Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system
First Claim
1. A system for determining priority levels for addressing vulnerabilities associated with a network of computer devices, the system comprising:
- one or more server devices communicatively coupled to a computer network including a plurality of communicatively coupled computing devices, the one or more server devices include memory storage to store, and one or more processors to execute;
a data collection engine, upon executing on the one or more processors, configured to;
receive a plurality of specification profiles representing architecture data of the computer network, each of the specification profiles defines one or more specification variables of the computer network or an asset thereof; and
receive vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network;
a controller engine, upon executing on the one or more processors, configured to;
check for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles;
identify, among a plurality of assets of the computer network and upon detecting a discrepancy, one or more assets associated with the discrepancy; and
instruct a profiling engine to profile the one or more assets associated with the discrepancy;
the profiling engine, upon executing on the one or more processors, configured to, for each asset of the one or more assets of the computer network associated with the discrepancy,;
establish, with a computing device associated with the asset, a respective communication channel;
query, via the respective communication channel, the asset for one or more corresponding profiling parameters; and
receive, from the computing device associated with the asset via the respective communication channel, the one or more corresponding profiling parameters; and
a ranking engine, upon executing on the one or more processors, configured to;
compute, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received by the profiling engine, the priority ranking value associated with each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters. The priority ranking value associated with the computing device can be indicative of a priority level, compared to other computing devices of the computer network, for patching a vulnerability affecting that computing device.
-
Citations
18 Claims
-
1. A system for determining priority levels for addressing vulnerabilities associated with a network of computer devices, the system comprising:
one or more server devices communicatively coupled to a computer network including a plurality of communicatively coupled computing devices, the one or more server devices include memory storage to store, and one or more processors to execute; a data collection engine, upon executing on the one or more processors, configured to; receive a plurality of specification profiles representing architecture data of the computer network, each of the specification profiles defines one or more specification variables of the computer network or an asset thereof; and receive vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network; a controller engine, upon executing on the one or more processors, configured to; check for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles; identify, among a plurality of assets of the computer network and upon detecting a discrepancy, one or more assets associated with the discrepancy; and instruct a profiling engine to profile the one or more assets associated with the discrepancy; the profiling engine, upon executing on the one or more processors, configured to, for each asset of the one or more assets of the computer network associated with the discrepancy,; establish, with a computing device associated with the asset, a respective communication channel; query, via the respective communication channel, the asset for one or more corresponding profiling parameters; and receive, from the computing device associated with the asset via the respective communication channel, the one or more corresponding profiling parameters; and a ranking engine, upon executing on the one or more processors, configured to; compute, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received by the profiling engine, the priority ranking value associated with each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A method of determining priority levels for processing vulnerabilities associated with a network of computer devices, the method comprising:
-
receiving, by one or more computer servers communicatively coupled to a computer network, a plurality of specification profiles representing architecture data of the computer network, each of the specification profiles defining one or more specification variables of the computer network or an asset thereof; receiving, by the one or more computer servers, vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network; checking, by the one or more computer servers, for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles; identifying, by the one or more computer servers and responsive to detecting a discrepancy, one or more assets associated with the discrepancy from a plurality of assets of the computer network; establishing, by the one or more computer servers with each asset of the one or more assets, a corresponding communication channel with a corresponding computing device of the computer network associated with the asset; querying, by the one or more computer servers, each asset of the one or more assets via the respective communication channel for one or more corresponding profiling parameters; receiving, by the one or more computer servers, from each asset of the one or more assets, the one or more corresponding profiling parameters via the corresponding communication channel; and computing, by the one or more computer servers, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received from the one or more assets, the priority ranking value for each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A computer-readable medium with computer code instructions stored thereon, the computer code instructions when executed by one or more processors cause the one or more processors to:
-
receive a plurality of specification profiles representing architecture data of a computer network, each of the specification profiles defining one or more specification variables of the computer network or an asset thereof; receive vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network; check for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles; identify, responsive to detecting a discrepancy, one or more assets associated with the discrepancy from a plurality of assets of the computer network; establish, for each asset of the one or more assets, a corresponding communication channel with a corresponding computing device of the computer network associated with the asset; query each asset of the one or more assets via the respective communication channel for one or more corresponding profiling parameters; receive, from each asset of the one or more assets, one or more corresponding profiling parameters via the corresponding communication channel; and compute, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received from the one or more assets, the priority ranking value for each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset.
-
Specification