Vulnerability exposing application characteristic variation identification engine

US 10,264,008 B2
Filed: 10/08/2015
Issued: 04/16/2019
Est. Priority Date: 10/08/2015
Status: Active Grant

First Claim

Patent Images

1. A system for exposing application vulnerability, the system comprising:

a memory device with computer-readable program code stored thereon;

a communication device;

a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to;

compile, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database;

examine information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications;

generate a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications;

identify application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements;

present to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics;

generate an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and

present on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to a system, method, or computer program product for an engine for exposing vulnerability within applications based on application characteristic identification. In this way, the engine identifies existing data sets that aid in understanding the possible privacy vulnerabilities associated with technologies such as applications, operated by an entity. The engine comprises dials and levers that allow for prioritization visualization of vulnerabilities critical to a particular portion of the entity. In this way, a user can drive the application engine allowing them to narrow the focus on any number of variations of application characteristics including, but not limited to types of vulnerabilities, status of the vulnerabilities, critical applications, regulated applications, vulnerabilities, business continuity and/or accessibility to the applications.

30 Citations

View as Search Results

17 Claims

1. A system for exposing application vulnerability, the system comprising:
- a memory device with computer-readable program code stored thereon;
  
  a communication device;
  
  a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to;
  
  compile, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database;
  
  examine information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications;
  
  generate a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications;
  
  identify application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements;
  
  present to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics;
  
  generate an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and
  
  present on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein generating the interactive graphical interface comprises plotting the compiled applications as indicators across an x-axis comprising the weighted asset security value and a y-axis comprising the filtered application characteristics, wherein the indicators are selectable and present detailed real-time information about the compiled applications associated with the indicators.
  - 3. The system of claim 1, wherein examining information security criteria comprises identifying the compiled applications that include non-public information and third party managed information, wherein examining business criteria for the compiled applications comprises identifying a peak of concurrent uses and a restore time for each of the compiled applications.
  - 4. The system of claim 1, further comprising storing the weighted asset security value permanently for each of the compiled applications.
  - 5. The system of claim 1, wherein identifying application characteristic variables in the compiled applications available across the entity further comprises identifying the compiled applications associated with variables in privacy, leadership, third party contacts, criticality, vulnerabilities, continuity, asset information, and accessibility.
  - 6. The system of claim 1, wherein presenting on demand detailed information about the one or more applications selected or highlighted in the interactive graphical interface for security follow up, further comprises presenting the user with security detail specifics for each of the one or more applications to expose application vulnerabilities relevant to the filters.

7. A computer program product for exposing application vulnerability, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code portions embodied therein, the computer-readable program code portions comprising:
- A system for exposing application vulnerability, the system comprising;
  
  a memory device with computer-readable program code stored thereon;
  
  a communication device;
  
  a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to;
  
  an executable portion configured for compiling, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database;
  
  an executable portion configured for examining information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications;
  
  an executable portion configured for generating a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications;
  
  an executable portion configured for identifying application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements;
  
  an executable portion configured for presenting to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics;
  
  an executable portion configured for generating an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and
  
  an executable portion configured for presenting on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein generating the interactive graphical interface comprises plotting the compiled applications as indicators across an x-axis comprising the weighted asset security value and a y-axis comprising the filtered application characteristics, wherein the indicators are selectable and present detailed real-time information about the compiled application associated with the indicators.
  - 9. The computer program product of claim 7, wherein examining information security criteria comprises identifying the compiled applications that include non-public information and third party managed information, wherein examining business criteria for the compiled applications comprises identifying a peak of concurrent uses and a restore time for each of the compiled applications.
  - 10. The computer program product of claim 7, further comprising an executable portion configured for storing the weighted asset security value permanently for each of the compiled applications.
  - 11. The computer program product of claim 7, wherein identifying application characteristic variables in the compiled applications available across the entity further comprises identifying the compiled applications associated with variables in privacy, leadership, third party contacts, criticality, vulnerabilities, continuity, asset information, and accessibility.
  - 12. The computer program product of claim 7, wherein presenting on demand detailed information about the one or more applications selected or highlighted in the interactive graphical interface for security follow up, further comprises presenting the user with security detail specifics for each of the one or more applications to expose application vulnerabilities relevant to the filters.

13. A computer-implemented method for exposing application vulnerability, the method comprising:
- providing a computing system comprising a computer processing device and a non-transitory computer readable medium, where the computer readable medium comprises configured computer program instruction code, such that when said instruction code is operated by said computer processing device, said computer processing device performs the following operations;
  
  compiling, across an entirety of an entity, applications available within the entity and applications hosted externally into a centralized location database;
  
  examining information security criteria and business criteria for compiled applications, wherein the information security criteria includes compiled applications'"'"' capability to access, control and report on financial transactions and access to non-public personal user information, and business criteria includes expected number of peak concurrent users for the compiled applications, required downtime during an outage or refresh of the compiled applications, and number of additional downstream applications dependent on the compiled applications;
  
  generating a weighted asset security value based on the information security criteria and the business criteria for each of the compiled applications;
  
  identifying application characteristic variables in the compiled applications, wherein application characteristic variables include internal or external application hosting, compliance requirements, financial regulatory requirements, recovery times, and application privacy requirements;
  
  presenting to a user an interface communicated to the user via a secure communicable link, wherein the interface comprises selectable filters associated with the application characteristics;
  
  generating an interactive graphical interface comprising graphical axis, wherein one axis comprises the weighted asset security value, a second axis comprises filtered application characteristics, and an alternative axis comprising the application characteristic variables, wherein the compiled applications are represented by selectable indicators within the interactive graphical interface for drill down presentation of applications and security details, and wherein application characteristic variables are selected via dials and levers; and
  
  presenting on demand, based on selecting one or more complied applications, detailed information about one or more applications selected or highlighted in the interactive graphical interface via the alternative axis, wherein the alternative axis includes the one or more selected application and the application characteristic variables corresponding to the one or more selected applications for security follow up.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer-implemented method of claim 13, wherein generating the interactive graphical interface comprises plotting the compiled applications as indicators across an x-axis comprising the weighted asset security value and a y-axis comprising the filtered application characteristics, wherein the indicators are selectable and present detailed real-time information about the compiled applications associated with the indicators.
  - 15. The computer-implemented method of claim 13, wherein examining information security criteria comprises identifying the compiled applications that include non-public information and third party managed information, wherein examining business criteria for the compiled applications comprises identifying a peak of concurrent uses and a restore time for each of the compiled applications.
  - 16. The computer-implemented method of claim 13, wherein identifying application characteristic variables in the compiled applications available across the entity further comprises identifying the compiled applications associated with variables in privacy, leadership, third party contacts, criticality, vulnerabilities, continuity, asset information, and accessibility.
  - 17. The computer-implemented method of claim 13, wherein presenting on demand detailed information about the one or more applications selected or highlighted in the interactive graphical interface for security follow up, further comprises presenting the user with security detail specifics for each of the one or more applications to expose application vulnerabilities relevant to the filters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Middleman, Daniel Edward, Denning, John Henry, Topel, Keith Allen
Primary Examiner(s)
Herzog, Madhuri R

Application Number

US14/878,621
Publication Number

US 20170104779A1
Time in Patent Office

1,286 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 3/0484   for the control of specific...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Vulnerability exposing application characteristic variation identification engine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Vulnerability exposing application characteristic variation identification engine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links