Cyberinfrastructures are becoming larger and more complex, and it is increasingly challenging to assess for potential attacks and activate the appropriate defences. Attack graphs have been proven as a promising tool for risk assessment, but they also face the challenge of scalability. This paper proposes DefenceRank, an adaptation of Google's PageRank algorithm, to analyze large attack graphs and prioritize defences with low complexity. It incorporates the difficulty of the attack steps through the time-to-compromise parameter, the capabilities of the attack steps and the vulnerability of the assets. The proposed DefenceRank is evaluated on various realistic attack graphs. The results show that it achieves a reasonably high level of accuracy compared to optimal defence selection, while its time complexity increases polynomially with the size of the attack graph and remains in the order of seconds even for very large graphs and a large set of defences. In conclusion, DefenceRank demonstrates a viable alternative for the security assessment of cyberinfrastructures represented by attack graphs.