公开(公告)号：US20220394055A1

公开(公告)日：2022-12-08

申请号：US17832449

申请日：2022-06-03

申请人： RiskSense, Inc.

发明人： Srinivas Mukkamala ,  Taylor Wong

IPC分类号： H04L9/40

摘要： An embodiment includes a method of application vulnerability assessment and prioritization. The method includes ingesting modelling data from data sources for application vulnerabilities. The method includes transforming at least a portion of the modelling data to covariate vectors. The method includes extracting keywords and phrases from the modelling data and statistically measuring relevance of files of the modelling data based on the extracted keywords and phrases. The method includes generating threat levels of the application vulnerabilities based on the covariate vectors and the measured relevance. The method includes outputting the threat levels to a network management system. The method includes implementing, at a first endpoint device of the network, a first patch to address one of the application vulnerabilities.

公开(公告)号：US11050778B2

公开(公告)日：2021-06-29

申请号：US16932546

申请日：2020-07-17

申请人： RiskSense, Inc.

发明人： Anand Paturi ,  Srinivas Mukkamala ,  Caleb Hightower

IPC分类号： H04L29/06 ,  G06F21/54 ,  H04L29/08 ,  G06F21/57 ,  G06N5/04 ,  G06F16/958 ,  G06Q30/00 ,  G06N5/02 ,  G06N20/00 ,  G06F16/901 ,  G06Q10/10 ,  G06K9/62 ,  G06N7/00

摘要： An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences. Stochastic probabilistic measures are preferably applied to a knowledge base for predicting malicious user actions in real time.

公开(公告)号：US11190538B2

公开(公告)日：2021-11-30

申请号：US16963105

申请日：2019-01-18

申请人： RiskSense, Inc.

发明人： Anand Paturi ,  Srinivas Mukkamala

IPC分类号： H04L9/00 ,  H04L29/06 ,  G06N5/04 ,  G06F16/958 ,  G06F21/54 ,  G06Q30/00 ,  H04L29/08 ,  G06N5/02 ,  G06N20/00 ,  G06F16/901 ,  G06Q10/10 ,  G06K9/62 ,  G06N7/00 ,  G06F21/57

摘要： An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences. Stochastic probabilistic measures are preferably applied to a knowledge base for predicting malicious user actions in real time.

公开(公告)号：US20200351298A1

公开(公告)日：2020-11-05

申请号：US16932546

申请日：2020-07-17

申请人： RiskSense, Inc.

发明人： Anand Paturi ,  Srinivas Mukkamala ,  Caleb Hightower

IPC分类号： H04L29/06 ,  G06N5/04

摘要： An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences. Stochastic probabilistic measures are preferably applied to a knowledge base for predicting malicious user actions in real time.