; anddetermining from the applicability data for the particular threat and the configuration data for the particular asset whether the particular threat applies to the configuration of the particular asset includes determining a predicate categorization for the particular asset for the particular threat of applicable, not applicable, or unknown applicability. 21. The system of claim 20, wherein: the risk metric for each of the assets for each of the threats is one of: vulnerable, protected, not protected, unknown, and not vulnerable; andfor each asset and each threat: the risk metric is vulnerable when the asset has predicate categorizations for the threat of vulnerable and not-protected, and a predicate categorization for the threat of either applicable or unknown applicability;the risk metric is protected when the asset has a predicate categorization for the threat of protected, a predicate categorization for the threat of either vulnerable or unknown vulnerability, and a predicate categorization for the threat of either applicable or unknown applicability;the risk metric is not protected when the asset has predicate categorizations for the threat of protected and unknown vulnerability, and a predicate categorization for the threat of either applicable or unknown applicability;the risk metric is unknown when the asset has predicate categorizations for the threat of unknown protection and unknown vulnerability, and a predicate categorization for the threat of either applicable or unknown applicability; andotherwise, the risk metric is not vulnerable. 22. The system of claim 16, wherein receiving countermeasure detection data comprises: receiving protection data identifying one or more assets protected by a sensor;receiving sensor countermeasure data describing one or more countermeasures provided by the sensor; andgenerating countermeasure detection data for each of the one or more assets protected by the sensor, the countermeasure detection data describing the one or more countermeasures provided by the sensor. 23. The system of claim 22, wherein the sensor countermeasure data identifies one or more signatures blocked by the sensor, and associates each signature with an attack identifier for a particular threat corresponding to the signature. 24. The system of claim 16, wherein the protection data is received from one or more users. 25. The system of claim 16, wherein the identification of a countermeasure in the threat definition data includes a product identifier, a version identifier, and data describing one or more settings of the countermeasure. 26. The system of claim 16, further operable to perform operations comprising: receiving the vulnerability detection data from multiple sources, wherein at least two of the multiple sources provide vulnerability detection data in different formats; andnormalizing the received vulnerability detection data so that the data is in a common format. 27. The system of claim 16, further operable to perform operations comprising: receiving the countermeasure detection data from multiple sources, wherein at least two of the multiple sources provide countermeasure detection data in different formats; andnormalizing the countermeasure detection data so that the data is in a common format. 28. The system of claim 16, wherein: the threat definition data further includes a respective risk score for each of the one or more threats, the risk score for a threat measuring how likely the threat is to affect an asset; andthe risk metric for the particular asset relative to the particular threat is further determined from the risk score for the particular threat. 29. The system of claim 16, wherein: the threat definition data further includes a respective confidence score for each countermeasure for each of the one or more threats, the confidence score for a counter measure and a threat measuring how likely the countermeasure is to reduce a risk that the threat will affect an asset; andthe risk metric for the particular asset relative to the particular threat is further determined from the confidence scores for one or more countermeasures determined to be protecting the particular asset from the particular threat. 30. The system of claim 16, further operable to perform operations comprising generating a report summarizing the risk metric of each of the one or more assets. 31. A non-transitory computer-storage medium encoded with a computer program including instructions operable to cause data processing apparatus to perform operations comprising: receiving, at a data processing apparatus, threat definition data, the threat definition data including, for each of one or more threats, an identification of the threat and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset;receiving, at the data processing apparatus, vulnerability detection data for each of one or more assets and countermeasure detection data for each of the one or more assets, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; anddetermining, with the data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat: analyzing the vulnerability detection data for the particular asset to determine whether the particular asset is vulnerable to the particular threat;determining from the threat definition data and the countermeasure detection data whether the particular asset is protected from the particular threat by one or more countermeasures, wherein determining whether the particular asset is protected includes: determining that the particular asset is protected by a set of countermeasures including a network-based countermeasure and a host-based countermeasure; anddetermining a likelihood that the network-based countermeasure protects the particular asset; anddetermining a likelihood that the host-based countermeasure protects the particular asset; anddetermining the risk metric for the particular asset for the particular threat according to whether the particular asset is vulnerable to the particular threat and whether the particular asset is protected by one of the countermeasures identified for the particular threat. 32. A computer-implemented method, comprising: receiving configuration data for each of one or more assets, the configuration data describing for each asset configuration of the asset;receiving threat definition data including, for each of one or more threats, applicability data and an identification of one or more countermeasures that reduce a risk that the threat will affect an asset, wherein the applicability data describes asset configurations applicable to the threat;receiving, for each of one or more assets, vulnerability detection data and countermeasure detection data, wherein the vulnerability detection data for each asset identifies threats to which the asset is vulnerable and the countermeasure detection data for each asset identifies one or more countermeasures protecting the asset; anddetermining, with a data processing apparatus, a respective risk metric for each of the one or more assets for each of the one or more threats, the determining including, for a particular asset and a particular threat: analyzing the vulnerability detection data for the particular asset to determine a predicate categorization for the particular asset for the particular threat from a group comprising: vulnerable, not vulnerable, and unknown vulnerability;determining, from the threat definition data and the countermeasure detection data, a predicate categorization for the particular asset for the particular threat from a group comprising: protected, not protected, or unknown protection; anddetermining, from the applicability data and configuration data a predicate categorization for the particular asset for the particular threat from a group comprising: applicable, not applicable, or unknown applicability; andwherein the risk metric for each of the assets for each of the threats is one of vulnerable, protected, not protected, unknown, and not vulnerable, and for each asset and each threat: the vulnerable risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of vulnerable and not-protected, the protected risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of protected and either applicable or unknown applicability, the not protected risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of not protected and unknown vulnerability, the unknown risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of unknown protection and unknown vulnerability, and the not vulnerable risk metric corresponds to determining predicate categorizations for the particular asset and the particular threat of either not vulnerable or not applicable.

이 특허에 인용된 특허 (19)

Townsend, Timothy J., Adaptive countermeasure selection method and apparatus.
상세보기
Geiger Fred J. ; Wood William K. ; Tandon Sonjaya T., Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments.
상세보기
King, Nigel, Automated security manager.
상세보기
Franczek Edward J. ; Bretscher John Thomas ; Bennett ; III Raymond Walden, Computer virus screening methods and systems.
상세보기
Mark Raymond Pace ; Brooks Cash Talley, Distributed content identification system.
상세보기
Stewart,Walter Mason; Carrera,Marcelo; Hook,Robert G., E-mail virus protection system and method.
상세보기
Rouland, Christopher Jay; Becker, Patrick Morton; Klaus, Christopher W., Method and system for dynamically protecting a computer system from attack.
상세보기
Walker Jeffrey H., Method and system for reducing the volume of audit data and normalizing the audit data received from heterogeneous sources.
상세보기
Mayer, Alain Jules; Laing, Brian; Lloyd, Michael, Methods and apparatus for prioritization of remediation techniques for network security risks.
상세보기
Mayer, Alain Jules; Laing, Brian; Lloyd, Michael, Network security visualization methods, apparatus and graphical user interfaces.
상세보기
Szor, Peter; Sobel, William E., Refining behavioral detections for early blocking of malicious code.
상세보기
Ithal, Ravishankar Ganesh, Source/destination operating system type-based IDS virtualization.
상세보기
Fox,Kevin L.; Henning,Ronda R.; Farrell,John T.; Miller,Clifford C., System and method for assessing the security posture of a network.
상세보기
Andres, Steven G.; Cole, David M.; Cummings, Thomas Gregory; Garcia, Roberto Ramon; Kenyon, Brian Michael; Kurtz, George R.; McClure, Stuart Cartier; Moore, Christopher William; O'Dea, Michael J.; Saruwatari, Ken D., System and method of managing network security risks.
상세보기
McFarlane, Bradley Kenneth; Wiemer, Douglas; McNamee, Kevin, Systems and methods of associating security vulnerabilities and assets.
상세보기
Thrower, Woodrow A.; Bhattacharya, Sourav S., Threat analysis.
상세보기
Tidwell,Kenny; Saurabh,Kumar; Dash,Debabrata; Njemanze,Hugh S.; Kothari,Pravin S., Threat detection in a network security system.
상세보기
Anzai, Kousuke; Arai, Masato; Nagai, Yasuhiko; Matsumoto, Hidaka, Tool, method, and program for supporting system security design/evaluation.
상세보기
Tamura, Naohiro; Habu, Takuya; Morita, Mayuko; Torii, Satoru; Koyano, Osamu, Unauthorized access prevention system.
상세보기

이 특허를 인용한 특허 (7)

Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
상세보기
Schrecker, Sven; Ritter, Stephen; Nakawatase, Ryan, Asset risk analysis.
상세보기
Adams, Phillip M., Computer system vulnerability analysis apparatus and method.
상세보기
Adams, Phillip M., Computer system vulnerability analysis apparatus and method.
상세보기
Adams, Phillip M., Computer system vulnerability analysis apparatus and method.
상세보기
Ishimura, Takanari, Information processing apparatus, information processing method, and non-transitory computer readable medium.
상세보기
Ben-Or, Pinchas; Robins, Simon; Cohen-Ganor, Shlomi; Avneon, Yoav; Shnaider, Diana, Method and system for behavioral and risk prediction in networks using automatic feature generation and selection using network topolgies.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Asset risk analysis 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (19)

이 특허를 인용한 특허 (7)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Asset risk analysis 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (19)

이 특허를 인용한 특허 (7)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트