EXTRACTING PROCESS AWARE ANALYTICAL ATTACK GRAPHS THROUGH LOGICAL NETWORK ANALYSIS

摘要

Methods, systems, and computer-readable storage media for receiving a AAG from computer-readable memory, generating from logical network ontology data, asset inventory data, and asset communication data, a logical topology of the enterprise network as a computer-readable data structure, defining, at least partially by executing community detection over the logical topology, a sub-set of groups within the enterprise network, each group representing a process of a plurality of process, each process being at least partially executed by one or more assets within the enterprise network, processing the AAG based on the sub-set of groups and data from one or more contextual data sources to provide the process aware AAG, the process aware AAG defining a mapping between an infrastructure-layer of the enterprise network and a process-layer of the enterprise network, and executing one or more remedial actions in the enterprise network in response to analytics executed on the process aware AAG.