| CPC H04L 63/1433 (2013.01) [G06F 8/65 (2013.01); H04L 63/102 (2013.01); H04L 63/104 (2013.01); H04L 63/1441 (2013.01)] | 30 Claims |
|
1. A method, performed by a server system for determining a risk assessment for a collection of machines coupled to the server system via one or more communication networks, the method comprising:
receiving by the server system via one or more communication interfaces, for each endpoint machine of a plurality of machines in the collection of machines, endpoint risk information, wherein each endpoint machine of the plurality of machines has an assigned importance rating;
for each vulnerability in a predefined set of vulnerabilities, calculating by the server system for each particular endpoint machine of the plurality of machines:
a direct vulnerability risk score for the particular endpoint machine, based on the received endpoint risk information for the particular endpoint machine; and
a derivative vulnerability risk score, based on the direct vulnerability risk score for the particular endpoint machine and lateral movement values for the particular endpoint machine, wherein each lateral movement value for the particular endpoint machine corresponds to a number of logically coupled machines that are logically coupled to the particular endpoint machine via lateral movement that comprises access to the particular endpoint machine via one or more other machines in the collection of machines using administrative rights that enable access by users of said one or more other machines in the collection of machines to the particular endpoint machine; and
sorting the vulnerabilities, in the predefined set of vulnerabilities, based at least in part on the derivative vulnerability risk scores, corresponding to those vulnerabilities, for the endpoint machines of the plurality of machines, so as to identify security risks in the collection of machines.
|