| CPC H04L 63/1416 (2013.01) [H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01)] | 19 Claims |
|
1. A method comprising:
receiving, using one or more computing device processors, attack kill chain data, the attack kill chain data comprising first steps for executing an attack campaign associated with one or more assets associated with a computing device;
parsing, using the one or more computing device processors, the attack kill chain data to determine one or more attack execution operations for executing the attack campaign associated with the one or more assets associated with the computing device, wherein the parsing includes determining the one or more attack execution operations based on vulnerability data associated with the one or more attack execution operations or an availability of a security patch associated with the one or more attack execution operations;
determining, using the one or more computing device processors, based on the parsing, one or more remediation operations corresponding to the one or more attack execution operations;
sequencing, using the one or more computing device processors, the one or more remediation operations, the one or more remediation operations comprising second steps for remediating the attack campaign associated with the one or more assets associated with the computing device, wherein the second steps for remediating the attack campaign are executable using one or more functions of a security system; and
initiating generation of, using the one or more computing device processors, a visual representation of the one or more remediation operations, the visual representation indicating a sequence of the one or more remediation operations for remediating the attack campaign associated with the one or more assets associated with the computing device.
|