Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

System and method for passive assessment of industrial perimeter security

A technology for network security and security assessment, applied in transmission systems, computer security devices, instruments, etc., can solve the problems of attack vectors and increased risks of malicious penetration

Active Publication Date: 2018-08-03
SIEMENS AG
View PDF3 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In other cases, network infrastructure and security configuration may be routinely controlled by a third-party IT managed service provider (MSP), with a contractual obligation to limit administrative access to its employees
This can make it difficult to connect through various firewalls, multilayer network switches, routers, etc.
[0005] Traditional network security assessment systems may also lack a mechanism to model the impact of recently disclosed vulnerabilities that take into account the exploitability of networks currently employing security configurations
In other words, although information about vulnerabilities and (offline) firewall configurations is available, there may not be any automated mechanism to correlate this information and warn asset owners about new attack vectors that may target existing Effective ACL execution attack
In addition to the above issues, taking a "periodic firewall configuration audit" approach often exposes the attack surface of a controlled industrial network environment
As exposure increases, so does the risk of attack vectors and malicious exfiltration

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for passive assessment of industrial perimeter security
  • System and method for passive assessment of industrial perimeter security
  • System and method for passive assessment of industrial perimeter security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] figure 1 A block diagram of a computer system 100 (hereinafter "computer 100") for practicing the embodiments described herein is shown. The methods described herein can be implemented in hardware, software (eg, firmware), or a combination thereof. In exemplary embodiments, the methods described herein are implemented in hardware and may be part of the microprocessor of a special purpose or general purpose digital computer, such as a personal computer, workstation, minicomputer or mainframe computer. Computer 100 may thus be implemented as a general purpose computer. In another exemplary embodiment, the methods described herein are implemented as part of a mobile device, such as a mobile phone, personal data assistant (PDA), tablet computer, or the like.

[0020] In an exemplary embodiment, in terms of hardware architecture, such as figure 1 As shown, computer 100 includes processor 101 . The computer 100 also includes a memory 102 coupled to the processor 101 and o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A computer-implemented method for assessing and managing network security for a network includes retrieving topology data and network traffic data with a processor, where the topology data is indicative of a topology of the network. The method may further include retrieving network flow data from a plurality of network data collectors via the processor, generating an attack tree based on the topology data and the network flow data via the processor, updating a customer model database with the attack tree and the topology data, and outputting a security assessment based on the attack tree and the topology data.

Description

Background technique [0001] The present disclosure relates to industrial security, and more particularly to passive assessment of industrial perimeter security. [0002] Industrial security service providers in industrial control system environments face multiple challenges when assessing the quality of the cybersecurity configuration employed. In particular, assessing the quality of access control lists (ACLs) employed in a network presents many challenges that may not provide a simplified security assessment if not handled properly. Challenges may arise because the quality of the employed ACLs may be observed differently on different network boundaries for different network regions. Gathering this information automatically presents many challenges. For example, industrial control system network environments often include multiple layers of switches, routers in a highly isolated environment, thus requiring physical connections to each layer for network traffic and configura...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F21/57
CPCG06F21/577H04L63/1433H04L41/12
Inventor 约翰·W·克劳福德莱安德罗·普夫勒格·德·阿吉亚尔曹子骍
Owner SIEMENS AG
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com