US 11,991,214 B2
System and method for self-adjusting cybersecurity analysis and score generation
Jason Crabtree, Vienna, VA (US); and Andrew Sellers, Monument, CO (US)
Assigned to QOMPLX LLC, Reston, VA (US)
Filed by QOMPLX, LLC, Reston, VA (US)
Filed on Mar. 9, 2023, as Appl. No. 18/181,539.
Application 18/181,539 is a continuation of application No. 17/363,083, filed on Jun. 30, 2021, granted, now 11,637,869.
Application 17/363,083 is a continuation of application No. 16/837,551, filed on Apr. 1, 2020, granted, now 11,070,592, issued on Jul. 20, 2021.
Application 16/837,551 is a continuation in part of application No. 16/777,270, filed on Jan. 30, 2020, granted, now 11,025,674, issued on Jun. 1, 2021.
Application 16/777,270 is a continuation in part of application No. 16/720,383, filed on Dec. 19, 2019, granted, now 10,944,795, issued on Mar. 9, 2021.
Application 16/720,383 is a continuation of application No. 15/823,363, filed on Nov. 27, 2017, granted, now 10,560,483, issued on Feb. 11, 2020.
Application 16/837,551 is a continuation in part of application No. 15/818,733, filed on Nov. 20, 2017, granted, now 10,673,887, issued on Jun. 2, 2020.
Application 15/818,733 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/823,363 is a continuation in part of application No. 15/725,274, filed on Oct. 4, 2017, granted, now 10,609,079, issued on Mar. 31, 2020.
Application 15/725,274 is a continuation in part of application No. 15/655,113, filed on Jul. 20, 2017, granted, now 10,735,456, issued on Aug. 4, 2020.
Application 15/655,113 is a continuation in part of application No. 15/616,427, filed on Jun. 7, 2017, abandoned.
Application 15/616,427 is a continuation in part of application No. 15/237,625, filed on Aug. 15, 2016, granted, now 10,248,910, issued on Apr. 2, 2019.
Application 15/237,625 is a continuation in part of application No. 15/206,195, filed on Jul. 8, 2016, abandoned.
Application 15/206,195 is a continuation in part of application No. 15/186,453, filed on Jun. 18, 2016, abandoned.
Application 15/186,453 is a continuation in part of application No. 15/166,158, filed on May 26, 2016, abandoned.
Application 15/166,158 is a continuation in part of application No. 15/141,752, filed on Apr. 28, 2016, granted, now 10,860,962, issued on Dec. 8, 2020.
Application 15/141,752 is a continuation in part of application No. 15/091,563, filed on Apr. 5, 2016, granted, now 10,204,147, issued on Feb. 12, 2019.
Application 15/091,563 is a continuation in part of application No. 14/986,536, filed on Dec. 31, 2015, granted, now 10,210,255, issued on Feb. 19, 2019.
Application 14/986,536 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Application 15/616,427 is a continuation in part of application No. 14/925,974, filed on Oct. 28, 2015, abandoned.
Prior Publication US 2023/0283642 A1, Sep. 7, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/2458 (2019.01); G06F 16/951 (2019.01)
CPC H04L 63/20 (2013.01) [G06F 16/2477 (2019.01); G06F 16/951 (2019.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01)] 2 Claims
OG exemplary drawing
 
1. A system for self-adjusting cybersecurity analysis and rating based on heterogeneous data and reconnaissance, comprising:
a computing device comprising a memory, a processor, and a network interface;
an automated planning service module, comprising a first plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to periodically or continuously establish a score for one or more of the following aspects of cybersecurity analysis by:
defining a target network and assigning it an Internet reconnaissance score;
collecting domain name system leak information by identifying improper network configurations in the internet protocol addresses and subdomains of the target network, and assigning a domain name system leak information score;
analyzing web applications used by within target network to identify vulnerabilities in the web applications that could allow unauthorized access to the target network, and assigning a web application security score;
searching social media networks for information of concern related to personnel present within the target network, and assigning a social network score;
conducting a scan of the target network for open TCP/UDP ports, and assigning an open port score;
identifying leaked credentials associated with the target network that are found to be disclosed in previous breach incidents, and assigning a credential score;
checking version and update information for hardware and software systems within the target network, and assigning a patching frequency score; and
performing an Internet search to identify references to content of interest, and assigning an open-source intelligence score; and
a cybersecurity scoring engine comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to:
compute a composite cybersecurity score by combining, via a model, each of the Internet reconnaissance score, the domain name system leak information score, the web application security score, the social network score, the open port score, the credential score, the patching frequency score, and the open-source intelligence score into a single score;
when the composite cybersecurity score falls below a threshold score, coordinate with a task scheduling engine to effectuate a specific change impacting the target network to raise the composite cybersecurity score, thereby establishing a continuous feedback loop to maintain the system's composite cybersecurity score above the threshold value.