| CPC H04L 63/1433 (2013.01) [G06N 5/022 (2013.01); G06N 7/01 (2023.01)] | 18 Claims |
|
1. A computer-implemented method for reducing cybersecurity risk in enterprise networks, comprising:
obtaining data representing observed conditions in an enterprise network, each observed condition being associated with at least one cybersecurity issue, wherein a cybersecurity issue comprises one of (i) a vulnerability comprising an instance of a vulnerable condition or (ii) a weakness that is likely to cause a vulnerability to occur;
using a plurality of exploitation prediction models to determine probabilities of exploitation of the cybersecurity issues associated with the observed conditions in the enterprise network, wherein the plurality of exploitation prediction models are trained using a knowledge mesh generated using data from one or more cybersecurity repositories;
assigning a priority ranking to each of the observed conditions in the enterprise network based on the respective probabilities of exploitation for the cybersecurity issues associated with the observed conditions; and
performing one or more actions to mitigate the observed conditions in the enterprise network based on the respective priority rankings,
wherein the observed conditions include a first condition that is associated with a first vulnerability and is associated with a first weakness, further comprising:
obtaining output from a first model indicating a first probability of exploitation for the first vulnerability;
obtaining output from a second model indicating a second probability of exploitation for the first weakness; and
assigning a priority ranking to the first condition based on at least one of the first probability of exploitation for the first vulnerability and the second probability of exploitation for the first weakness.
|