| CPC H04L 41/0866 (2013.01) [H04L 41/0816 (2013.01); H04L 41/0886 (2013.01); H04L 41/0893 (2013.01)] | 15 Claims |
|
1. A method comprising:
receiving configuration settings from a cloud service resource using an application programming interface;
determining a resource risk score, a first tactic risk score, a first plurality of technique risk scores, a second tactic risk score, and a second plurality of technique risk scores, wherein the resource risk score is based on the first tactic risk score and the second tactic risk score, wherein the first tactic risk score is based on the first plurality of technique risk scores, wherein the second tactic risk score is based on the second plurality of technique risk scores, wherein each of the first plurality of technique risk scores is based on a corresponding subset of a set of policy scores, wherein each of the second plurality of technique risk scores is based on a corresponding subset of the set of policy scores, and wherein each of the set of policy scores is based on compliance of the configuration settings with a corresponding setting; and
selecting a first tactic based on the first tactic risk score being worse than the second tactic risk score, selecting a technique of the first tactic based on the technique corresponding to a worst of the first plurality of technique risk scores, and remediating a configuration setting corresponding to the technique,
wherein each of the first tactic risk score and the second tactic risk score reflects a risk of a corresponding tactic that can be used to attack a resource, and
wherein each of the first plurality of technique risk scores and the second plurality of technique risk scores reflects a risk of a corresponding technique that can be used to perform a corresponding tactic in attacking a resource.
|