< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Methods For Optimizing An Automated Determination Of A Risk Rating Of Cyber Attack And Devices Thereof

Abstract: This technology extracts threat data in real time from received incident data on each of one or more current cyber-attacks. Classified data associated with one of a plurality of prior cyber-attacks is retrieved in real time based on the extracted threat data for each of the cyber-attacks. One of a plurality of risk priorities for each of the cyber-attacks is determined in real time based on a calculated risk rating value for each of the cyber-attacks. One of a plurality of automated resolutions for each of cyber-attacks may be identified based on the retrieved classified data. The identified one of the plurality of automated resolutions for each of the cyber-attacks may automatically executed in an order based on the determined one of the plurality of risk priorities for each of the cyber-attacks. FIG. 1

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
30 January 2015
Publication Number
07/2015
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
ipo@knspartners.com
Parent Application

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. ARUN WARIKOO
20 Dakshinapuram, JNU, New Delhi 110067, India
2. BHARAT SHETTY
201 Sunflower, Presidency Park Apartments, C.G. Kamath Road, Karangalpady, Mangalore - 575 003, India.
3. SUROOP MOHAN CHANDRAN
C-502, S3 Lifestyle Apartments, Pimple Sauadagar, Pune - 27, Maharashtra. India.

Specification

CLIAMS:We claim:
1. A method for optimizing an automated determination in real-time of a risk rating of a cyber-attack, the method comprising:
extracting, by a processor of a cyber-attack management computing device, in real time threat data from received incident data on each of one or more current cyber-attacks from one or more security issue identification systems;
retrieving, by the processor of the cyber-attack management computing device, in real time classified data associated with one of a plurality of prior cyber-attacks based on the extracted threat data for each of the one or more current cyber-attacks from one or more security incident databases;
determining and providing, by the processor of the cyber-attack management computing device, in real time one of a plurality of risk priorities for each of the one or more current cyber-attacks based on a calculated risk rating value for each of the one or more current cyber-attacks.
2. The method as set forth in claim 1 further comprising:
identifying, by the processor of the cyber-attack management computing device, one of a plurality of automated resolutions for each of the one or more current cyber-attacks based on the retrieved classified data; and
automatically executing, by the processor of the cyber-attack management computing device, the identified one of the plurality of automated resolutions for each of the one or more current cyber-attacks in an order based on the determined one of the plurality of risk priorities for each of one or more current cyber-attacks.
3. The method as set forth in claim 1 further comprising outputting, by the processor of the cyber-attack management computing device, the extracted threat data for any of the one or more current cyber-attacks which does not match the classified data associated with any of the plurality of prior cyber-attacks.
4. The method as set forth in claim 1 further comprising determining, by the processor of the security managementcomputing device, the calculated risk rating value for each of the one or more current cyber-attacks based on asset criticality and a probability of exploitation value for each asset associated with each of the one or more current cyber-attacks.

5. The method as set forth in claim 4 further comprising:
obtaining, by the processor of the cyber-attack management computing device, stored asset profile information on each asset associated with each of the one or more current cyber-attacks;
determining, by the processor of the cyber-attack management computing device, the asset criticality of each asset associated with each of the one or more current cyber-attacks based on the stored asset profile information on each asset associated with each of the one or more current cyber-attacks;
obtaining, by the processor of the cyber-attack management computing device, the probability of exploitation value of each asset associated with each of the one or more current cyber-attacks.
6. The method as set forth in claim 1 wherein the plurality of risk priorities comprises one of a high risk priority threshold, a medium risk priority threshold, or a low risk priority threshold
7. The method as set forth in claim 1 further comprising:
determining, by the processor of the cyber-attack management computing device, when one of the plurality of automated resolutions is not a match with one or more current cyber-attacks; and
outputting, by the processor of the cyber-attack management computing device, the one of the plurality of risk priorities and the retrieved classified data for each of the one or more current cyber-attacks determined not to have a match with one of the plurality of automated resolutions for generation of new resolution for the plurality of automated resolutions.
8. A cyber-attack management computing device comprising:
at least one processor; and
a memory coupled to the processor which is configured to be capable of executing programmed instructions comprising and stored in the memory to:
extract in real time threat data from received incident data on each of one or more current cyber-attacks from one or more security issue identification systems;
retrieve in real time classified data associated with one of a plurality of prior cyber-attacks based on the extracted threat data for each of the one or more current cyber-attacks from one or more security incident databases;
determine and provide in real time one of a plurality of risk priorities for each of the one or more current cyber-attacks based on a calculated risk rating value for each of the one or more current cyber-attacks.
9. The device as set forth in claim 8 wherein the processor coupled to the memory is further configured to be capable of executing at least one additional programmed instruction to:
identify one of a plurality of automated resolutions for each of the one or more current cyber-attacks based on the retrieved classified data; and
automatically execute the identified one of the plurality of automated resolutions for each of the one or more current cyber-attacks in an order based on the determined one of the plurality of risk priorities for each of one or more current cyber-attacks.
10. The device as set forth in claim 8 wherein the processor coupled to the memory is further configured to be capable of executing at least one additional programmed instruction to:
output the extracted threat data for any of the one or more current cyber-attacks which does not match the classified data associated with any of the plurality of prior cyber-attacks.
11. The device as set forth in claim 8 wherein the processor coupled to the memory is further configured to be capable of executing at least one additional programmed instruction to:
determine the calculated risk rating value for each of the one or more current cyber-attacks based on asset criticality and a probability of exploitation value for each asset associated with each of the one or more current cyber-attacks.

12. The device as set forth in claim 11 wherein the processor coupled to the memory is further configured to be capable of executing at least one additional programmed instruction to:
obtain stored asset profile information on each asset associated with each of the one or more current cyber-attacks;
determine the asset value of each asset associated with each of the one or more current cyber-attacks based on the stored asset profile information on each asset associated with each of the one or more current cyber-attacks;
obtain the probability of exploitation value of each asset associated with each of the one or more current cyber-attacks.
13. The device as set forth in claim 8 wherein the plurality of risk priorities comprises one of a high risk priority threshold, a medium risk priority threshold, or a low risk priority threshold
14. The device as set forth in claim 8 wherein the processor coupled to the memory is further configured to be capable of executing at least one additional programmed instruction to:
determine when one of the plurality of automated resolutions is not a match with one or more current cyber-attacks; and
output the one of the plurality of risk priorities and the retrieved classified data for each of the one or more current cyber-attacks determined not to have a match with one of the plurality of automated resolutions for generation of new resolution for the plurality of automated resolutions.
15. A non-transitory computer readable medium having stored thereon instructions for optimizing an automated determination in real-time of a risk rating and a resolution for a cyber-attack comprising executable code which when executed by a processor, causes the processor to perform steps comprising:
extracting in real time threat data from received incident data on each of one or more current cyber-attacks from one or more security issue identification systems;
retrieving in real time classified data associated with one of a plurality of prior cyber-attacks based on the extracted threat data for each of the one or more current cyber-attacks from one or more security incident databases;
determining and providing in real time one of a plurality of risk priorities for each of the one or more current cyber-attacks based on a calculated risk rating value for each of the one or more current cyber-attacks.
16. The medium as set forth in claim 15 further comprising:
identifying one of a plurality of automated resolutions for each of the one or more current cyber-attacks based on the retrieved classified data; and
automatically executing the identified one of the plurality of automated resolutions for each of the one or more current cyber-attacks in an order based on the determined one of the plurality of risk priorities for each of one or more current cyber-attacks.
17. The medium as set forth in claim 15 further comprising outputting the extracted threat data for any of the one or more current cyber-attacks which does not match the classified data associated with any of the plurality of prior cyber-attacks.
18. The medium as set forth in claim 15 further comprising determining the calculated risk rating value for each of the one or more current cyber-attacks based on asset criticality and a probability of exploitation value for each asset associated with each of the one or more current cyber-attacks.
19. The medium as set forth in claim 18 further comprising:
obtaining stored asset profile information on each asset associated with each of the one or more current cyber-attacks;
determining the asset value of each asset associated with each of the one or more current cyber-attacks based on the stored asset profile information on each asset associated with each of the one or more current cyber-attacks;
obtaining the probability of exploitation value of each asset associated with each of the one or more current cyber-attacks.
20. The medium as set forth in claim 15 wherein the plurality of risk priorities comprises one of a high risk priority threshold, a medium risk priority threshold, or a low risk priority threshold.
21. The medium as set forth in claim 15 further comprising:
determining when one of the plurality of automated resolutions is not a match with one or more current cyber-attacks; and
outputting the one of the plurality of risk priorities and the retrieved classified data for each of the one or more current cyber-attacks determined not to have a match with one of the plurality of automated resolutions for generation of new resolution for the plurality of automated resolutions.

Dated this 30th day of January, 2015
SHWETHA A CHIMALGI
OF K & S PARTNERS
AGENT FOR THE APPLICANTS ,TagSPECI:FIELD OF THE INVENTION
This technology generally relates to computer network security methods and devices and, more particularly, to methods that optimize an automated determination in real-time of a risk rating and a resolution for a cyber-attack and devices thereof.

Documents

Application Documents

# Name Date
1 470-CHE-2015 FORM-9 30-01-2015.pdf 2015-01-30
2 470-CHE-2015 FORM-18 30-01-2015.pdf 2015-01-30
3 abstract 470-CHE-2015.jpg 2015-02-06
4 470CHE2015_CertifiedCopyRequest.pdf ONLINE 2015-02-12
5 470-CHE-2015-Request For Certified Copy-Online(12-02-2015).pdf 2015-02-12
6 IP29965-spec.pdf 2015-03-12
7 IP29965-fig.pdf 2015-03-12
8 FORM 5-IP29965.pdf 2015-03-12
9 FORM 3-IP29965.pdf 2015-03-12
10 470CHE2015_CertifiedCopyRequest.pdf 2015-03-13
11 470-CHE-2015 FORM-1 24-07-2015.pdf 2015-07-24
12 470-CHE-2015 CORRESPONDENCE OTHERS 24-07-2015.pdf 2015-07-24
13 470-CHE-2015 POWER OF ATTORNEY 24-07-2015.pdf 2015-07-24
14 470-CHE-2015-FER.pdf 2019-11-18

Search Strategy

1 SearchStrategyMatrix_08-11-2019.pdf