Real-time evaluation of impact- and state-of-compromise due to vulnerabilities described in enterprise threat detection security notes

US 10,102,379 B1
Filed: 06/30/2017
Issued: 10/16/2018
Est. Priority Date: 06/30/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

accessing published enterprise threat detection (ETD) security notes in a computer data store;

determining applicability of the published ETD security notes for an information technology computing (IT) landscape;

determining that a particular applicable ETD security note has not yet been implemented in the IT computing landscape;

analyzing aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note; and

performing a computing system patching action based on the aggregated IoC and SoC values.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Published enterprise threat detection (ETD) security notes are accessed in a computer data store. Applicability of the published ETD security notes are determined for an information technology computing (IT) landscape. A determination is made that a particular applicable ETD security note has not yet been implemented in the IT computing landscape. Aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note are analyzed and a computing system patching action is performed based on the aggregated IoC and SoC values.

44 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- accessing published enterprise threat detection (ETD) security notes in a computer data store;
  
  determining applicability of the published ETD security notes for an information technology computing (IT) landscape;
  
  determining that a particular applicable ETD security note has not yet been implemented in the IT computing landscape;
  
  analyzing aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note; and
  
  performing a computing system patching action based on the aggregated IoC and SoC values.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the ETD security notes are published according to a define timeframe or as-needed based on the criticality of a security issue.
  - 3. The computer-implemented method of claim 1, wherein each particular ETD security note is applicable to a particular component associated with one or more computing systems in the information technology landscape.
  - 4. The computer-implemented method of claim 3, wherein the analyzed aggregated IoC and SoC values are calculated based on individual IoC and SoC values, respectively, associated with each computing system in the IT computing landscape containing the particular component.
  - 5. The computer-implemented method of claim 1, wherein the computing system patching action is performed immediately or as soon as reasonably practicable because the IoC and SoC values indicate a critical security risk to the computing systems of the IT computing landscape.
  - 6. The computer-implemented method of claim 1, wherein the computing system patching action is scheduled for an appropriate time because the IoC and SoC values indicate a low security risk to the computing systems of the IT computing landscape.
  - 7. The computer-implemented method of claim 1, further comprising:
    - processing another applicable ETD security note based on a determination that additional applicable ETD security notes are available;
      
      ordetermining whether new ETD security notes have been published based on a determination that no additional applicable ETD security notes are available to process.

8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- accessing published enterprise threat detection (ETD) security notes in a computer data store;
  
  determining applicability of the published ETD security notes for an information technology computing (IT) landscape;
  
  determining that a particular applicable ETD security note has not yet been implemented in the IT computing landscape;
  
  analyzing aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note; and
  
  performing a computing system patching action based on the aggregated IoC and SoC values.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, computer-readable medium of claim 8, wherein the ETD security notes are published according to a define timeframe or as-needed based on the criticality of a security issue.
  - 10. The non-transitory, computer-readable medium of claim 8, wherein each particular ETD security note is applicable to a particular component associated with one or more computing systems in the information technology landscape.
  - 11. The non-transitory, computer-readable medium of claim 10, wherein the analyzed aggregated IoC and SoC values are calculated based on individual IoC and SoC values, respectively, associated with each computing system in the IT computing landscape containing the particular component.
  - 12. The non-transitory, computer-readable medium of claim 8, wherein the computing system patching action is performed immediately or as soon as reasonably practicable because the IoC and SoC values indicate a critical security risk to the computing systems of the IT computing landscape.
  - 13. The non-transitory, computer-readable medium of claim 8, wherein the computing system patching action is scheduled for an appropriate time because the IoC and SoC values indicate a low security risk to the computing systems of the IT computing landscape.
  - 14. The non-transitory, computer-readable medium of claim 8, further comprising one or more instructions to:
    - process another applicable ETD security note based on a determination that additional applicable ETD security notes are available;
      
      ordetermine whether new ETD security notes have been published based on a determination that no additional applicable ETD security notes are available to process.

15. A computer-implemented system, comprising:
- a computer memory; and
  
  a hardware processor interoperably coupled with the computer memory and configured to perform operations comprising;
  
  accessing published enterprise threat detection (ETD) security notes in a computer data store;
  
  determining applicability of the published ETD security notes for an information technology computing (IT) landscape;
  
  determining that a particular applicable ETD security note has not yet been implemented in the IT computing landscape;
  
  analyzing aggregated impact of compromise (IoC) and state of compromise (SoC) values associated with the published ETD security note; and
  
  performing a computing system patching action based on the aggregated IoC and SoC values.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented system of claim 15, wherein the ETD security notes are published according to a define timeframe or as-needed based on the criticality of a security issue.
  - 17. The computer-implemented system of claim 15, wherein each particular ETD security note is applicable to a particular component associated with one or more computing systems in the information technology landscape.
  - 18. The computer-implemented system of claim 17, wherein the analyzed aggregated IoC and SoC values are calculated based on individual IoC and SoC values, respectively, associated with each computing system in the IT computing landscape containing the particular component.
  - 19. The computer-implemented system of claim 15, wherein:
    - the computing system patching action is performed immediately or as soon as reasonably practicable because the IoC and SoC values indicate a critical security risk to the computing systems of the IT computing landscape;
      
      orthe computing system patching action is scheduled for an appropriate time because the IoC and SoC values indicate a low security risk to the computing systems of the IT computing landscape.
  - 20. The computer-implemented system of claim 15, further configured to:
    - process another applicable ETD security note based on a determination that additional applicable ETD security notes are available;
      
      ordetermine whether new ETD security notes have been published based on a determination that no additional applicable ETD security notes are available to process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Seifert, Hartwig, Zhang, Nan, Mehta, Harish, Chrosziel, Florian, Dinkova, Hristina, Kunz, Thomas, Luo, Lin, Merkel, Rita, Peng, Wei-Guo, Pritzkau, Eugen, Rodeck, Marco
Primary Examiner(s)
Williams, Jeffery

Application Number

US15/639,860
Time in Patent Office

473 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 8/65   Updates security arrangemen...

Real-time evaluation of impact- and state-of-compromise due to vulnerabilities described in enterprise threat detection security notes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time evaluation of impact- and state-of-compromise due to vulnerabilities described in enterprise threat detection security notes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links