Enterprise security measures

US 10,523,700 B1
Filed: 08/21/2018
Issued: 12/31/2019
Est. Priority Date: 05/06/2016
Status: Active Grant

First Claim

Patent Images

1. An electronic computing device comprising:

a processing unit; and

system memory, the system memory including instructions that, when executed by the processing unit, cause the electronic computing device to;

receive information about a vulnerability associated with computing devices;

generate a user score for each of a plurality of users of the computing devices, wherein the user score is based on a relative priority for each of the plurality of users to receive remediation associated with the vulnerability;

generate a threat score for the vulnerability, wherein the threat score is based upon a relative severity of the vulnerability;

based on the user score and the threat score, determine a sequence of priority of distribution of remediation to the computing devices associated with each of the plurality of users; and

sequentially implement remediation to the computing devices based on the sequence of priority.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for managing security within an enterprise includes a computing device that receives a vulnerability, generates a user score for each user within the enterprise and generates a threat score for the vulnerability. A user device score may also be generated for each device associated with a user. Based on the user score and the threat score, a composite score is generated. After acquiring a security measure, the security measure is implemented based on the composite score and, at times, the user score.

42 Citations

20 Claims

1. An electronic computing device comprising:
- a processing unit; and
  
  system memory, the system memory including instructions that, when executed by the processing unit, cause the electronic computing device to;
  
  receive information about a vulnerability associated with computing devices;
  
  generate a user score for each of a plurality of users of the computing devices, wherein the user score is based on a relative priority for each of the plurality of users to receive remediation associated with the vulnerability;
  
  generate a threat score for the vulnerability, wherein the threat score is based upon a relative severity of the vulnerability;
  
  based on the user score and the threat score, determine a sequence of priority of distribution of remediation to the computing devices associated with each of the plurality of users; and
  
  sequentially implement remediation to the computing devices based on the sequence of priority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The electronic computing device of claim 1, wherein the remediation is publishing a security patch.
  - 3. The electronic computing device of claim 2, wherein publishing the security patch includes sending a reminder to update after a predetermined period of time.
  - 4. The electronic computing device of claim 1, wherein the user score is based upon behavioral data including behavioral patterns and access patterns.
  - 5. The electronic computing device of claim 4, wherein the behavioral data includes at least one of:
    - a type of a user device associated with a user and a type of processes used by the user device associated with the user.
  - 6. The electronic computing device of claim 4, wherein the behavioral data includes at least one of:
    - a corporate rank of the user and a system access level for the user.
  - 7. The electronic computing device of claim 4, wherein the behavioral patterns include at least one of the following:
    - a browsing history of the user, a volume of junkmail, a previous computing device infection, a volume of phishing email; and
      
      wherein the access patterns include at least one of the following;
      
      a quantity of unique devices used by the user to access enterprise-related data, and an access pattern of the user including time of day.
  - 8. The electronic computing device of claim 1, wherein the threat score is generated based on a third party vulnerability score and an internal vulnerability score.
  - 9. The electronic computing device of claim 8, wherein the third party vulnerability score is publicly available, and wherein the internal vulnerability score is generated based on a system or a device type affected by the vulnerability.
  - 10. The electronic computing device of claim 9, wherein the internal vulnerability score is additionally generated based on at least one of the following:
    - a device level importance, a regulation status, and a data sensitivity level.
  - 11. The electronic computing device of claim 1, wherein if one of the plurality of users does not perform the remediation within a first predetermined time period, the system memory further includes instructions that, when executed by the processing unit, cause the electronic computing device to:
    - activate a security module to lock out a device capability impacted by the vulnerability.
  - 12. The electronic computing device of claim 11, wherein if the user does not perform the remediation within a second predetermined time period, the system memory further includes instructions that, when executed by the processing unit, cause the electronic computing device to:
    - deactivate access to data.

13. A computer-implemented method, comprising:
- generating a user score for each of a plurality of users within an enterprise, wherein the user score is based on a relative priority for each of the plurality of users to receive remediation associated with a vulnerability;
  
  generating a user rank using the user score;
  
  generating a threat score for the vulnerability, wherein the threat score is based upon a relative severity of the vulnerability, and wherein the threat score is generated based on a third party vulnerability score and an internal vulnerability score;
  
  based on the user rank and the threat score, determine a sequence of priority of the remediation across the enterprise; and
  
  sequentially implement remediation to computing devices of the enterprise based on the sequence of priority.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, wherein the remediation is a patch or an update.
  - 15. The method of claim 14, wherein the user score is generated based on a set of characteristics including:
    - behavioral data, user device data, and user status data.
  - 16. The method of claim 13, wherein the third party vulnerability score is publicly available, and wherein the internal vulnerability score is generated based on an enterprise device report, the enterprise device report including a system or a device affected by the vulnerability.
  - 17. The method of claim 13, wherein the internal vulnerability score is generated based on at least one of the following:
    - a device level importance, a regulation status, an internally-versus externally-facing status, and a data sensitivity level, wherein if a user of the plurality of users does not perform the remediation within a first predetermined time period, activating a security module to lock out the vulnerability, and wherein if the user does not perform the remediation within a second predetermined time period, deactivating access to data within the enterprise.

18. A system for managing security within an enterprise, comprising:
- a computer-readable, non-transitory data storage memory comprising instructions that, when executed by a processing unit of an electronic computing device, cause the processing unit to;
  
  receive a vulnerability;
  
  generate a user device score for each of a plurality of user devices within the enterprise based on user device data, wherein the user device data includes at least one of;
  
  a type of a user device and a type of data processes used by the user device;
  
  generate a threat score for the vulnerability, wherein the threat score is generated based on a third party vulnerability score and an internal vulnerability score;
  
  based on the user device score and the threat score, generate a composite score;
  
  generate a user score for each of a plurality of users within the enterprise;
  
  generate a user rank using the user score for each of the plurality of users within the enterprise; and
  
  sequentially implement remediation to computing devices of the enterprise in an order according to the composite score and the user rank.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the third party vulnerability score is publicly available, and wherein the internal vulnerability score is generated based on an enterprise device report.
  - 20. The system of claim 19, wherein, if a user of the plurality of users does not implement the remediation within a first predetermined time period, the non-transitory data storage memory further includes instructions that, when executed by the processing unit, cause the electronic computing device to activate a security module to lock out the vulnerability on the user device, and wherein, if the user does not implement the remediation within a second predetermined time period, the non-transitory data storage memory further includes instructions that, when executed by the processing unit, cause the electronic computing device to deactivate access to data within the enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Rambo, Douglas C., Trudeau, Steven M., Hughes, Titanya, Colehouse, Michael, Calabro, Timothy J., Nguyen, Vincent N., Brenden, Ben D.
Primary Examiner(s)
Kim, Tae K

Application Number

US16/107,461
Time in Patent Office

497 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24578   using ranking

G06F 21/50   Monitoring users, programs ...

G06F 21/577   Assessing vulnerabilities a...

G06F 8/65   Updates security arrangemen...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Enterprise security measures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Enterprise security measures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others