METHOD AND APPARATUS FOR AUTOMATING THREAT MODEL GENERATION AND PATTERN IDENTIFICATION

摘要

A method and system for automating threat model generation and pattern identification for an application includes identifying components of an application, and receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats. The method further receives an identification of external events, and receiving first patterns from one or more first virtual assets. A database is populated with the first patterns and the external events and then second patterns are received and compared to the first patterns. The method and system include distributing the identification of the one of the external events to the one or more second virtual assets, if the second patterns are similar to the first patterns, according to one embodiment.

主权项

1. A computing system implemented method for automating threat model generation and pattern identification for an application of an asset of a service provider, comprising:
identifying, with a first computing environment, components of the application, wherein ones of the components perform at least one of receiving, transferring, and transmitting information for the application, wherein the asset includes a second computing environment provided by the service provider and configured to make the application publically available through one or more networks; identifying, by at least one virtual asset of the first computing environment, one or more security threats and populating a threat model library with data regarding the identified security threats; receiving security information, for at least some of the components, that identifies whether measures were taken within the application to secure the application against one or more of the security threats of the threat model library, the threat model library further including one or more patterns, the patterns representing one or more first operational characteristics of the first virtual asset, wherein patterns of the threat model library are associated with at least one external event; determining that the measures sufficiently address security risks associated with the security threats of the threat model library, including: transmitting first queries to a third computing environment that are related to the security information, wherein the third computing environment is a different computing environment than the first and second computing environments; receiving responses from the third computing environment to the first queries related to the security information; transmitting subsequent queries to the third computing environment in response to and based at least in part on content of the responses to the first queries; receiving a second virtual asset pattern from a second virtual asset, the received second virtual asset pattern representing one or more second operational characteristics of the second virtual asset; identifying, by comparing the second virtual asset pattern to one or more patterns of the threat model library, at least one external event; and distributing data of the identified at least one external events to the one or more second virtual assets, if the second pattern is similar or equal to a compared pattern.