US 12,273,367 B2
Correlated risk in cybersecurity
Ethan Geil, Concord, MA (US); and Marc Light, Somerville, MA (US)
Assigned to BitSight Technologies, Inc., Boston, MA (US)
Filed by BitSight Technologies, Inc., Boston, MA (US)
Filed on Aug. 4, 2023, as Appl. No. 18/365,384.
Application 18/365,384 is a continuation of application No. 17/179,630, filed on Feb. 19, 2021, granted, now 11,770,401.
Application 17/179,630 is a continuation of application No. 16/795,056, filed on Feb. 19, 2020, granted, now 10,931,705, issued on Feb. 23, 2021.
Application 16/795,056 is a continuation of application No. 16/292,956, filed on Mar. 5, 2019, granted, now 10,594,723, issued on Mar. 17, 2020.
Application 16/292,956 is a continuation of application No. 15/918,286, filed on Mar. 12, 2018, granted, now 10,257,219, issued on Apr. 9, 2019.
Prior Publication US 2023/0396644 A1, Dec. 7, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/2457 (2019.01); G06F 16/28 (2019.01); G06F 16/901 (2019.01); G06F 17/18 (2006.01); G06F 21/57 (2013.01)
CPC H04L 63/1433 (2013.01) [G06F 16/24578 (2019.01); G06F 16/288 (2019.01); G06F 16/9024 (2019.01); G06F 21/577 (2013.01); H04L 63/1408 (2013.01); G06F 17/18 (2013.01); G06F 2221/034 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A computer-implemented method for quantifying correlated risk in a network of a plurality of assets having at least one dependency, each asset belonging to at least one entity, the method comprising:
executing a plurality of Monte Carlo simulations over a dependency graph that is based on relationships between the plurality of assets, the at least one dependency, and the at least one entity, wherein each of the plurality of Monte Carlo simulations executes by:
generating a seed event in the dependency graph, the seed event having a probability distribution; and
propagating disruption through the dependency graph based on the seed event; and
terminating the respective Monte Carlo simulation when a threshold amount of loss is aggregated among two or more assets of the plurality of assets affected by the disruption is exceeded;
assessing, based on the plurality of Monte Carlo simulations, a loss for each asset of the plurality of assets; and
aggregating the losses for the two or more assets of the plurality of assets to determine correlated risk in the network,
wherein the dependency graph comprises (i) a plurality of edges representing the relationships between the plurality of assets, the at least one dependency, and the at least one entity and (ii) a plurality of nodes representing the plurality of assets, the at least one dependency, and the at least one entity, and
wherein each edge has a conditional probability that the asset on a receiving node of a particular edge, of the plurality of edges, is compromised given that a providing node, of the plurality of nodes, is compromised.