Hierarchical risk assessment and remediation of threats in mobile networking environment

US 10,686,819 B2
Filed: 10/22/2013
Issued: 06/16/2020
Est. Priority Date: 02/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

collecting or detecting vulnerability data from distributed sources, the vulnerability data including;

a first vulnerability data set from aspects of a mobile device, the mobile device being a first source of the distributed sources,a second vulnerability data set from communication between the mobile device and a server in a secure network, the server being a second source of the distributed sources, anda third set vulnerability data set from communication between the mobile device and a network service, the network service being a third source of the distributed sources, the collecting or detecting performed by a facility having a processor, a non-transitory computer-readable medium, and stored instructions translatable by the processor, the facility configured for enhancing security of mobile devices in a mobile networking environment;

centrally processing the vulnerability data in order of threat priority associated therewith, the processing performed by the facility, the processing comprising;

for each vulnerability event in the vulnerability data;

determining, from a plurality of vulnerability policies, a matching vulnerability policy that matches a respective vulnerability event in the vulnerability data and that contains a risk score;

extracting the risk score from the matching vulnerability policy;

based at least on the risk score extracted from the matching vulnerability policy, determining a best matching risk remediation policy for the respective vulnerability event in the vulnerability data; and

performing a remediation for the mobile device per the best matching risk remediation policy to remediate the respective vulnerability event in the vulnerability data; and

reporting, through a user interface of the facility, vulnerability events in the vulnerability data and associated remediations for the mobile device in the order of the threat priority.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mobile device security techniques are described. For a specific computing device, for each of a plurality of distinct security categories, a risk score is determined. The determined risk scores are aggregated to obtain an overall risk score.

Citations

27 Claims

1. A method, comprising:
- collecting or detecting vulnerability data from distributed sources, the vulnerability data including;
  
  a first vulnerability data set from aspects of a mobile device, the mobile device being a first source of the distributed sources,a second vulnerability data set from communication between the mobile device and a server in a secure network, the server being a second source of the distributed sources, anda third set vulnerability data set from communication between the mobile device and a network service, the network service being a third source of the distributed sources, the collecting or detecting performed by a facility having a processor, a non-transitory computer-readable medium, and stored instructions translatable by the processor, the facility configured for enhancing security of mobile devices in a mobile networking environment;
  
  centrally processing the vulnerability data in order of threat priority associated therewith, the processing performed by the facility, the processing comprising;
  
  for each vulnerability event in the vulnerability data;
  
  determining, from a plurality of vulnerability policies, a matching vulnerability policy that matches a respective vulnerability event in the vulnerability data and that contains a risk score;
  
  extracting the risk score from the matching vulnerability policy;
  
  based at least on the risk score extracted from the matching vulnerability policy, determining a best matching risk remediation policy for the respective vulnerability event in the vulnerability data; and
  
  performing a remediation for the mobile device per the best matching risk remediation policy to remediate the respective vulnerability event in the vulnerability data; and
  
  reporting, through a user interface of the facility, vulnerability events in the vulnerability data and associated remediations for the mobile device in the order of the threat priority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the aspects of the mobile device comprise at least one of mobile cloud service (MCS) access, data integrity, malware, application integrity, or device integrity, wherein the server in the secure network comprises a virtual private network (VPN) server in a VPN, and wherein the network service relates to an environmental factor, MCS application access, security monitoring, application access, or active directory access.
  - 3. The method according to claim 1, wherein the processing further comprises:
    - responsive to a vulnerability event in the vulnerability data having no matching vulnerability policy or matching risk remediation policy, placing the vulnerability event in a review queue.
  - 4. The method according to claim 1, further comprising:
    - storing the vulnerability events in a historical data store.
  - 5. The method according to claim 1, further comprising:
    - adding the vulnerability events to a risk profile for the mobile device.
  - 6. The method according to claim 1, further comprising:
    - generating a remediation action event describing the remediation taken; and
      
      communicating the remediation action event to the user interface.
  - 7. The method according to claim 1, wherein the user interface is configured for allowing a user to adjust a type, degree, or level of the remediation selected automatically by the facility and wherein the user interface comprises a dashboard, a mobile device user interface, or a security information and event management (SIEM) user interface.
  - 8. The method according to claim 1, wherein the threat priority comprises none, low, medium, or high.
  - 9. The method according to claim 1, wherein the remediation comprises a solution, a fix, a patch, a temporary fix, or a work around.

10. A system, comprising:
- a processor;
  
  a non-transitory computer-readable medium; and
  
  stored instructions translatable by the processor for;
  
  collecting or detecting vulnerability data from distributed sources, the vulnerability data including;
  
  a first vulnerability data set from aspects of a mobile device, the mobile device being a first source of the distributed sources,a second vulnerability data set from communication between the mobile device and a server in a secure network, the server being a second source of the distributed sources, anda third set vulnerability data set from communication between the mobile device and a network service, the network service being a third source of the distributed sources;
  
  centrally processing the vulnerability data in order of threat priority associated therewith, the processing comprising;
  
  for each vulnerability event in the vulnerability data;
  
  determining, from a plurality of vulnerability policies, a matching vulnerability policy that matches a respective vulnerability event in the vulnerability data and that contains a risk score;
  
  extracting the risk score from the matching vulnerability policy;
  
  based at least on the risk score extracted from the matching vulnerability policy, determining a best matching risk remediation policy for the respective vulnerability event in the vulnerability data; and
  
  performing a remediation for the mobile device per the best matching risk remediation policy to remediate the respective vulnerability event in the vulnerability data; and
  
  reporting, through a user interface, vulnerability events in the vulnerability data and associated remediations for the mobile device in the order of the threat priority.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the aspects of the mobile device comprise at least one of mobile cloud service (MCS) access, data integrity, malware, application integrity, or device integrity, wherein the server in the secure network comprises a virtual private network (VPN) server in a VPN, and wherein the network service relates to an environmental factor, MCS application access, security monitoring, application access, or active directory access.
  - 12. The system of claim 10, wherein the processing further comprises:
    - responsive to a vulnerability event in the vulnerability data having no matching vulnerability policy or matching risk remediation policy, placing the vulnerability event in a review queue.
  - 13. The system of claim 10, wherein the stored instructions are further translatable by the processor for:
    - storing the vulnerability events in a historical data store.
  - 14. The system of claim 10, wherein the stored instructions are further translatable by the processor for:
    - adding the vulnerability events to a risk profile for the mobile device.
  - 15. The system of claim 10, wherein the stored instructions are further translatable by the processor for:
    - generating a remediation action event describing the remediation taken; and
      
      communicating the remediation action event to the user interface.
  - 16. The system of claim 10, wherein the user interface is configured for allowing a user to adjust a type or degree of the remediation selected automatically by the facility and wherein the user interface comprises a dashboard, a mobile device user interface, or a security information and event management (SIEM) user interface.
  - 17. The system of claim 10, wherein the threat priority comprises none, low, medium, or high.
  - 18. The system of claim 10, wherein the remediation comprises a solution, a fix, a patch, a temporary fix, or a work around.

19. A computer program product comprising a non-transitory computer-readable medium storing instructions translatable by a processor to perform:
- collecting or detecting vulnerability data from distributed sources, the vulnerability data including;
  
  a first vulnerability data set from aspects of a mobile device, the mobile device being a first source of the distributed sources,a second vulnerability data set from communication between the mobile device and a server in a secure network, the server being a second source of the distributed sources, anda third set vulnerability data set from communication between the mobile device and a network service, the network service being a third source of the distributed sources;
  
  centrally processing the vulnerability data in order of threat priority associated therewith, the processing comprising;
  
  for each vulnerability event in the vulnerability data;
  
  determining, from a plurality of vulnerability policies, a matching vulnerability policy that matches a respective vulnerability event in the vulnerability data and that contains a risk score;
  
  extracting the risk score from the matching vulnerability policy;
  
  based at least on the risk score extracted from the matching vulnerability policy, determining a best matching risk remediation policy for the respective vulnerability event in the vulnerability data; and
  
  performing a remediation for the mobile device per the best matching risk remediation policy to remediate the respective vulnerability event in the vulnerability data; and
  
  reporting, through a user interface, vulnerability events in the vulnerability data and associated remediations for the mobile device in the order of the threat priority.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer program product of claim 19, wherein the aspects of the mobile device comprise at least one of mobile cloud service (MCS) access, data integrity, malware, application integrity, or device integrity, wherein the server in the secure network comprises a virtual private network (VPN) server in a VPN, and wherein the network service relates to an environmental factor, MCS application access, security monitoring, application access, or active directory access.
  - 21. The computer program product of claim 19, wherein the processing further comprises:
    - responsive to a vulnerability event in the vulnerability data having no matching vulnerability policy or matching risk remediation policy, placing the vulnerability event in a review queue.
  - 22. The computer program product of claim 19, wherein the instructions are further translatable by the processor for:
    - storing the vulnerability events in a historical data store.
  - 23. The computer program product of claim 19, wherein the instructions are further translatable by the processor for:
    - adding the vulnerability events to a risk profile for the mobile device.
  - 24. The computer program product of claim 19, wherein the instructions are further translatable by the processor for:
    - generating a remediation action event describing the remediation taken; and
      
      communicating the remediation action event to the user interface.
  - 25. The computer program product of claim 19, wherein the user interface is configured for allowing a user to adjust a type or degree of the remediation selected automatically by the facility and wherein the user interface comprises a dashboard, a mobile device user interface, or a security information and event management (SIEM) user interface.
  - 26. The computer program product of claim 19, wherein the threat priority comprises none, low, medium, or high.
  - 27. The computer program product of claim 19, wherein the remediation comprises a solution, a fix, a patch, a temporary fix, or a work around.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Proofpoint Incorporated
Inventors
Mylavarapu, Ramana M., Nigam, Ajay, Hegde, Vipin Balkatta
Primary Examiner(s)
Lesniewski, Victor

Application Number

US14/060,498
Publication Number

US 20140237545A1
Time in Patent Office

2,429 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04W 12/122   Counter-measures against at...

Hierarchical risk assessment and remediation of threats in mobile networking environment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical risk assessment and remediation of threats in mobile networking environment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links