Ordered computer vulnerability remediation reporting

US 10,305,925 B2
Filed: 11/20/2017
Issued: 05/28/2019
Est. Priority Date: 02/14/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

storage media;

one or more processors;

and one or more programs stored in the storage media and configured for execution by the one or more processors, the one or more programs comprising instructions for;

determining a first vulnerability and a second vulnerability of one or more computing assets;

obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets;

based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability;

based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities.

Citations

20 Claims

1. A system comprising:
- storage media;
  
  one or more processors;
  
  and one or more programs stored in the storage media and configured for execution by the one or more processors, the one or more programs comprising instructions for;
  
  determining a first vulnerability and a second vulnerability of one or more computing assets;
  
  obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets;
  
  based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability;
  
  based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the one or more programs further comprise instructions for:
    - based on the higher priority value of the first vulnerability, applying a remediation to the first vulnerability before applying a remediation to the second vulnerability.
  - 3. The system of claim 1, wherein at least one computing asset of the one or more computing assets is hardware.
  - 4. The system of claim 1, wherein at least one computing asset of the one or more computing assets is software.
  - 5. The system of claim 1, wherein the one or more programs further comprise instructions for:
    - obtaining exploit data indicating that the second vulnerability has a greater number of available exploits than the first vulnerability;
      
      wherein causing the first vulnerability to have the higher priority value than the second vulnerability is also based on the exploit data.
  - 6. The system of claim 1, wherein the one or more programs further comprise instructions for:
    - obtaining a Common Vulnerability Scoring System (CVSS) score of the first vulnerability;
      
      wherein causing the first vulnerability to have the higher priority value than the second vulnerability is also based on the CVSS score.
  - 7. The system of claim 1, wherein causing the first vulnerability to have the higher priority value than the second vulnerability comprises adjusting a risk score associated with the first vulnerability.

8. A method comprising:
- determining a first vulnerability and a second vulnerability of one or more computing assets;
  
  obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets;
  
  based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability;
  
  based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - based on the higher priority value of the first vulnerability, applying a remediation to the first vulnerability before applying a remediation to the second vulnerability.
  - 10. The method of claim 8, wherein at least one computing asset of the one or more computing assets is hardware.
  - 11. The method of claim 8, wherein at least one computing asset of the one or more computing assets is software.
  - 12. The method of claim 8, further comprising:
    - obtaining exploit data indicating that the second vulnerability has a greater number of available exploits than the first vulnerability;
      
      wherein causing the first vulnerability to have the higher priority value than the second vulnerability is also based on the exploit data.
  - 13. The method of claim 8, further comprising:
    - obtaining a Common Vulnerability Scoring System (CVSS) score of the first vulnerability;
      
      wherein causing the first vulnerability to have the higher priority value than the second vulnerability is also based on the CVSS score.
  - 14. The method of claim 8, wherein causing the first vulnerability to have the higher priority value than the second vulnerability comprises adjusting a risk score associated with the first vulnerability.

15. One or more non-transitory storage media storing one or more instructions which, when executed by one or more processors, cause:
- determining a first vulnerability and a second vulnerability of one or more computing assets;
  
  obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets;
  
  based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability;
  
  based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The one or more non-transitory storage media of claim 15, wherein the one or more instructions which, when executed by the one or more processors, further cause:
    - based on the higher priority value of the first vulnerability, applying a remediation to the first vulnerability before applying a remediation to the second vulnerability.
  - 17. The one or more non-transitory storage media of claim 15, wherein at least one computing asset of the one or more computing assets is hardware.
  - 18. The one or more non-transitory storage media of claim 15, wherein at least one computing asset of the one or more computing assets is software.
  - 19. The one or more non-transitory storage media of claim 15, wherein the one or more instructions which, when executed by the one or more processors, further cause:
    - obtaining exploit data indicating that the second vulnerability has a greater number of available exploits than the first vulnerability;
      
      wherein causing the first vulnerability to have the higher priority value than the second vulnerability is also based on the exploit data.
  - 20. The one or more non-transitory storage media of claim 15, wherein the one or more instructions which, when executed by the one or more processors, further cause:
    - obtaining a Common Vulnerability Scoring System (CVSS) score of the first vulnerability;
      
      wherein causing the first vulnerability to have the higher priority value than the second vulnerability is also based on the CVSS score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kenna Security LLC (Cisco Systems, Inc.)
Original Assignee
Kenna Security, Inc. (Cisco Systems, Inc.)
Inventors
Roytman, Michael, Bellis, Edward T., Heuer, Jeffrey
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/817,886
Publication Number

US 20180077193A1
Time in Patent Office

554 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/06311   Scheduling, planning or tas...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Ordered computer vulnerability remediation reporting

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Ordered computer vulnerability remediation reporting

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links