Vulnerability contextualization

US 10,708,292 B2
Filed: 11/28/2017
Issued: 07/07/2020
Est. Priority Date: 11/28/2017
Status: Active Grant

First Claim

Patent Images

1. A method for contextualizing vulnerabilities, the method performed by a server including a processor and a non-transitory computer readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:

importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value;

importing an asset inventory from an asset database;

merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner;

categorizing the contextual vulnerability data; and

generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of,determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate;

determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception;

determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded;

determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix;

determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and

determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the disclosure provides a method for contextualizing vulnerabilities. The method is performed by a server including a processor and a non-transitory computer-readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method including: (a) importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value; (b) importing an asset inventory from an asset database; (c) merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner; (d) categorizing the contextual vulnerability data; and (e) generating a report of the categorized contextual vulnerability data.

Citations

18 Claims

1. A method for contextualizing vulnerabilities, the method performed by a server including a processor and a non-transitory computer readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:
- importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value;
  
  importing an asset inventory from an asset database;
  
  merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner;
  
  categorizing the contextual vulnerability data; and
  
  generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of,determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate;
  
  determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception;
  
  determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded;
  
  determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix;
  
  determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and
  
  determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the vulnerability is categorized as the exception when threats associated with the vulnerability are diminished by a firewall.
  - 3. The method according to claim 1, wherein the vulnerability is categorized as the exception when a vulnerability ID of the vulnerability is identified in control exception data.
  - 4. The method according to claim 1, wherein an asset is selected from the group consisting of:
    - an operating system, a computing hardware, a network, and an application.
  - 5. The method according to claim 1, wherein generating a report of the categorized contextual vulnerability data includes generating a table including vulnerabilities separated into categories determined by the categorizing step, the categories including an infrastructure finding summary category, an application dependent finding category, and an exception summary category.
  - 6. The method according to claim 5, wherein the categories further include a vulnerabilities summary category including vulnerability totals from other categories.
  - 7. The method according to claim 1, wherein generating a report of the categorized contextual vulnerability data includes generating a table including vulnerabilities by groupings, the groupings including asset family, department, and high value assets.
  - 8. The method according to claim 1, wherein generating a report of the categorized contextual vulnerability data includes generating a pie chart, the pie chart including the contextual vulnerabilities categorized by how long each vulnerability in the contextual vulnerability was first detected.

9. A server for contextualizing vulnerabilities, the server including a processor and a non-transitory computer readable medium containing instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:
- importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value;
  
  importing an asset inventory from an asset database;
  
  merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner;
  
  categorizing the contextual vulnerability data; and
  
  generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of,determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate;
  
  determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception;
  
  determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded;
  
  determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix;
  
  determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and
  
  determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The server according to claim 9, wherein the vulnerability is categorized as the exception when threats associated with the vulnerability are diminished by a firewall.
  - 11. The server according to claim 9, wherein the vulnerability is categorized as the exception when a vulnerability ID of the vulnerability is identified in control exception data.
  - 12. The server according to claim 9, wherein an asset is selected from the group consisting of:
    - an operating system, a computing hardware, a network, and an application.
  - 13. The server according to claim 9, wherein generating a report of the categorized contextual vulnerability data includes generating a table including vulnerabilities separated into categories determined by the categorizing step, the categories including an infrastructure finding summary category, an application dependent finding category, and an exception summary category.
  - 14. The server according to claim 13, wherein the categories further include a vulnerabilities summary category including vulnerability totals from other categories.
  - 15. The server according to claim 9, wherein generating a report of the categorized contextual vulnerability data includes generating a table including vulnerabilities by groupings, the groupings including asset family, department, and high value assets.
  - 16. The server according to claim 9, wherein generating a report of the categorized contextual vulnerability data includes generating a pie chart, the pie chart including the contextual vulnerabilities categorized by how long each vulnerability in the contextual vulnerability was first detected.

17. A computing device for displaying contextualized vulnerabilities, the computing device including a screen, a processor and a non-transitory computer readable medium containing instructions stored thereon, such that when the instructions are executed by the processor, the computing device performs the method comprising:
- receiving, from a server, a message containing one or more vulnerability data and one or more solutions to the vulnerability data, each vulnerability data including a vulnerability identification (ID) and an asset value identifying an application;
  
  determining whether a first one of the solutions for a corresponding vulnerability in the vulnerability data causes the application identified in the asset value of the corresponding vulnerability to break;
  
  based on determining that the application breaks, generating an exception for the corresponding vulnerability and providing the exception to the server;
  
  based on determining that the application does not break, applying the first solution to the application to patch the corresponding vulnerability;
  
  receiving, from the server, a report of categorized contextual vulnerability data including the corresponding vulnerability being categorized in an exception category or in a fixed category; and
  
  displaying the report on the screen, wherein the categorized contextual vulnerability data includes at least one of,determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate;
  
  determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception;
  
  determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded;
  
  determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix;
  
  determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and
  
  determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure.
- View Dependent Claims (18)
- - 18. The computing device according to claim 17, wherein the report includes a bar graph of the categorized contextual vulnerability data, the bar graph showing the corresponding vulnerability as being resolved on a specific date.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aetna Incorporated (CVS Health Corporation)
Original Assignee
Aetna Incorporated (CVS Health Corporation)
Inventors
Gerrick, Ryan
Primary Examiner(s)
Bayou, Yonas A

Application Number

US15/824,491
Publication Number

US 20190166149A1
Time in Patent Office

952 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24   Querying

G06F 21/562   Static detection

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/10   Office automation; Time man...

G06T 11/206   Drawing of charts or graphs

H04L 63/1433   Vulnerability analysis

Vulnerability contextualization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Vulnerability contextualization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links