Reporter

US 20030056116A1
Filed: 05/16/2002
Published: 03/20/2003
Est. Priority Date: 05/18/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of generating a report comprising:

receiving raw data, wherein the raw data comprises test results;

storing the raw data;

determining a plurality of raw vulnerabilities based on the raw data;

selecting, based on a report recipient, a plurality of selected vulnerabilities, wherein each of the plurality of selected vulnerabilities is contained in the set of the plurality of raw vulnerabilities;

selecting, for each of the plurality of selected vulnerabilities, a selected report element, wherein each selected report element is selected, based on the report recipient, from a plurality of report elements that corresponds to the selected vulnerability;

wherein the selected report elements are included in a report; and

transmitting the report to the report recipient.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To answer the security needs of the market, a preferred embodiment was developed. A preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests can emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment can be performed over the Internet, both domestic and worldwide corporations benefit. A preferred embodiment'"'"'s physical subsystems combine to form a scalable holistic system that can be able to conduct tests for thousands of customers any place in the world. The security skills of experts can be embedded into a preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time. A preferred embodiment can reduce the work time required for security practices of companies from three weeks to less than a day, as well as significantly increase their capacity. Component subsystems typically include a Database, Command Engine, Gateway, multiple Testers, Report Generator, and an RMCT.

314 Citations

24 Claims

1. A method of generating a report comprising:
- receiving raw data, wherein the raw data comprises test results;
  
  storing the raw data;
  
  determining a plurality of raw vulnerabilities based on the raw data;
  
  selecting, based on a report recipient, a plurality of selected vulnerabilities, wherein each of the plurality of selected vulnerabilities is contained in the set of the plurality of raw vulnerabilities;
  
  selecting, for each of the plurality of selected vulnerabilities, a selected report element, wherein each selected report element is selected, based on the report recipient, from a plurality of report elements that corresponds to the selected vulnerability;
  
  wherein the selected report elements are included in a report; and
  
  transmitting the report to the report recipient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the selected report elements comprise key indicators, whereby the report comprises a key indicator report.
  - 3. The method of claim 1, wherein the selected report elements comprise standard report elements, whereby the report comprises a standard report.
  - 4. The method of claim 1, wherein the selected report elements comprise technical report elements;
    - wherein the selected report elements are included in the report in a fashion organized by IP address; and
      
      whereby the report comprises a technical summary by IP address report.
  - 5. The method of claim 1, wherein the selected report elements comprise technical report elements;
    - wherein the selected report elements are included in the report in a fashion organized by host; and
      
      whereby the report comprises a by host report.
  - 6. The method of claim 1, wherein the selected report elements comprise corrective instructions, whereby the report comprises an action report.
  - 7. The method of claim 1, wherein said receiving raw data comprises receiving raw data from a tester, the method further comprising:
    - prior to receiving raw data from the tester, testing by a tester of a system under test while the system under test operates normally; and
      
      wherein said testing produces the raw data.
  - 8. The method of claim 7, wherein one of the plurality of raw vulnerabilities comprises a positive test vulnerability based on at least some of said testing.
  - 9. The method of claim 7, wherein the raw data comprises configuration data of the system under test;
    - and wherein one of the plurality of raw vulnerabilities comprises a positive configuration vulnerability based on at least some of the configuration data.
  - 10. The method of claim 7, wherein the raw data comprises configuration data of the system under test;
    - and wherein one of the plurality of raw vulnerabilities comprises a warning configuration vulnerability based on at least some of the configuration data.
  - 11. The method of claim 7, wherein the raw data comprises configuration data of the system under test;
    - and wherein one of the plurality of raw vulnerabilities comprises a warning best practices vulnerability based on at least some of the configuration data.
  - 12. The method of claim 7, further comprising:
    - generating profile change data based on comparison of the raw data and existing data. wherein one of the plurality of raw vulnerabilities comprises a warning profile change vulnerability based on at least some of the profile change data.
  - 13. The method of claim 1, wherein the raw data comprises telephone sweep data.
  - 14. The method of claim 1, further comprising:
    - selecting, based on at least one additional report recipient, at least one additional plurality of selected vulnerabilities, such that each plurality of selected vulnerabilities corresponds to one of the report recipients, and such that each of the pluralities of selected vulnerabilities is contained in the set of the plurality of raw vulnerabilities;
      
      selecting, for each of the additional plurality of selected vulnerabilities, an additional selected report element, wherein each additional selected report element is selected, based on the corresponding additional report recipient, from an additional plurality of report elements that corresponds to the additional selected vulnerability;
      
      wherein, for each additional plurality of selected vulnerabilities, each of the additional selected report elements are included in an additional report;
      
      whereby each report is adapted based on its report recipient.
  - 15. The method of claim 1, wherein said transmitting the report to the report recipient comprises e-mailing the report to the report recipient.
  - 16. The method of claim 1, wherein said transmitting the report to the report recipient comprises directly transferring the report into an enterprise level system of the report recipient.

17. A method of generating a report comprising:
- receiving generic vulnerability data;
  
  determining a plurality of raw vulnerabilities based on comparison of the generic vulnerability data with stored raw data, wherein the stored raw data comprise test results;
  
  selecting, based on a report recipient, a plurality of selected vulnerabilities, wherein each of the plurality of selected vulnerabilities is contained in the set of the plurality of raw vulnerabilities;
  
  selecting, for each of the plurality of selected vulnerabilities, a selected report element, wherein each selected report element is selected, based on the report recipient, from a plurality of report elements that corresponds to the selected vulnerability;
  
  wherein the selected report elements are included in a report; and
  
  transmitting the report to the report recipient.
- View Dependent Claims (18, 19, 20, 21)
- - 18. A method of generating a report comprising:
    - at least one iteration of the method of claim 17, each having a corresponding plurality of raw vulnerabilities;
      
      wherein the stored raw data comprise data generated by prior tests of a system under test;
      
      testing the system under test;
      
      receiving new raw data, wherein the new raw data comprise test results;
      
      storing the new raw data;
      
      determining a plurality of new raw vulnerabilities based on the new raw data;
      
      comparing the new raw vulnerabilities to the raw vulnerabilities of the pluralities of raw vulnerabilities to ascertain corrected vulnerabilities comprising the raw vulnerabilities of the pluralities of raw vulnerabilities that are not among the new raw vulnerabilities;
      
      selecting selected report elements based on the corrected vulnerabilities;
      
      wherein the selected report elements are included in a report; and
      
      transmitting the report to the report recipient.
  - 19. The method of claim 18, further comprising comparing the new raw vulnerabilities to the raw vulnerabilities of the pluralities of raw vulnerabilities to ascertain uncorrected vulnerabilities comprising the raw vulnerabilities of the pluralities of raw vulnerabilities that are among the new raw vulnerabilities;
    - and selecting selected report elements based on the uncorrected vulnerabilities.
  - 20. The method of claim 19, further comprising:
    - formulating metrics describing characteristics of the corrected vulnerabilities;
      
      wherein characteristics each of the corrected vulnerabilities include;
      
      duration of time from the time that a report was transmitted with at least one report element corresponding to the now corrected vulnerability until the now corrected vulnerability was first determined to be corrected; and
      
      percentage of the raw vulnerabilities of the pluralities of raw vulnerabilities that became corrected vulnerabilities;
      
      formulating metrics describing characteristics of the uncorrected vulnerabilities; and
      
      wherein characteristics each of the uncorrected vulnerabilities include;
      
      duration of time from the time that a report was transmitted with at least one report element corresponding to the uncorrected vulnerability until the uncorrected vulnerability was last determined to be uncorrected; and
      
      percentage of the raw vulnerabilities of the pluralities of raw vulnerabilities that are uncorrected vulnerabilities.
  - 21. The method of claim 20, further comprising comparing the metrics of one company with metrics of companies in the same industry.

22. A method of generating a report comprising:
- specifying an attack;
  
  ascertaining an attack footprint, wherein detection of the attack footprint by a collective device indicates at least a likelihood that the attack has been executed;
  
  estimating an activity level for the attack among computing devices connected to a network based on prevalence of attack footprints on the network;
  
  creating a report including the estimated activity level for the specified attack;
  
  transmitting the report to a report recipient, wherein the system of the report recipient is vulnerable to the specified attack.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22, wherein the activity level for a specified attack among computing devices connected to the Internet includes frequency of attempts and frequency of successes for the specified attack.
  - 24. The method of claim 22, wherein the activity level for a specified attack among computing devices connected to the Internet is based at least partially on analysis of information obtained via collective devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Achilles Guard, Inc. (Alert Logic Incorporated)
Original Assignee
Achilles Guard, Inc. (Alert Logic Incorporated)
Inventors
Schuyver, Joey Don Van, Bunker, Eva Elizabeth, Laizerovich, David, Bunker, Nelson Waldo V

Application Number

US10/150,325
Publication Number

US 20030056116A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 43/00 Arrangements for monitoring...

H04L 63/1433 Vulnerability analysis

Reporter

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

314 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Reporter

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

314 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links