Vulnerability exposing application characteristic variation identification engine
First Claim
1. A system for exposing application vulnerability, the system comprising:
- a memory device with computer-readable program code stored thereon;
a communication device;
a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to;
compile, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database;
examine information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications;
generate a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications;
identify application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements;
present to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics;
generate an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and
present on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the invention are directed to a system, method, or computer program product for an engine for exposing vulnerability within applications based on application characteristic identification. In this way, the engine identifies existing data sets that aid in understanding the possible privacy vulnerabilities associated with technologies such as applications, operated by an entity. The engine comprises dials and levers that allow for prioritization visualization of vulnerabilities critical to a particular portion of the entity. In this way, a user can drive the application engine allowing them to narrow the focus on any number of variations of application characteristics including, but not limited to types of vulnerabilities, status of the vulnerabilities, critical applications, regulated applications, vulnerabilities, business continuity and/or accessibility to the applications.
30 Citations
17 Claims
-
1. A system for exposing application vulnerability, the system comprising:
-
a memory device with computer-readable program code stored thereon; a communication device; a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to; compile, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database; examine information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications; generate a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications; identify application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements; present to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics; generate an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and present on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product for exposing application vulnerability, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising:
A system for exposing application vulnerability, the system comprising; a memory device with computer-readable program code stored thereon; a communication device; a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to; an executable portion configured for compiling, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database; an executable portion configured for examining information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications; an executable portion configured for generating a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications; an executable portion configured for identifying application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements; an executable portion configured for presenting to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics; an executable portion configured for generating an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and an executable portion configured for presenting on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A computer-implemented method for exposing application vulnerability, the method comprising:
-
providing a computing system comprising a computer processing device and a non-transitory computer readable medium, where the computer readable medium comprises configured computer program instruction code, such that when said instruction code is operated by said computer processing device, said computer processing device performs the following operations; compiling, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database; examining information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications; generating a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications; identifying application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements; presenting to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics; generating an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and presenting on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up. - View Dependent Claims (14, 15, 16, 17)
-
Specification