Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020112214 - PEOPLE-CENTRIC THREAT SCORING

Publication Number WO/2020/112214
Publication Date 04.06.2020
International Application No. PCT/US2019/051281
International Filing Date 16.09.2019
IPC
G06F 21/57 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
G06F 21/577
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
577Assessing vulnerabilities and evaluating computer system security
H04L 63/102
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
102Entity profiles
H04L 63/105
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
105Multiple levels of security
H04L 63/1433
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1433Vulnerability analysis
H04L 63/20
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
20for managing network security; network security policies in general
Applicants
  • PROOFPOINT, INC. [US]/[US]
Inventors
  • BURNS, Bryan Robert
  • KNIGHT, David Robert
  • IEZZONI, Christopher Anthony
Agents
  • KAPUR, Rajit
  • ALMETER, Elizabeth A.
Priority Data
16/278,01615.02.2019US
62/774,05530.11.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) PEOPLE-CENTRIC THREAT SCORING
(FR) SCORE DE MENACE CENTRÉ SUR LES PERSONNES
Abstract
(EN)
The subject disclosure relates to methods for assessing cyber-security risks, and in particular for calculating a risk-index for multiple users of a computer network. In some implementations, a process of the disclosed technology includes steps for determining a privileged index for each of a plurality of network users, determining a vulnerability index for each of the plurality of network users, calculating a threat score for one or more cyber-security attacks directed at each of the plurality of network users, and calculating a risk-index for at least one network user from among the plurality of network users, wherein the risk-index is based on the privileged index, the vulnerability index, and the threat score associated with each of the network users. Systems and machine-readable media are also provided.
(FR)
L'invention concerne des procédés d'évaluation de risques de cybersécurité et, en particulier, de calcul d'un indice de risque pour de multiples utilisateurs d'un réseau informatique. Dans certains modes de réalisation, un processus de la technologie de l'invention contient des étapes consistant à déterminer un indice privilégié pour chaque utilisateur d'une pluralité d'utilisateurs de réseau, déterminer un indice de vulnérabilité pour chaque utilisateur de la pluralité d'utilisateurs de réseau, calculer un score de menace pour une ou plusieurs attaques de cybersécurité visant chaque utilisateur de la pluralité d'utilisateurs de réseau, et calculer un indice de risque pour au moins un utilisateur de réseau parmi la pluralité d'utilisateurs de réseau, l'indice de risque étant basé sur l'indice privilégié, l'indice de vulnérabilité et le score de menace associés à chacun des utilisateurs de réseau. L'invention concerne également des systèmes et des supports lisibles par machine.
Also published as
Latest bibliographic data on file with the International Bureau