Framework and methodology for supply chain lifecycle analytics
US-9992219-B1 · Jun 5, 2018 · US
Methods, systems, and program product for analyzing cyber-attacks based on identified business impacts on businesses
US10999301B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10999301-B2 |
| Application number | US-201715822938-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 27, 2017 |
| Priority date | Nov 27, 2017 |
| Publication date | May 4, 2021 |
| Grant date | May 4, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and program products for analyzing cyber-attacks on computing systems of a business are disclosed. The methods may include detecting each of the plurality of cyber-attacks. The plurality of cyber-attacks may target information systems stored on at least one information technology (IT) component of an infrastructure of the computing system of the business. The methods may also include determining cyber-attack data relating to the plurality of cyber-attacks, identifying a business impact on the business for each of the plurality of cyber-attacks. The identified business impact on the business for the plurality of cyber-attacks may be based on predetermined business impact data and the determined cyber-attack data. Additionally, the method may include prioritizing the plurality of cyber-attacks attempted on the computing system based on the identified business impact on the business for each of the plurality of cyber-attacks.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for analyzing a plurality of cyber-attacks, the method comprising: detecting, with a first computing system, each of the plurality of cyber-attacks attempted on a computing system of a business, each of the plurality of cyber-attacks targeting information systems stored on at least one information technology (IT) component of an infrastructure of the computing system of the business; determining cyber-attack data relating to each of the plurality of cyber-attacks attempted on the computing system of the business, wherein determining the cyber-attack data includes: determining an initial location of each of the plurality of cyber-attacks attempted on the computing system of the business; and determining whether the initial location is external to the computing system of the business; identifying a business impact on the business for each of the plurality of cyber-attacks attempted on the computing system of the business, the identified business impact on the business for each of the plurality of cyber-attacks based on predetermined business impact data and the determined cyber-attack data, wherein identifying the business impact on the business for each of the plurality of cyber-attacks attempted on the computing system of the business comprises: generating a list of the information systems stored on the at least one IT component that are targeted by each of the plurality of cyber-attacks using the determined cyber-attack data; obtaining supplemental business impact data for the information systems included in the generated list of the information systems targeted by each of the plurality of cyber-attacks, the supplemental business impact data distinct from the predetermined business impact data, wherein the supplemental business impact data is obtained from a source that is external to and distinct from the first computing system; and identifying a hierarchy of the information systems included in the generated list of the information systems targeted by each of the plurality of cyber-attacks, the identified hierarchy of the information systems indicating a relative importance of the respective information systems and being based on the predetermined business impact data and the obtained supplemental business impact data; prioritizing the plurality of cyber-attacks attempted on the computing system of the business based on the identified business impact on the business for each of the plurality of cyber-attacks attempted on the computing system of the business, wherein the prioritizing includes generating a prioritized list that includes a sequential order in which to mitigate each cyber-attack of the plurality of cyber-attacks; and obtaining supplemental cyber-attack data relating to each of the plurality of cyber-attacks attempted on the computing system of the business, the supplemental cyber-attack data obtained from at least one external system distinct from the computing system of the business, wherein the supplemental cyber-attack data identifies at least one other system distinct from the computing system of the business that may be under similar cyber-attacks. 2. The method of claim 1 , wherein determining the cyber-attack data relating to each of the plurality of cyber-attacks attempted on the computing system of the business further comprises: determining if each of the plurality of cyber-attacks are new to the computing system of the business; determining a type of cyber-attack for each of the plurality of cyber-attacks attempted on the computing system of the business; identifying a risk of attack for each of the plurality of cyber-attacks attempted on the computing system of the business; and generating a cyber-attack map for each of the plurality of cyber-attacks attempted on the computing system of the business, the generated cyber-attack map for each of the plurality of cyber-attacks identifying: a first information system of the infrastructure of the computing system of the business in which the cyber-attack originates; and at least one, subsequent information system of the infrastructure in which the cyber-attack targets in conjunction with the first information system. 3. The method of claim 1 , wherein identifying the business impact on the business for each of the plurality of cyber-attacks attempted on the computing system of the business is based on the obtained supplemental cyber-attack data. 4. The method of claim 1 , wherein prioritizing the plurality of cyber-attacks attempted on the computing system of the business further comprise at least one of: identifying a first cyber-attack of the plurality of cyber-attacks to be mitigated first, the first identified cyber-attack including a first identified business impact on the business; identifying a second cyber-attack of the plurality of cyber-attacks to be mitigated after the first cyber-attack, the second identified cyber-attack including a second identified business impact on the business, wherein the second identified business impact of the second cyber-attack is less detrimental to the business than the first identified business impact of the first cyber-attack. 5. The method of claim 1 , wherein the prioritized list includes: the plurality of cyber-attacks ordered from the highest business impact on the business to the lowest business impact on the business; and mitigating actions for each of the plurality of cyber-attacks. 6. The method of claim 1 , wherein the supplemental cyber-attack data identifies a calculated risk of the cyber-attacks as determined by an independent source. 7. A computer program product for analyzing a plurality of cyber-attacks, the computer program product comprising: one or more computer-readable storage medium and program instructions stored on at least one of the one or more computer-readable storage medium, the program instructions executable by a processor to cause the processor to perform a method comprising: detecting each of the plurality of cyber-attacks attempted on a computing system of a business, each of the plurality of cyber-attacks targeting information systems stored on at least one information technology (IT) component of an infrastructure of the computing system of the business; determining cyber-attack data relating to each of the plurality of cyber-attacks attempted on the computing system of the business, wherein determining the cyber-attack data includes: determining an initial location of each of the plurality of cyber-attacks attempted on the computing system of the business; and determining whether the initial location is internal to the computing system of the business; identifying a business impact on the business for each of the plurality of cyber-attacks attempted on the computing system of the business, the identified business impact on the business for each of the plurality of cyber-attacks based on predetermined business impact data and the determined cyber-attack data, wherein identifying the business impact on the business for each of the plurality of cyber-attacks attempted on the computing system of the business comprises: generating a list of the information systems stored on the at least one IT component that are targeted by each of the plurality of cyber-attacks using the determined cyber-attack data; obtaining supplemental business impact data for the information systems included in the generated list of the information systems targeted by each of the plurality of cyber-attacks, the supplemental business impact data distinct from the predetermined business impact data, wherein the supplemental business impact data is obtained from a source that is external to and distinct from a first computing system that includes the processor; and identifying a hierarchy of the inform
Assignees
Inventors
Classifications
- H04L63/1433Primary
Vulnerability analysis · CPC title
Tracing the source of attacks · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Certifying business or products · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10999301B2 cover?
- Methods, systems, and program products for analyzing cyber-attacks on computing systems of a business are disclosed. The methods may include detecting each of the plurality of cyber-attacks. The plurality of cyber-attacks may target information systems stored on at least one information technology (IT) component of an infrastructure of the computing system of the business. The methods may also …
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 04 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).