P
US9270694B2ActiveUtilityPatentIndex 79

Systems and methods for assessing security for a network of assets and providing recommendations

Assignee: Rapid7 LLCPriority: May 21, 2013Filed: May 21, 2013Granted: Feb 23, 2016
Est. expiryMay 21, 2033(~6.9 yrs left)· nominal 20-yr term from priority
Inventors:LODER CHADWOLF DANA ELIZABETHHATHAWAY MATTHEW ROBERT
H04L 41/082H04L 63/1433H04L 41/0893G06F 9/45558G06F 21/577H04L 41/0856G06F 21/554
79
PatentIndex Score
8
Cited by
5
References
39
Claims

Abstract

A security assessment tool can determine computer assets in a network and provide an overall security score for the network. The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets, counter measures deployed in the network to address the potential security threats, and the effectiveness of the counter measures. Based on the overall security assessment, the security assessment tool can provide recommendations for improving the security of the network.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for determining an objective security assessment for a network, the method comprising:
 determining computer assets in the network; 
 determining an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network; 
 determining, by a processor, an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures; 
 determining at least one recommendation for improving the overall security score; and 
 outputting the at least one recommendation and the overall security score, 
 wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, and 
 wherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets. 
 
     
     
       2. The computer-implemented method of  claim 1 , the method further comprising:
 determining, at a later time, a change in the actual deployment of the counter measures; and 
 determining a new overall security score for the network based at least in part on the change in the actual deployment and the effectiveness of the counter measures. 
 
     
     
       3. The computer-implemented method of  claim 2 , the method further comprising:
 outputting the new overall security score; 
 outputting a change in the new overall security score relative to the overall security score; and 
 outputting at least one new recommendation for improving the overall security score. 
 
     
     
       4. The computer-implemented method of  claim 2 , wherein the change in the actual deployment corresponds to at least one of a performance of the at least one recommendation and a change in the computer assets in the network. 
     
     
       5. The computer-implemented method of  claim 1 , wherein determining the assets in the computer network comprises at least one of:
 scanning the network for one or more of the computer assets; and 
 receiving, via an interface, an identification of one or more of the computer assets. 
 
     
     
       6. The computer-implemented method of  claim 1 , wherein determining the actual deployment of counter measures comprises:
 determining security information of the computer assets, wherein the security information comprises at least one of identification of security software installed on the computer assets, vulnerabilities on the computer assets, system settings of the computer assets, security settings of the computer assets, configuration policies of the computer assets, security policies of the computer assets, access information for the computer assets, details of software installed on the computer assets, and a comparison of the access information and the security setting for the computer assets; 
 determining, based at least in part on the security information, at least one of the counter measures associated with the network; and 
 determining, based at least in part on the security information, a coverage of the at least one of the counter measures within the network. 
 
     
     
       7. The computer-implemented method of  claim 6 , wherein determining the security information comprises at least one of:
 receiving, via an interface, a portion of the security information from a user; and 
 automatically discovering a portion of the security information. 
 
     
     
       8. The computer-implemented method of  claim 1 , wherein the actual effectiveness and the possible effectiveness of the counter measures is based on at least one of:
 empirical testing of counter measures versus actual security threats; survey of security experts including commonly understood best practices; and results of findings by security research organizations. 
 
     
     
       9. The computer-implemented method of  claim 1 , wherein the at least one recommendation comprises at least one of deploying a new counter measure, changing a security setting of the computer assets, changing a system setting of the computer assets, changing a security policy of the computer assets, updating software of the computer assets, installing security software on the computer assets, and improving access information for the computer assets. 
     
     
       10. The computer-implemented method of  claim 1 , the method further comprising:
 receiving, via an interface, a selection of the at least one recommendation; and 
 outputting instructions for implementing the at least one recommendation. 
 
     
     
       11. The computer-implemented method of  claim 1 , the method further comprising:
 determining an amount that each of the potential security threats contributes to the overall security score; 
 ranking each of the potential security threats based at least in part on one of the frequency of the threat in empirical testing, the potential impact of the threat, or likelihood of the threat succeeding to determine the amount that each of the potential security threats contributes to the overall security score; and 
 outputting the potential security threats ordered according to the ranking. 
 
     
     
       12. The computer-implemented method of  claim 11 , the method further comprising:
 receiving, via an interface, at least one of the potential security threats that is a priority; 
 re-ranking each of the potential security threats based at least in part on the at least one of the potential security threats being a priority; and 
 outputting the potential security threats ordered according to the re-ranking. 
 
     
     
       13. The computer-implemented method of  claim 1 , wherein the computer assets comprises at least one of a physical computer system, physical computer hardware, and a virtual computer system. 
     
     
       14. A system for determining an objective security assessment, the system comprising:
 a network interface to a network of computer assets; 
 one or more memory device storing instructions; and 
 one or more processors coupled to the network interface and the one or more memory devices, the one or more processors being configured to execute the instructions to perform a method comprising:
 determining computer assets in the network; 
 determining an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network; 
 determining an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures; 
 determining at least one recommendation for improving the overall security score; and 
 outputting the at least one recommendation and the overall security score, 
 wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, and 
 wherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets. 
 
 
     
     
       15. The system of  claim 14 , wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
 determining, at a later time, a change in the actual deployment of the counter measures; and 
 determining a new overall security score for the network based at least in part on the change in the actual deployment and the effectiveness of the counter measures. 
 
     
     
       16. The system of  claim 15 , wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
 outputting the new overall security score; 
 outputting a change in the new overall security score relative to the overall security score; and 
 outputting at least one new recommendation for improving the overall security score. 
 
     
     
       17. The system of  claim 15 , wherein the change in the actual deployment corresponds to at least one of a performance of the at least one recommendation and a change in the computer assets in the network. 
     
     
       18. The system of  claim 14 , wherein determining the assets in the computer network comprises at least one of:
 scanning the network for one or more of the computer assets; and 
 receiving, via an interface, an identification of one or more of the computer assets. 
 
     
     
       19. The system of  claim 14 , wherein determining the actual deployment of counter measures comprises:
 determining security information of the computer assets, wherein the security information comprises at least one of identification of security software installed on the computer assets, vulnerabilities on the computer assets, system settings of the computer assets, security settings of the computer assets, configuration policies of the computer assets, security policies of the computer assets, access information for the computer assets, details of software installed on the computer assets, and a comparison of the access information and the security setting for the computer assets; 
 determining, based at least in part on the security information, at least one of the counter measures associated with the network; and 
 determining, based at least in part on the security information, a coverage of the at least one of the counter measures within the network. 
 
     
     
       20. The system of  claim 19 , wherein determining the security information comprises at least one of:
 receiving, via an interface, a portion of the security information from a user; and 
 automatically discovering a portion of the security information. 
 
     
     
       21. The system of  claim 14 , wherein the actual effectiveness and the possible effectiveness of the counter measures is based on at least one of:
 empirical testing of counter measures versus actual security threats; survey of security experts including commonly understood best practices; and results of findings by security research organizations. 
 
     
     
       22. The system of  claim 14 , wherein the at least one recommendation comprises at least one of deploying a new counter measure, changing a security setting of the computer assets, changing a system setting of the computer assets, changing a security policy of the computer assets, updating software of the computer assets, installing security software on the computer assets, and improving access information for the computer assets. 
     
     
       23. The system of  claim 14 , wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
 receiving, via an interface, a selection of the at least one recommendation; and 
 outputting instructions for implementing the at least one recommendation. 
 
     
     
       24. The system of  claim 14 , wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
 determining an amount that each of the potential security threats contributes to the overall security score; 
 ranking each of the potential security threats based at least in part on one of the frequency of the threat in empirical testing, the potential impact of the threat, or likelihood of the threat succeeding to determine the amount that each of the potential security threats contributes to the overall security score; and 
 outputting the potential security threats ordered according to the ranking. 
 
     
     
       25. The system of  claim 24 , wherein the one or more processors are configured to execute the instructions to perform the method further comprising:
 receiving, via an interface, at least one of the potential security threats that is a priority; 
 re-ranking each of the potential security threats based at least in part on the at least one of the potential security threats being a priority; and 
 outputting the potential security threats ordered according to the re-ranking. 
 
     
     
       26. The system of  claim 14 , wherein the computer assets comprises at least one of a physical computer system, physical computer hardware, and a virtual computer system. 
     
     
       27. A non-transitory computer readable storage medium comprising instructions for causing one or more processors to perform a method for determining an objective security assessment for a network, the method comprising:
 determining computer assets in the network; 
 determining, by a security assessment tool, an actual deployment of counter measures associated with the network, wherein the counter measures address potential security threats to the network; 
 determining, by a processor, an overall security score for the network based at least in part on the actual deployment of the counter measures and an effectiveness of the counter measures; 
 determining at least one recommendation for improving the overall security score; and 
 outputting the at least one recommendation and the overall security score, 
 wherein the overall security score comprises a security score of each of the counter measures associated with the computer assets, the security score of each of the counter measures being based at least in part on an actual effectiveness score that represents the actual deployment of each of the counter measures and a possible effectiveness score that represents a possible deployment of each of the counter measures, and 
 wherein outputting the at least one recommendation and the overall security score further comprises outputting the security score of each of the counter measures deployed on the computer assets. 
 
     
     
       28. The non-transitory computer readable storage medium of  claim 27 , the method further comprising:
 determining, at a later time, a change in the actual deployment of the counter measures; and 
 determining a new overall security score for the network based at least in part on the change in the actual deployment and the effectiveness of the counter measures. 
 
     
     
       29. The non-transitory computer readable storage medium of  claim 28 , the method further comprising:
 outputting the new overall security score; 
 outputting a change in the new overall security score relative to the overall security score; and 
 outputting at least one new recommendation for improving the overall security score. 
 
     
     
       30. The non-transitory computer readable storage medium of  claim 28 , wherein the change in the actual deployment corresponds to at least one of a performance of the at least one recommendation and a change in the computer assets in the network. 
     
     
       31. The non-transitory computer readable storage medium of  claim 27 , wherein determining the assets in the computer network comprises at least one of:
 scanning the network for one or more of the computer assets; and 
 receiving, via an interface, an identification of one or more of the computer assets. 
 
     
     
       32. The non-transitory computer readable storage medium of  claim 27 , wherein determining the actual deployment of counter measures comprises:
 determining security information of the computer assets, wherein the security information comprises at least one of identification of security software installed on the computer assets, vulnerabilities on the computer assets, system settings of the computer assets, security settings of the computer assets, configuration policies of the computer assets, security policies of the computer assets, access information for the computer assets, details of software installed on the computer assets, and a comparison of the access information and the security setting for the computer assets; 
 determining, based at least in part on the security information, at least one of the counter measures associated with the network; and 
 determining, based at least in part on the security information, a coverage of the at least one of the counter measures within the network. 
 
     
     
       33. The non-transitory computer readable storage medium of  claim 32 , wherein determining the security information comprises at least one of:
 receiving, via an interface, a portion of the security information from a user; and 
 automatically discovering a portion of the security information. 
 
     
     
       34. The non-transitory computer readable storage medium of  claim 27 , wherein the actual effectiveness and the possible effectiveness of the counter measures is based on at least one of:
 empirical testing of counter measures versus actual security threats; survey of security experts including commonly understood best practices; and results of findings by security research organizations. 
 
     
     
       35. The non-transitory computer readable storage medium of  claim 27 , wherein the at least one recommendation comprises at least one of deploying a new counter measure, changing a security setting of the computer assets, changing a system setting of the computer assets, changing a security policy of the computer assets, updating software of the computer assets, installing security software on the computer assets, and improving access information for the computer assets. 
     
     
       36. The non-transitory computer readable storage medium of  claim 27 , the method further comprising:
 receiving, via an interface, a selection of the at least one recommendation; and 
 outputting instructions for implementing the at least one recommendation. 
 
     
     
       37. The non-transitory computer readable storage medium of  claim 27 , the method further comprising:
 determining an amount that each of the potential security threats contributes to the overall security score; 
 ranking each of the potential security threats based at least in part on one of the frequency of the threat in empirical testing, the potential impact of the threat, or likelihood of the threat succeeding to determine the amount that each of the potential security threats contributes to the overall security score; and 
 outputting the potential security threats ordered according to the ranking. 
 
     
     
       38. The non-transitory computer readable storage medium of  claim 37 , the method further comprising:
 receiving, via an interface, at least one of the potential security threats that is a priority; 
 re-ranking each of the potential security threats based at least in part on the at least one of the potential security threats being a priority; and 
 outputting the potential security threats ordered according to the re-ranking. 
 
     
     
       39. The non-transitory computer readable storage medium of  claim 27 , wherein the computer assets comprises at least one of a physical computer system, physical computer hardware, and a virtual computer system.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.