Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.
Type:
Grant
Filed:
March 16, 2016
Date of Patent:
November 26, 2019
Assignee:
SecurityScorecard, Inc.
Inventors:
Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh
Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.
Abstract: The present disclosure provides techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised (e.g., the files organization A stored using B may have been compromised by the breach of B's cybersecurity). Embodiments of the present disclosure further provide a technique for calculating a cybersecurity risk score for an organization based on identified customer/vendor relationships.
Abstract: Systems and methods for mapping IP addresses to an entity include receiving at least one domain name associated with the entity. Embodiments may further include determining one or more variations of the at least one domain name based on analysis of domain name data collected from a plurality of domain name data sources that mention a variation of the at least one domain name. Some embodiments may also include identifying one or more IP addresses pointed to by the one or more variations of the entity's domain name based on analysis of IP address data collected from a plurality of IP address data sources. Additional embodiments include assigning weights to each of the identified one or more IP addresses and creating a mapping of IP addresses to associate with the entity based on analysis of the weighted one or more IP addresses.
Type:
Grant
Filed:
February 27, 2017
Date of Patent:
March 12, 2019
Assignee:
SecurityScorecard, Inc.
Inventors:
Aleksandr Yampolskiy, Rob Blackin, Samuel Kassoumeh, Nick Matviko
Abstract: A multiplier is utilized to quantify a cybersecurity risk level of a portfolio of entities (e.g., companies) and enable actions to mitigate that quantified risk. In doing so, features or attributes of one or more companies in a portfolio are compared to features or attributes of one or more companies that experienced an adverse cybersecurity event (e.g. a data breach). Further, a degree of dependency, such as a matrix of a number of shared vendors and the proximity of those vendors to the companies, can be measured between (1) portfolio companies and one or more companies that experienced a cybersecurity event, and/or (2) the portfolio companies themselves to better quantify the risk. That is, to more meaningfully analyze a cybersecurity event that occurred at one or more companies and better predict the likelihood of an occurrence at portfolio companies, embodiments can determine an n-degree interdependency between companies.
Abstract: Determining an entity's cybersecurity risk and benchmarking that risk includes non-intrusively collecting one or more types of data associated with an entity. Embodiments further include calculating a security score for at least one of the one or more types of data based, at least in part, on processing of security information extracted from the at least one type of data, wherein the security information is indicative of a level of cybersecurity. Some embodiments also comprise assigning a weight to the calculated security score based on a correlation between the extracted security information and an overall security risk determined from analysis of one or more previously-breached entities in the same industry as the entity. Additional embodiments include calculating an overall cybersecurity risk score for the entity based, at least in part, on the calculated security score and the weight assigned to the calculated security score.
Type:
Grant
Filed:
May 1, 2015
Date of Patent:
March 22, 2016
Assignee:
SecurityScorecard, Inc.
Inventors:
Aleksandr Yampolskiy, Rob Blackin, Alexander Heid, Samuel Kassoumeh