Dynamic vulnerability correlation
First Claim
1. A method of vulnerability filtering using one or more ontologies of rules, each of the ontologies comprising at least one rule hierarchy comprising one or more vulnerability or weakness scanning rules, the at least one rule hierarchy including priorities that are assigned to at least some of the vulnerability or weakness scanning rules, the method comprising:
- by a computer, attempting to execute a first one of the vulnerability or weakness scanning rules against a target remote computing device in an order based at least in part on the assigned priorities, producing at least one scan result;
based on the at least one scan result, determining that an attempt to execute the first one of the vulnerability or weakness scanning rules against the target remote computing device was unsuccessful; and
based on the determining, not executing a scanning rule in the rule hierarchy having a lower assigned priority than the first scanning rule against the target remote computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods are disclosed for performing dynamic vulnerability correlation suitable for use in enterprise information technology (IT) environments, including vulnerability filtering, patch correlation, and vulnerability paring. According to one disclosed embodiment, a method of vulnerability filtering includes attempting to execute vulnerability scanning rules according to a specified order in a rule hierarchy, and depending on the type of the rule hierarchy and on whether the attempt was successful, not executing additional rules in the rule hierarchy. In another disclosed embodiment, a method of patch correlation includes executing vulnerability scanning rules based on a correlation associations including, if a particular vulnerability is detected, then not executing other correlated scanning rules for a particular software patch. In another disclosed embodiment, a method of vulnerability paring includes defining a plurality of patch milestones for a software product and scanning a target computer for vulnerabilities associated with a current installed patch.
-
Citations
26 Claims
-
1. A method of vulnerability filtering using one or more ontologies of rules, each of the ontologies comprising at least one rule hierarchy comprising one or more vulnerability or weakness scanning rules, the at least one rule hierarchy including priorities that are assigned to at least some of the vulnerability or weakness scanning rules, the method comprising:
-
by a computer, attempting to execute a first one of the vulnerability or weakness scanning rules against a target remote computing device in an order based at least in part on the assigned priorities, producing at least one scan result; based on the at least one scan result, determining that an attempt to execute the first one of the vulnerability or weakness scanning rules against the target remote computing device was unsuccessful; and based on the determining, not executing a scanning rule in the rule hierarchy having a lower assigned priority than the first scanning rule against the target remote computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for analyzing vulnerabilities in a networked environment, the system comprising:
-
one or more processors; memory; a network interface coupled to the one or more processors and configured to scan one or more computers accessible using the network interface; and one or more non-transitory computer-readable storage media storing computer-readable instructions that, when executed by the one or more processors, cause the one or more processors to perform a method of scanning the one or more remote computers according to a scanning rule hierarchy comprising a plurality of scanning rules, the instructions comprising; instructions to attempt to execute two or more branches of the vulnerability scanning rule hierarchy against the one or more remote computers, each of the branches comprising a portion of the vulnerability scanning rules ordered based at least in part on assigned priorities, producing at least one vulnerability scanning rule execution result, instructions to, based on the at least one vulnerability scanning rule execution result, determine that an attempt to execute at least one vulnerability scanning rule associated with the at least one vulnerability scanning rule execution result against the one or more remote computers was unsuccessful, and instructions to, based on the determination, not execute a respective portion of vulnerability scanning rules in one or more branches of the vulnerability scanning rule hierarchy, having a lower assigned priority than the at least one vulnerability scanning rule associated with the at least one vulnerability scanning rule execution result, against the one or more remote computers. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. One or more computer-readable storage media storing computer-readable instructions that, when executed by a computer, cause the computer to perform a method of scanning one or more target remote computers according to a rule hierarchy comprising a plurality of vulnerability or weakness scanning rules, the instructions comprising:
-
instructions to attempt to execute a first one of the vulnerability or weakness scanning rules to scan the one or more target remote computers using the network interface in an order based at least in part on priorities assigned according to the rule hierarchy comprising the plurality of the vulnerability or weakness scanning rules, producing at least one scan result, instructions to, based on the at least one scan result, determine that the attempt to execute the first one of the vulnerability or weakness scanning rules was unsuccessful, and instructions to, based on the determination, not execute a vulnerability or weakness scanning rule in the rule hierarchy having a different assigned priority than the first vulnerability or weakness scanning rule against the one or more target remote computers. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification