Method and system for determining cybersecurity maturity
US-2022038486-A1 · Feb 3, 2022 · US
Enhanced risk assessment
US2022103592A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022103592-A1 |
| Application number | US-202017039009-A |
| Country | US |
| Kind code | A1 |
| Filing date | Sep 30, 2020 |
| Priority date | Sep 30, 2020 |
| Publication date | Mar 31, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and related technologies for determining a risk score or value are described. The risk score determination may include accessing network traffic from a network, where the network traffic is associated with a plurality of entities. One or more values associated with one or more properties associated with an entity are determined. The one or more values may be based on the network traffic. At least one of a functional risk value, a configurational risk value, or a behavioral risk value associated with the entity are determined. A risk value for the entity is determined based on the functional risk value and at least one of the configurational risk value or the behavioral risk value associated with the entity.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: accessing network traffic from a network, wherein the network traffic is associated with a plurality of entities; determining one or more values associated with one or more properties associated with an entity, wherein the one or more values are based on the network traffic; determining at least one of a functional risk value, a configurational risk value, or a behavioral risk value associated with the entity, wherein at least one of the functional risk value, the configurational risk value, or the behavioral risk value associated with the entity is based at least one of the values associated with the one or more properties associate with the entity; determining a risk value for the entity based on the functional risk value and at least one of the configurational risk value or the behavioral risk value associated with the entity; and storing the risk value for the entity. 2 . The method of claim 1 further comprising: performing an action based on the risk value. 3 . The method of claim 1 , wherein the functional risk value is associated with at least one of asset criticality or asset acquittance associated with the entity. 4 . The method of claim 1 , wherein the configurational risk value is associated with at least one of a vulnerability, an end of life proximity, an open port, a credential, or an open share. 5 . The method of claim 1 , wherein the behavioral risk value is associated with at least one of Internet exposure, traffic posture, anomaly detection, encryption analysis, traffic reputation, or malicious activity. 6 . The method of claim 1 , wherein the risk value associated with the entity is based on at least one of a weight associated with the functional risk value, a weight associated with the configurational risk value, or a weight associated with the behavioral risk value. 7 . The method of claim 1 , wherein the risk value for the entity is determined based on at least one of an observed activity or a potential for compromise. 8 . A system comprising: a memory; and a processing device, operatively coupled to the memory, to: access network traffic from a network, wherein the network traffic is associated with a plurality of entities; determine one or more values associated with one or more properties associated with an entity, wherein the one or more values are based on the network traffic; determine at least one of a functional risk value, a configurational risk value, or a behavioral risk value associated with the entity, wherein at least one of the functional risk value, the configurational risk value, or the behavioral risk value associated with the entity is based at least one of the values associated with the one or more properties associate with the entity; determine, by the processing device, a risk value for the entity based on the functional risk value and at least one of the configurational risk value or the behavioral risk value associated with the entity; and store the risk value for the entity. 9 . The system of claim 8 , wherein the processing device further to: perform an action based on the risk value. 10 . The system of claim 8 , wherein the functional risk value is associated with at least one of asset criticality or asset acquittance associated with the entity. 11 . The system of claim 8 , wherein the configurational risk value is associated with at least one of a vulnerability, an end of life proximity, an open port, a credential, or an open share. 12 . The system of claim 8 , wherein the behavioral risk value is associated with at least one of Internet exposure, traffic posture, anomaly detection, encryption analysis, traffic reputation, or malicious activity. 13 . The system of claim 8 , wherein the risk value associated with the entity is based on at least one of a weight associated with the functional risk value, a weight associated with the configurational risk value, or a weight associated with the behavioral risk value. 14 . The system of claim 8 , wherein the risk value for the entity is determined based on at least one of an observed activity or a potential for compromise. 15 . A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processing device, cause the processing device to: access network traffic from a network, wherein the network traffic is associated with a plurality of entities; determine one or more values associated with one or more properties associated with an entity, wherein the one or more values are based on the network traffic; determine at least one of a functional risk value, a configurational risk value, or a behavioral risk value associated with the entity, wherein at least one of the functional risk value, the configurational risk value, or the behavioral risk value associated with the entity is based at least one of the values associated with the one or more properties associate with the entity; determine, by the processing device, a risk value for the entity based on the functional risk value and at least one of the configurational risk value or the behavioral risk value associated with the entity; and store the risk value for the entity. 16 . The non-transitory computer readable medium of claim 15 , wherein the instructions encoded thereon that, when executed by the processing device, cause the processing device to: perform an action based on the risk value. 17 . The non-transitory computer readable medium of claim 15 , wherein the functional risk value is associated with at least one of asset criticality or asset acquittance associated with the entity. 18 . The non-transitory computer readable medium of claim 15 , wherein the configurational risk value is associated with at least one of a vulnerability, an end of life proximity, an open port, a credential, or an open share. 19 . The non-transitory computer readable medium of claim 15 , wherein the behavioral risk value is associated with at least one of Internet exposure, traffic posture, anomaly detection, encryption analysis, traffic reputation, or malicious activity. 20 . The non-transitory computer readable medium of claim 15 , wherein the risk value associated with the entity is based on at least one of a weight associated with the functional risk value, a weight associated with the configurational risk value, or a weight associated with the behavioral risk value.
Assignees
Inventors
Classifications
Event detection, e.g. attack signature detection · CPC title
Risk-dependent, e.g. selecting a security level depending on risk profiles · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022103592A1 cover?
- Systems, methods, and related technologies for determining a risk score or value are described. The risk score determination may include accessing network traffic from a network, where the network traffic is associated with a plurality of entities. One or more values associated with one or more properties associated with an entity are determined. The one or more values may be based on the netwo…
- Who is the assignee on this patent?
- Forescout Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Mar 31 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).