Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system

US 10,284,589 B2
Filed: 10/31/2016
Issued: 05/07/2019
Est. Priority Date: 10/31/2016
Status: Active Grant

First Claim

Patent Images

1. A system for determining priority levels for addressing vulnerabilities associated with a network of computer devices, the system comprising:

one or more server devices communicatively coupled to a computer network including a plurality of communicatively coupled computing devices, the one or more server devices include memory storage to store, and one or more processors to execute;

a data collection engine, upon executing on the one or more processors, configured to;

receive a plurality of specification profiles representing architecture data of the computer network, each of the specification profiles defines one or more specification variables of the computer network or an asset thereof; and

receive vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network;

a controller engine, upon executing on the one or more processors, configured to;

check for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles;

identify, among a plurality of assets of the computer network and upon detecting a discrepancy, one or more assets associated with the discrepancy; and

instruct a profiling engine to profile the one or more assets associated with the discrepancy;

the profiling engine, upon executing on the one or more processors, configured to, for each asset of the one or more assets of the computer network associated with the discrepancy,;

establish, with a computing device associated with the asset, a respective communication channel;

query, via the respective communication channel, the asset for one or more corresponding profiling parameters; and

receive, from the computing device associated with the asset via the respective communication channel, the one or more corresponding profiling parameters; and

a ranking engine, upon executing on the one or more processors, configured to;

compute, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received by the profiling engine, the priority ranking value associated with each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for determining priority levels to process vulnerabilities associated with a networked computer system can include a data collection engine receiving a plurality of specification profiles, each defining one or more specification variables of the networked computer system or a respective asset. The data collection engine can receive, from a vulnerability scanner, vulnerability data indicative of a vulnerability associated with the networked computer system. A profiling engine can interrogate a computing device of the networked computer system, and receive one or more respective profiling parameters from that computing device. A ranking engine can compute a priority ranking value of the computing device based on the profile specification variables, the vulnerability data and the profiling parameters. The priority ranking value associated with the computing device can be indicative of a priority level, compared to other computing devices of the computer network, for patching a vulnerability affecting that computing device.

Citations

18 Claims

1. A system for determining priority levels for addressing vulnerabilities associated with a network of computer devices, the system comprising:
- one or more server devices communicatively coupled to a computer network including a plurality of communicatively coupled computing devices, the one or more server devices include memory storage to store, and one or more processors to execute;
  
  a data collection engine, upon executing on the one or more processors, configured to;
  
  receive a plurality of specification profiles representing architecture data of the computer network, each of the specification profiles defines one or more specification variables of the computer network or an asset thereof; and
  
  receive vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network;
  
  a controller engine, upon executing on the one or more processors, configured to;
  
  check for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles;
  
  identify, among a plurality of assets of the computer network and upon detecting a discrepancy, one or more assets associated with the discrepancy; and
  
  instruct a profiling engine to profile the one or more assets associated with the discrepancy;
  
  the profiling engine, upon executing on the one or more processors, configured to, for each asset of the one or more assets of the computer network associated with the discrepancy,;
  
  establish, with a computing device associated with the asset, a respective communication channel;
  
  query, via the respective communication channel, the asset for one or more corresponding profiling parameters; and
  
  receive, from the computing device associated with the asset via the respective communication channel, the one or more corresponding profiling parameters; and
  
  a ranking engine, upon executing on the one or more processors, configured to;
  
  compute, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received by the profiling engine, the priority ranking value associated with each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the controller engine is configured to provide at least one of the priority ranking values for display on a display device.
  - 3. The system of claim 1, wherein the controller engine is configured to transmit a set of executable instructions to of computing devices of the computer network associated with assets affected with any of the one or more vulnerabilities according to an order defined based on the priority ranking values.
  - 4. The system of claim 1, wherein the controller engine is configured to update the vulnerability data using at least one of the profiling parameters received by the profiling engine.
  - 5. The system of claim 1, wherein the plurality of specification profiles include at least one of a service level agreement (SLA) profile, security profile, redundancy profile, risk profile, legal profile, ownership profile, and compliance profile.
  - 6. The system of claim 1, wherein the parameters received by the profiling engine include at least one of a status parameter, memory usage parameter, processing power usage parameter, or network parameter.
  - 7. The system of claim 1, wherein in receiving vulnerability data, the data collection system is configured to:
    - merge the vulnerability data from the plurality of vulnerability scanners.
  - 8. The system of claim 1, wherein the data collection engine is further configured to:
    - receive, from one or more remote resources, data associated with published vulnerabilities; and
      
      supplement the vulnerability data received from the plurality of vulnerability scanners with the data associated with published vulnerabilities.
  - 9. The system of claim 1, wherein the data collection engine is further configured to:
    - compress data including the vulnerability data, the specification profiles, the profiling parameters, and the priority ranking values,the controller engine configured to provide the compressed data to a display device.
  - 10. The system of claim 1, wherein the a controller engine is configured to determine functional dependencies between at least two assets of the plurality of assets based on at least one of the specification profiles, the vulnerability data, or the profiling parameters.
  - 11. The system of claim 10, wherein the ranking engine is configured to compute the priority ranking values based on the functional dependencies.

12. A method of determining priority levels for processing vulnerabilities associated with a network of computer devices, the method comprising:
- receiving, by one or more computer servers communicatively coupled to a computer network, a plurality of specification profiles representing architecture data of the computer network, each of the specification profiles defining one or more specification variables of the computer network or an asset thereof;
  
  receiving, by the one or more computer servers, vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network;
  
  checking, by the one or more computer servers, for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles;
  
  identifying, by the one or more computer servers and responsive to detecting a discrepancy, one or more assets associated with the discrepancy from a plurality of assets of the computer network;
  
  establishing, by the one or more computer servers with each asset of the one or more assets, a corresponding communication channel with a corresponding computing device of the computer network associated with the asset;
  
  querying, by the one or more computer servers, each asset of the one or more assets via the respective communication channel for one or more corresponding profiling parameters;
  
  receiving, by the one or more computer servers, from each asset of the one or more assets, the one or more corresponding profiling parameters via the corresponding communication channel; and
  
  computing, by the one or more computer servers, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received from the one or more assets, the priority ranking value for each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12 further comprising providing, by the one or more computer servers, at least one of the priority ranking values for display on a display device.
  - 14. The method of claim 12 further comprising transmitting, by the one or more computer servers, a set of executable instructions to computing devices of the computer network associated with assets affected with any of the one or more vulnerabilities according to an order defined based on the priority ranking values.
  - 15. The method of claim 12, wherein receiving vulnerability data includes the data collection system:
    - merging the vulnerability data from the plurality of vulnerability scanners.
  - 16. The method of claim 12 comprising:
    - receiving, by the one or more computer servers, data associated with published vulnerabilities from one or more remote resources; and
      
      supplementing, by the one or more computer servers, the vulnerability data with the data associated with published vulnerabilities.
  - 17. The method of claim 12 further comprising:
    - determining, by the one or more computer servers, functional dependencies between at least two assets of the plurality of assets of the computer network based on at least one of the specification profiles, the vulnerability data, or the profiling parameters; and
      
      computing, by the one or more computer servers, the priority ranking values based on the functional dependencies.

18. A computer-readable medium with computer code instructions stored thereon, the computer code instructions when executed by one or more processors cause the one or more processors to:
- receive a plurality of specification profiles representing architecture data of a computer network, each of the specification profiles defining one or more specification variables of the computer network or an asset thereof;
  
  receive vulnerability data from a plurality of vulnerability scanners configured to scan the computer network for vulnerabilities, the vulnerability data indicative of one or more vulnerabilities associated with the computer network;
  
  check for discrepancies in the vulnerability data or between the vulnerability data and the plurality of specification profiles;
  
  identify, responsive to detecting a discrepancy, one or more assets associated with the discrepancy from a plurality of assets of the computer network;
  
  establish, for each asset of the one or more assets, a corresponding communication channel with a corresponding computing device of the computer network associated with the asset;
  
  query each asset of the one or more assets via the respective communication channel for one or more corresponding profiling parameters;
  
  receive, from each asset of the one or more assets, one or more corresponding profiling parameters via the corresponding communication channel; and
  
  compute, for each asset of the computer network affected with a vulnerability of the one or more vulnerabilities, a respective priority ranking value using the plurality of specification profiles, the vulnerability data and the profiling parameters received from the one or more assets, the priority ranking value for each asset affected with any of the one or more vulnerabilities indicative of a priority level, compared to other assets of the computer network, for fixing at least one vulnerability affecting that asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Acentium Inc.
Original Assignee
Acentium Inc.
Inventors
Hamdi, Amine
Primary Examiner(s)
Paliwal, Yogesh

Application Number

US15/339,412
Publication Number

US 20180124094A1
Time in Patent Office

918 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 12/0868   Data transfer between cache...

G06F 12/0897   with two or more cache hier...

G06F 21/552   involving long-term monitor...

G06F 2212/263   Network storage, e.g. SAN o...

G06F 2212/264   Remote server

G06F 7/24   Sorting, i.e. extracting da...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links