| CPC H04L 63/1433 (2013.01) [H04L 63/1441 (2013.01)] | 24 Claims |
|
1. A computer-implemented method for mitigating risk in an enterprise network based on analytical attack graphs (AAGs), each AAG representative of potential lateral movement within the enterprise network, the method being executed by one or more processors and comprising:
receiving data representative of two or more AAGs, each AAG comprising a first set of nodes, a second set of nodes, a third set of nodes, a first set of edges, and a second set of edges, the first set of nodes comprising configuration nodes, each configuration node representing a configuration of a component of the enterprise network, the second set of nodes comprising rule nodes, each rule node representing a method available to an attacker of the enterprise network to move between components of the enterprise network, the third set of nodes comprising impact nodes, each impact node representing a result of one or more attack methods, the first set of edges comprising edges between configuration nodes and rule nodes that represent logical AND, the second set of edges comprising edges between rule nodes and impact nodes that represent logical OR;
providing an identifier for each element of each of the two or more AAGs, each identifier being unique within a respective AAG, at least one identifier being non-unique between the two or more AAGs;
determining an attribute value for each element of each of the two or more AAGs;
storing attribute value to element mappings in an attribute dictionary;
providing a differenced AAG based on the attribute value to element mappings in the attribute dictionary;
determining a set of remedial actions at least partially based on the differenced AAG; and
executing one or more remedial actions in the set of remedial actions to reduce a cyber security risk to the enterprise network.
|