Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security

摘要

Real time security, integrity, and reliability postures of operational (OT), information (IT), and security (ST) systems, as well as slower changing security and operational blueprint, policies, processes, and rules governing the enterprise security and business risk management process, dynamically evolve and adapt to domain, context, and situational awareness, as well as the controls implemented across the operational and information systems that are controlled. Embodiments of the invention are systematized and pervasively applied across interconnected, interdependent, and diverse operational, information, and security systems to mitigate system-wide business risk, to improve efficiency and effectiveness of business processes and to enhance security control which conventional perimeter, network, or host based control and protection schemes cannot successfully perform.

主权项

1. A method for analyzing and mitigating risks and enhancing cyber security throughout enterprise-wide operational technology (OT) systems and information technology (IT) systems supporting business processes of an enterprise, and other information processing needs of said enterprise, and security technology (ST) networks to maintain a high level of security, comprising:
identifying within said networks a plurality of monitored and controlled elements (MCEs); providing pervasive business risk and security monitoring and control capabilities that adapt to evolving situational intelligence and existing control postures of target systems, subsystems, and elements at a plurality of hierarchical levels of said networks; wherein said pervasive security monitoring and control capabilities are self-similar structurally, pervasive functionally, adaptive across various time scales, and relational analytically based on domain knowledge of physical operational and IT systems, operating rules, business processes and compliance policies; monitoring real-time conditions and activities on said network elements, as well as elements of underlying enterprise business processes that are affected if and when security of an element is breached or business processes compromised; and adapting said security monitoring and control capabilities at selected hierarchical levels and at selected time scales in response to enterprise situational knowledge that is relevant to said OT, IT, and ST networks, as well as subsystems and elements of said networks with regard to underlying business processes; wherein said situational knowledge comprising any of situational changes, control implementations, and adjustments thereof, and other transitions in any of said OT systems, said IT systems, and a security threat environment; and wherein said hierarchical levels range from an entire enterprise-wide network at a highest level to a single transaction at a lowest level; wherein said enterprise comprises:
an enterprise-wide computer network;a plurality of computers in said network organized into clusters;wherein each cluster comprises one or more computers designated as a server or client;wherein said computers within each cluster may communicate with each other through various physical network configurations and logical messaging structures, such as an enterprise service bus (ESB) dedicated to that cluster;wherein a communication and messaging structure of a cluster is connected to a communication and messaging structure of another cluster to facilitate inter-cluster communications;wherein each such communication and messaging structure is connectable to the global Internet either directly or indirectly through enterprise-wide networks and gateways interconnecting various ESBs;wherein a computer (server or client) comprises any of a real computer and a virtual computer;wherein a computer comprises a plurality of peripheral devices for functions which comprise any of input, output, communication, and data storage; andwherein each computer is adapted to host a plurality of computer programs which interact with each other through messages;wherein each and every interaction of each MCE in said enterprise-wide network is associated with a corresponding message in said IT system; and wherein promiscuous listening in time and space and deep message inspection and analysis is applied to assign to each interaction a confidence measure which, in turn, is used to adjust a control posture over a next security cycle.