| CPC H04L 63/1433 (2013.01) [G16Y 30/10 (2020.01); H04L 63/1408 (2013.01); H04L 63/1425 (2013.01); H04W 4/02 (2013.01)] | 18 Claims |
|
1. A method for determining and using a security risk score for devices on a network associated with an entity, the method comprising:
searching the network to automatically identify one or more devices associated with one or more potential security risks;
collecting a first set of data from the one or more devices, the first set of data comprising at least one of a device configuration, an Internet Protocol (IP) address, a Medium Access Control (MAC) address, or data related to software operated on the one or more devices;
collecting a second set of data from an external data source selected from a group consisting of an IoT search engine, a vulnerability management database, a threat intelligence feed, an exploit feed, a social media feed, a bill of material, and a network discovery, the second set of data including risk data;
comparing the second set of data to the first set of data to evaluate a potential security risk and determine a risk score for the one or more devices; and
using the risk score to perform an automated action comprising at least one of (i) providing an alert to a user identifying the potential security risk, (ii) generating a dashboard identifying the potential security risk, or (iii) initiating a corrective action responsive to the potential security risk based on the risk score.
|