IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0354181
(2012-01-19)
|
등록번호 |
US-8595845
(2013-11-26)
|
발명자
/ 주소 |
- Basavapatna, Prasanna Ganapathi
- Kolingivadi, Deepakeshwaran
- Schrecker, Sven
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
26 인용 특허 :
4 |
초록
▼
A standardized vulnerability score is identified for a particular vulnerability in a plurality of known vulnerabilities, the standardized vulnerability score indicating a relative level of risk associated with the particular vulnerability relative other vulnerabilities. A vulnerability detection sco
A standardized vulnerability score is identified for a particular vulnerability in a plurality of known vulnerabilities, the standardized vulnerability score indicating a relative level of risk associated with the particular vulnerability relative other vulnerabilities. A vulnerability detection score is determined that indicates an estimated probability that a particular asset possess the particular vulnerability and a vulnerability composite score is determined for the particular asset to the particular vulnerability, the vulnerability composite score derived from the standardized vulnerability score and the vulnerability detection score. A countermeasure component score is identified that indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset. A risk metric for the particular asset and the particular vulnerability is determined from the vulnerability composite score and the countermeasure component score. In some instances, aggregate risk scores can be calculated from a plurality of calculated risk metrics.
대표청구항
▼
1. At least one machine accessible, non-transitory storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to: receive vulnerability definition data, using a hardware processor, including, for each of a plurality of vulnerabilities, an indica
1. At least one machine accessible, non-transitory storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to: receive vulnerability definition data, using a hardware processor, including, for each of a plurality of vulnerabilities, an indication of the vulnerability, an identification of one or more countermeasures that reduce a risk associated with possession of the vulnerability by an asset, an indication of a level of protection potentially afforded by each countermeasure for the vulnerability, and applicability information describing one or more configurations of assets to which the vulnerability applies;receive vulnerability detection data, countermeasure detection data, and configuration data for each of one or more assets, wherein the vulnerability detection data for each asset identifies vulnerabilities applicable to the asset, the countermeasure detection data for each asset identifying one or more countermeasures protecting the asset, and the configuration data for each asset describes a configuration of the asset; anddetermine a respective risk metric for each of the one or more assets for each of the one or more vulnerabilities, wherein determining the risk metric includes, for each asset and each vulnerability: identifying a standardized vulnerability score for the vulnerability, wherein the standardized vulnerability score indicates a relative level of risk associated with the vulnerability relative to other vulnerabilities in the plurality of vulnerabilities;determining a vulnerability detection score for the asset from the vulnerability detection data for the asset;determining a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score;determining a countermeasure component score from the vulnerability definition data and the countermeasure detection data, wherein determining the countermeasure component score includes analyzing the level of protection afforded by each countermeasure identified in both the vulnerability definition data for the vulnerability and in the countermeasure data as protecting the asset; anddetermining the risk metric for the asset and the vulnerability from the vulnerability composite score and the countermeasure component score. 2. The non-transitory storage medium of claim 1, wherein the standardized vulnerability score includes a standardized component and an environmental component adjusting the standardized component to features of a particular system including the asset. 3. The non-transitory storage medium of claim 2, wherein the environmental component represents, at least in part, criticality of the asset within the particular system. 4. The non-transitory storage medium of claim 3, wherein the environmental component is derived based on criticality information for the asset, wherein the criticality information defining an impact of losing the asset. 5. The non-transitory storage medium of claim 2, wherein each of the standardized component and environmental component include data describing a confidentiality impact to assets based on the vulnerability, an integrity impact to assets based on the vulnerability, and an availability impact to assets based on the vulnerability. 6. The non-transitory storage medium of claim 2, wherein the standardized component includes a temporal component reflecting changes to risk posed by the vulnerability over time. 7. The non-transitory storage medium of claim 2, wherein the standardized vulnerability score is based, at least in part, on the standard score of the Common Vulnerability Scoring System (CVSS). 8. The non-transitory storage medium of claim 1, wherein the countermeasure component score is derived from at least the countermeasure protection data and the countermeasure detection data. 9. The non-transitory storage medium of claim 8, wherein the countermeasure component score is further derived from the configuration data for the asset. 10. The non-transitory storage medium of claim 8, wherein identifying the countermeasure component score includes calculating the countermeasure component score. 11. The non-transitory storage medium of claim 7, wherein the vulnerability detection score is derived from at least the vulnerability detection data. 12. The non-transitory storage medium of claim 10, wherein the vulnerability detection score is further derived from the configuration data for the asset. 13. The method of claim 1, wherein the determined risk metric for the asset is a vulnerability-centric risk metric, the method further comprising determining a threat-centric risk metric for the asset, wherein determining a threat-centric risk metric for the asset includes: determining a threat factor for the asset and particular threat, wherein the threat factor is derived from a threat severity score estimating a severity of the particular threat and an applicability score estimating the applicability of the particular threat to the asset;determining a threat exposure factor for the asset and the particular threat, wherein the threat exposure factor is derived from the threat factor, a vulnerability component score, and a threat countermeasure component score, wherein the vulnerability component score indicates whether the asset is vulnerable to the particular threat, and the countermeasure component score is derived from an estimate of a likelihood that a second countermeasure will mitigate the effect of an attack on the asset relating to the particular threat; andwherein the threat-centric risk metric for the asset and the particular threat is determined from the threat exposure factor and a criticality score for the asset, wherein the criticality score represents an impact of losing the asset. 14. The method non-transitory storage medium of claim 13, wherein the threat takes advantage of the vulnerability, the vulnerability component score is equal to the vulnerability detection score, and the countermeasure is the second countermeasure. 15. The non-transitory storage medium of claim 14, wherein respective calculated values of the determined vulnerability-centric metric and threat-centric metric are different. 16. The non-transitory storage medium of claim 1, wherein the standardized vulnerability score has a value within a predefined range. 17. The non-transitory storage medium of claim 1, wherein the standardized countermeasure component score has a value within a predefined range. 18. The non-transitory storage medium of claim 1, wherein at least one or more vulnerabilities in the plurality of known vulnerabilities are associated with at least one in a plurality of known threats, and the vulnerability is not associated with any of the plurality of known threats. 19. A method comprising: receiving vulnerability definition data, using a hardware processor, including, for each of a plurality of vulnerabilities, an indication of the vulnerability, an identification of one or more countermeasures that reduce a risk associated with possession of the vulnerability by an asset, an indication of a level of protection potentially afforded by each countermeasure for the vulnerability, and applicability information describing one or more configurations of assets to which the vulnerability applies;receiving vulnerability detection data, countermeasure detection data, and configuration data for each of one or more assets, wherein the vulnerability detection data for each asset identifies vulnerabilities applicable to the asset, the countermeasure detection data for each asset identifying one or more countermeasures protecting the asset, and the configuration data for each asset describes a configuration of the asset; anddetermining a respective risk metric for each of the one or more assets for each of the one or more vulnerabilities, wherein determining the risk metric includes, for each asset and each vulnerability: identifying a standardized vulnerability score for the vulnerability, wherein the standardized vulnerability score indicates a relative level of risk associated with the vulnerability relative to other vulnerabilities in the plurality of vulnerabilities;determining a vulnerability detection score for the asset from the vulnerability detection data for the asset;determining a vulnerability composite score for the asset to the vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score;determining a countermeasure component score from the vulnerability definition data and the countermeasure detection data, wherein determining the countermeasure component score includes analyzing the level of protection afforded by each countermeasure identified in both the vulnerability definition data for the vulnerability and in the countermeasure data as protecting the asset; anddetermining the risk metric for the asset and the vulnerability from the vulnerability composite score and the countermeasure component score. 20. The method of claim 19, further comprising: determining a respective risk metric for the asset and each of the plurality of vulnerabilities; anddetermining an aggregate risk metric for the asset from the respective risk metrics for the asset and each of the plurality of vulnerabilities. 21. The method of claim 20, wherein the aggregate risk metric is one of: a sum of the respective risk metrics, a mean of the respective risk metrics, a maximum of the respective risk metrics, a minimum of the respective risk metrics, or a mode of the respective risk metrics. 22. The method of claim 20, further comprising: selecting a group of assets including the asset;determining an aggregate risk metric for each asset in the group of assets; anddetermining an aggregate risk metric for the group of assets from the aggregate risk metric for each asset in the group of assets. 23. The method of claim 19, further comprising: determining a respective risk metric for each of a plurality of assets and the vulnerability; anddetermining an aggregate risk metric for the vulnerability from the respective risk metrics for each of the plurality of assets and the vulnerability. 24. The method of claim 19, wherein the risk metric is a vulnerability-centric risk metric and the method further comprises: receiving threat definition data, the threat definition data including, for each of a plurality of threats, an identification of the threat, an identification of one or more countermeasures that reduce a risk that the threat will affect an asset, protection data describing a protection score for each countermeasure for the threat, and applicability data describing one or more configurations of assets to which the threat applies; anddetermining a respective threat-centric risk metric, the determining including, for each asset and each threat: determining an applicability score for the asset and the threat from the applicability data and the configuration data, wherein the applicability score has a first applicability value when the threat is applicable to the configuration of the asset and a different second applicability value when the threat is not applicable to the configuration of the asset;determining a vulnerability score for the asset and the threat from the vulnerability detection data for the asset;determining a countermeasure score from the threat definition data and the countermeasure detection data, wherein the generating comprises analyzing the protection score for each countermeasure that is both identified in the threat definition data for the threat and identified in the countermeasure data as protecting the asset, wherein the countermeasure score has a value within a predefined range; anddetermining the threat-centric risk metric for the particular asset for the particular threat from the applicability score, the vulnerability score, and the countermeasure score. 25. The method of claim 24, further comprising: determining a respective vulnerability-centric risk metric for the asset and each of the plurality of vulnerabilities;determining an aggregate vulnerability-centric risk metric for the asset from the respective risk metrics for the asset and each of the plurality of vulnerabilities;determining a respective threat-centric risk metric for the asset and each of the plurality of threats; anddetermining an aggregate threat-centric risk metric for the asset from the respective risk metrics for the asset and each of the plurality of threats. 26. A system comprising: at least one processor device;at least one memory element, communicatively coupled to the processor device; anda network monitor, adapted when executed by the at least one processor device to: receive vulnerability definition data, using a hardware processor, including, for each of a plurality of vulnerabilities, an indication of the vulnerability, an identification of one or more countermeasures that reduce a risk associated with possession of the vulnerability by an asset, an indication of a level of protection potentially afforded by each countermeasure for the vulnerability, and applicability information describing one or more configurations of assets to which the vulnerability applies;receive vulnerability detection data, countermeasure detection data, and configuration data for each of one or more assets, wherein the vulnerability detection data for each asset identifies vulnerabilities applicable to the asset, the countermeasure detection data for each asset identifying one or more countermeasures protecting the asset, and the configuration data for each asset describes a configuration of the asset; anddetermine a respective risk metric for each of the one or more assets for each of the one or more vulnerabilities, wherein determining the risk metric includes, for each asset and each vulnerability:identifying a standardized vulnerability score for the vulnerability, wherein the standardized vulnerability score indicates a relative level of risk associated with the vulnerability relative to other vulnerabilities in the plurality of vulnerabilities;determining a vulnerability detection score for the asset from the vulnerability detection data for the asset;determining a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score;determining a countermeasure component score from the vulnerability definition data and the countermeasure detection data, wherein determining the countermeasure component score includes analyzing the level of protection afforded by each countermeasure identified in both the vulnerability definition data for the vulnerability and in the countermeasure data as protecting the asset; anddetermining the risk metric for the asset and the vulnerability from the vulnerability composite score and the countermeasure component score.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.