Patents Assigned to SecurityScorecard, Inc.
-
Patent number: 12231458Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.Type: GrantFiled: September 14, 2023Date of Patent: February 18, 2025Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh
-
Patent number: 12079756Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.Type: GrantFiled: April 12, 2023Date of Patent: September 3, 2024Assignee: SecurityScorecard, Inc.Inventors: Jue Mo, Luis Vargas, A. Robert Sohval
-
Patent number: 12041073Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: April 28, 2023Date of Patent: July 16, 2024Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
-
Patent number: 11916952Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: October 4, 2021Date of Patent: February 27, 2024Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
-
Patent number: 11785037Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.Type: GrantFiled: November 23, 2020Date of Patent: October 10, 2023Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh
-
Patent number: 11750637Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: February 22, 2021Date of Patent: September 5, 2023Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
-
Patent number: 11657352Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.Type: GrantFiled: April 26, 2021Date of Patent: May 23, 2023Assignee: SecurityScorecard, Inc.Inventors: Jue Mo, Luis Vargas, A. Robert Sohval
-
Patent number: 11475384Abstract: The present disclosure provides techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B's cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.Type: GrantFiled: September 18, 2019Date of Patent: October 18, 2022Assignee: SecurityScorecard, Inc.Inventor: Nikon Rasumov
-
Patent number: 11451572Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.Type: GrantFiled: March 27, 2020Date of Patent: September 20, 2022Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh
-
Patent number: 11386210Abstract: The present disclosure provides a method, system, and device for inquiry response mapping for determining a cybersecurity risk level of an entity. To manage and/or evaluate a cybersecurity risk level based on a relationship between a first entity and a second entity, questionnaires (e.g., requests or inquires) are often exchanged between two entities. One or more aspects of the present disclosure provide populating data sets (e.g., questionnaires) indicative of risk level for the first entity or the second entity. One or more other aspects of the present disclosure further provide determining a cybersecurity risk level of an entity by mapping responses to a plurality of inquiry sets directed to the first entity or the second entity.Type: GrantFiled: January 24, 2020Date of Patent: July 12, 2022Assignee: SecurityScorecard, Inc.Inventors: Samuel Kassoumeh, Dolly Krishnaswamy, A. Robert Sohval
-
Patent number: 11336677Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.Type: GrantFiled: November 21, 2019Date of Patent: May 17, 2022Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh
-
Patent number: 11275843Abstract: The present disclosure provides a method, system, and device for inquiry response mapping for determining a cybersecurity risk level of an entity. To manage and/or evaluate a cybersecurity risk level based on a relationship between a first entity and a second entity, questionnaires (e.g., requests or inquires) are often exchanged between two entities. One or more aspects of the present disclosure provide populating data sets (e.g., questionnaires) indicative of risk level for the first entity or the second entity. One or more other aspects of the present disclosure further provide determining a cybersecurity risk level of an entity by mapping responses to a plurality of inquiry sets directed to the first entity or the second entity.Type: GrantFiled: December 4, 2019Date of Patent: March 15, 2022Assignee: SecurityScorecard, Inc.Inventors: Samuel Kassoumeh, Dolly Krishnaswamy, A. Robert Sohval
-
Patent number: 11140192Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: December 20, 2019Date of Patent: October 5, 2021Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
-
Patent number: 11037083Abstract: The present disclosure provides techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B's cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.Type: GrantFiled: September 18, 2019Date of Patent: June 15, 2021Assignee: SecurityScorecard, Inc.Inventor: Nikon Rasumov
-
Patent number: 10990916Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.Type: GrantFiled: June 1, 2020Date of Patent: April 27, 2021Assignee: SecurityScorecard, Inc.Inventors: Jue Mo, Luis Vargas, A. Robert Sohval
-
Patent number: 10931704Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: September 25, 2019Date of Patent: February 23, 2021Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
-
Patent number: 10848517Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.Type: GrantFiled: July 17, 2020Date of Patent: November 24, 2020Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh
-
Patent number: 10671957Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.Type: GrantFiled: August 9, 2019Date of Patent: June 2, 2020Assignee: SecurityScorecard, Inc.Inventors: Jue Mo, Luis Vargas, A. Robert Sohval
-
Patent number: 10614401Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.Type: GrantFiled: July 28, 2017Date of Patent: April 7, 2020Assignee: SecurityScorecard, Inc.Inventors: Jue Mo, Luis Vargas, A. Robert Sohval
-
Patent number: 10560474Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.Type: GrantFiled: March 11, 2019Date of Patent: February 11, 2020Assignee: SecurityScorecard, Inc.Inventors: Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko