US2018131713A1PendingUtilityA1

Site security monitor

40
Assignee: WHITEHAT SECURITY INCPriority: Oct 1, 2014Filed: Aug 21, 2017Published: May 10, 2018
Est. expiryOct 1, 2034(~8.2 yrs left)· nominal 20-yr term from priority
H04L 63/1433G06F 21/577
40
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Techniques for monitoring site security are disclosed herein. Sites are scanned for security metric values associated with one or more security metrics. Normalized values for those scanned security metric values are calculated based on previously obtained values associated with one or more other security metrics associated with other scanned sites. Site security metrics are then calculated for the sites based on a subset of the normalized values and based at least in part on a comparison to other scanned sites.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A computer-implemented method for generating a trustworthiness index, comprising:
 under the control of one or more computer systems configured with executable instructions,
 measuring one or more security factor values, each security factor value associated with a security factor of a set of security factors, the one or more security factor values measured based at least in part on a set of security scans of a first set of sites, the set of security scans comprising a plurality of security scans, the set of security scans performed over a non-zero time span; 
 generating, for one or more sites of the first set of sites, a first set of security indices associated with one or more of the set of security factors, each security index of the first set of security indices based at least in part on the one or more security factor values; 
 calculating one or more normalized security indices associated with first set of security indices by at least:
 a) retrieving, from a data store, a second set of security indices, each security index of the second set of security indices associated with a site of a second set of sites, the second set of sites at least including one or more sites differing from one or more of the first set of sites; and 
 b) normalizing one or more of the first set of security indices to produce the one or more normalized security indices based at least in part on one or more of the second set of security indices; 
 
 providing the one or more of the one or more normalized security indices to the data store; and 
 providing, to the data store, a trustworthiness index associated with one or more associated sites of the first set of sites, the trustworthiness index based at least in part on combining one or more of the one or more normalized security indices. 
   
     
     
         2 . The computer-implemented method of  claim 1 , wherein combining the one or more normalized security indices is based at least in part on a weighted combination of the one or more normalized security indices. 
     
     
         3 . The computer-implemented method of  claim 1 , further comprising:
 retrieving, from the data store, a set trustworthiness indices, each trustworthiness index of the set of trustworthiness indices associated with one or more sites of a third set of sites, the third set of sites at least including one or more sites differing from a customer site; and   inferring a site security index associated the customer site based at least in part on one or more trustworthiness indices of the set of trustworthiness indices.   
     
     
         4 . The computer-implemented method of  claim 1 , wherein the trustworthiness index is based at least in part on one or more service levels associated with the one or more associated sites. 
     
     
         5 . A system, comprising:
 at least one computing device configured to implement one or more services, wherein the one or more services are configured to:
 scan a first site for one or more first security values, each first security value associated with a security factor of a set of security factors; 
 retrieve one or more security indices from a data store for each first security value, the one or more security indices based at least in part on the security factor associated with the security value, each security index of the one or more security indices associated with a second site; 
 add a normalized security value for each first security value of the one or more first security values to a set of normalized security values, the normalized security value based at least in part on the one or more security indices; and 
 calculate a trustworthiness index associated with the first site based at least in part on a subset of the set of normalized security values. 
   
     
     
         6 . The computing system of  claim 5 , wherein the first site is a customer site. 
     
     
         7 . The computing system of  claim 5 , wherein the one or more services configured to scan the site are further configured to perform a plurality of scans of the site over a non-zero time span, each scan of the plurality of scans configured to add a second security value from the site to a set of second security values. 
     
     
         8 . The computing system of  claim 7 , wherein the normalized security value is based at least in part on a probability density function, the probability density function based at least in part on a subset of the set of second security values. 
     
     
         9 . The computing system of  claim 8 , wherein the normalized security value is based at least in part on a survivorship function, the survivorship function based at least in part on the probability density function. 
     
     
         10 . The computing system of  claim 8 , wherein the normalized security value is based at least in part on a cumulative distribution function, the cumulative distribution function based at least in part on the probability density function. 
     
     
         11 . The computing system of  claim 5 , wherein the one or more services are further configured to:
 receive, one or more trustworthiness indices associated with one or more sites, the one or more sites each having an associated set of security factors at least a subset of which are associated with the second site; and   infer a site security index from the one or more trustworthiness indices based at least in part on one or more of the set of normalized security values.   
     
     
         12 . The computing system of  claim 11 , wherein the one or more services are further configured to calculate a confidence score associated with the site security index, the confidence score based at least in part on the one or more trustworthiness indices. 
     
     
         13 . A tangible non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
 measure a set of security factor values associated with a site by performing a plurality of security scans of the site over a non-zero time span, each security factor value of the set of security factor values associated with a security factor of a set of security factors;   calculate a normalized security index associated with the security factor, the normalized security index based at least in part on a subset of the set of security factor values, the normalized security index further based at least in part on one or more security indices retrieved from a data store; and   provide a trustworthiness index based at least in part on the normalized security index.   
     
     
         14 . The tangible non-transitory computer-readable storage medium of  claim 13 , wherein the instructions further include instructions that, when executed by the one or more processors, cause the computer system to:
 receive one or more trustworthiness indices, each trustworthiness index of the one or more trustworthiness indices associated with one or more sites;   infer a site security index associated with a customer site, the customer site differing from one or more of the one or more sites; and   provide the site security index.   
     
     
         15 . The tangible non-transitory computer-readable storage medium of  claim 13 , wherein the instructions further include instructions that, when executed by the one or more processors, cause the computer system to store the trustworthiness index in the data store. 
     
     
         16 . The tangible non-transitory computer-readable storage medium of  claim 13 , wherein each scan of the plurality of scans has a scan configuration, the scan configuration specifying performance of one or more of: a surface scan, a detailed scan, a login scan, or a forms scan. 
     
     
         17 . The tangible non-transitory computer-readable storage medium of  claim 16 , wherein the scan configuration is based at least in part on a service level associated with the site. 
     
     
         18 . The tangible non-transitory computer-readable storage medium of  claim 13 , wherein the set of security factors include one or more authentication attributes. 
     
     
         19 . The tangible non-transitory computer-readable storage medium of  claim 13 , wherein the instructions that cause the computer system to calculate the normalized security index further include instructions that, when executed by the one or more processors, cause the computer system to multiply one or more security factor values in the subset of the set of security factor values by one or more weighting factors, the one or more weighting factors determined based at least in part on one or more security objectives. 
     
     
         20 . The tangible non-transitory computer-readable storage medium of  claim 19 , wherein the one or more weighting factors are configured to reward fixing one or more security vulnerabilities.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.