Ordered computer vulnerability remediation reporting
First Claim
1. A system comprising:
- storage media;
one or more processors;
and one or more programs stored in the storage media and configured for execution by the one or more processors, the one or more programs comprising instructions for;
determining a first vulnerability and a second vulnerability of one or more computing assets;
obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets;
based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability;
based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability.
5 Assignments
0 Petitions
Accused Products
Abstract
Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities.
-
Citations
20 Claims
-
1. A system comprising:
-
storage media; one or more processors; and one or more programs stored in the storage media and configured for execution by the one or more processors, the one or more programs comprising instructions for; determining a first vulnerability and a second vulnerability of one or more computing assets; obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets; based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability; based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
determining a first vulnerability and a second vulnerability of one or more computing assets; obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets; based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability; based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability; wherein the method is performed by one or more computing devices. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more non-transitory storage media storing one or more instructions which, when executed by one or more processors, cause:
-
determining a first vulnerability and a second vulnerability of one or more computing assets; obtaining breach data that indicates a successful exploit of the first vulnerability at one or more other computing assets; based on the breach data, making a determination that the first vulnerability is more vulnerable to the successful exploit than the second vulnerability; based on the determination, causing the first vulnerability to have a higher priority value than the second vulnerability. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification