| CPC H04L 63/1433 (2013.01) [G06F 8/65 (2013.01); G06N 5/04 (2013.01); G06N 7/01 (2023.01); G06N 20/00 (2019.01); G06Q 10/0635 (2013.01); G06Q 10/0637 (2013.01); G06Q 10/10 (2013.01); H04L 63/102 (2013.01); H04L 63/20 (2013.01); G06F 3/0481 (2013.01); G06F 3/0484 (2013.01)] | 20 Claims |
|
1. A system, comprising:
one or more hardware processors with associated memory that implement a remediation planning system, configured to:
determine, using an exploitability risk model trained according to a machine learning technique, a risk score of a set of machines for an attack based on characteristics data of the set of machines;
determine a set of candidate remediation plans to reduce the risk score;
apply the candidate remediation plans to the characteristics data to generate updated instances of the characteristics data, wherein the application simulates performance of the candidate remediation plans on the set of machines without performing the candidate remediation plans on the set of machines;
determine, using the exploitability risk model and based on the updated instances of characteristics data, updated risk scores of the set of machines after the simulated performance of respective ones of the candidate remediation plans;
generate output via a graphical user interface (GUI) of the remediation planning system, wherein the GUI indicates, the attack, the risk score, the candidate remediation plans, the updated risk scores, and a ranking of the candidate remediation plans determined based at least in part on the updated risks scores; and
responsive to user selection of one of the candidate remediation plans received via the GUI, generate a workflow to perform the one candidate remediation plan on the set of machines.
|