Automated Computer Vulnerability Resolution System

US 20050229256A2
Filed: 12/31/2002
Published: 10/13/2005
Est. Priority Date: 12/31/2001
Status: Active Grant

First Claim

Patent Images

1. A method for resolving vulnerabilities in a computer, comprising:

aggregating vulnerability information on a plurality of computer vulnerabilities;

constructing a remediation database of said plurality of computer vulnerabilities; and

constructing a remediation signature to address a computer vulnerability.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Abstract of the Disclosure

A system and process for addressing computer security vulnerabilities. The system and process generally comprise aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; constructing a remediation signature to address the computer vulnerabilities; and deploying said remediation signature to a client computer. The remediation signature essentially comprises a sequence of actions to address a corresponding vulnerability. A managed automated approach to the process is contemplated in which the system is capable of selective deployment of remediation signatures; selective resolution of vulnerabilities; scheduled deployment of remediation signatures; and scheduled scanning of client computers for vulnerabilities.

Citations

128 Claims

1. A method for resolving vulnerabilities in a computer, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of said plurality of computer vulnerabilities; and
  
  constructing a remediation signature to address a computer vulnerability.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising deploying said remediation signature to a client computer.
  - 3. The method of claim 1 wherein a remediation signature comprises a sequence of actions to address a corresponding vulnerability.
  - 4. The method of claim 1 wherein said constructing a remediation database further comprises associating each remediation signature to a corresponding computer vulnerability.
  - 6. The method of claim 2 wherein said deploying said remediation signatures comprises providing remote access to said remediation signatures.
  - 7. The method of claim 2 wherein said deploying said remediation signatures comprises constructing a remediation profile for a client computer to address vulnerabilities on that computer.
  - 8. The method of claim 7 wherein said remediation profile comprises selected remediation signatures for the client computer corresponding to vulnerabilities on the client computer.
  - 9. The method of claim 6 wherein said deploying said remediation signatures further comprises uploading approved remediation signatures to a download server for remote access by client computers or client servers.

5. A method for resolving vulnerabilities in a computer, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities; and
  
  constructing a remediation database of said plurality of computer vulnerabilities;
  
  wherein constructing a remediation database further comprises constructing, testing and approving a remediation signature corresponding to a vulnerability.

10. A method for resolving vulnerabilities in a computer, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of said plurality of computer vulnerabilities;
  
  constructing a remediation signature to address a computer vulnerability; and
  
  deploying said remediation signature to a client computer;
  
  wherein deploying said remediation signatures comprises providing remote access to said remediation signatures;
  
  uploading approved remediation signatures to a download server for remote access by client computers or client servers; and
  
  downloading remediation signatures from said download server to a client server.

11. A method for resolving vulnerabilities in a computer, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of said plurality of computer vulnerabilities;
  
  constructing a remediation signature to address a computer vulnerability; and
  
  deploying said remediation signature to a client computer;
  
  wherein said deploying said remediation signatures comprises managing vulnerability resolution.
- View Dependent Claims (12, 13, 14, 15, 111)
- - 12. The method of claim 11 wherein said managing vulnerability resolution comprises selective deployment of remediation signatures.
  - 13. The method of claim 11 wherein said managing vulnerability resolution comprises selective resolution of vulnerabilities.
  - 14. The method of claim 11 wherein said managing vulnerability resolution comprises scheduled scanning of client computers for vulnerabilities.
  - 15. The method of claim 11 wherein said managing vulnerability resolution comprises scheduled deployment of remediation signatures.
  - 111. The method of claim 11 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.

16. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability.
- View Dependent Claims (17, 18, 19, 20, 23, 24, 25, 32, 35, 36)
- - 17. The system of claim 16 further comprising a download server coupled to said signature module to provide remote access to said remediation signatures.
  - 18. The system of claim 17 further comprising a client server capable of coupling to said download server to access said remediation signatures.
  - 19. The system of claim 18 further comprising a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server.
  - 20. The system of claim 19 wherein said deployment module is capable of constructing a remediation profile for a client computer to address vulnerabilities on that computer.
  - 23. The system of claim 16 wherein said signature module is capable of constructing, testing and approving a remediation signature.
  - 24. The system of claim 17 wherein said download server provides access to approved remediation signatures.
  - 25. The system of claim 17 wherein said remediation signatures are uploaded to said download server.
  - 32. The system of claim 19 wherein said deployment module constructs a remediation profile for each client computer.
  - 35. The system of claim 16 wherein said remediation signature comprises a sequence of actions to address a corresponding vulnerability.
  - 36. The system of claim 18 further comprising a client module coupled to said client server which handles the interfacing of the client server to the download server to access said remediation signatures.

21. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module is capable of constructing a remediation profile for a client computer to address vulnerabilities on that computer; and
  
  , wherein said remediation profile comprises selected remediation signatures for the client computer corresponding to vulnerabilities on the client computer.
- View Dependent Claims (112)
- - 112. The system of claim 21 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.

22. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  wherein said remediation server assigns a remediation signature to each vulnerability.

26. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures, wherein said client server downloads said remediating signatures from said download server.

27. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server, wherein said deployment module allows managed vulnerability resolution.
- View Dependent Claims (28, 29, 30, 31, 113)
- - 28. The system of claim 27 wherein said managed vulnerability resolution comprises selective deployment of remediation signatures.
  - 29. The system of claim 27 wherein said managed vulnerability resolution comprises selective resolution of vulnerabilities.
  - 30. The system of claim 27 wherein said managed vulnerability resolution comprises scheduled scanning of client computers for vulnerabilities.
  - 31. The system of claim 27 wherein said managed vulnerability resolution comprises scheduled deployment of remediation signatures.
  - 113. The system of claim 27 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.

33. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer.
- View Dependent Claims (96, 97, 98, 99)
- - 96. The system of claim 33 further comprising:
97. The system of claim 96, wherein the scanner is an independent scanner and further comprising:
- an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
98. The system of claim 33 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
99. The system of claim 33 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.

34. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation signatures can be selectively included in said remediation profile.
- View Dependent Claims (91, 92, 93, 94, 95, 114, 121, 122)
- - 91. The system of claim 34, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer.
  - 92. The system of claim 91 further comprising:
93. The system of claim 92, wherein the scanner is an independent scanner and further comprising:
- an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
94. The system of claim 91 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
95. The system of claim 91 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
114. The system of claim 34 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
121. The system of claim 114 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
122. The system of claim 121 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.

37. Computer-readable media tangibly embodying a program of instructions executable by a computer to perform a process for resolving vulnerabilities in a computer, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of said plurality of computer vulnerabilities; and
  
  constructing a remediation signature to address a computer vulnerability.
- View Dependent Claims (38)
- - 38. The media of claim 37 wherein the process further comprises deploying said remediation signature to a client computer.

39. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of the plurality of computer vulnerabilities;
  
  constructing at least one remediation signature to address a computer vulnerability; and
  
  deploying at least one remediation signature to at least a portion of the plurality of client computers;
  
  wherein the deploying of the remediation signatures comprises managing vulnerability resolution for the plurality of computers in the network.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 115)
- - 40. The method of claim 39 wherein managing vulnerability resolution comprises selective deployment of remediation signatures.
  - 41. The method of claim 39 wherein managing vulnerability resolution comprises selective resolution of vulnerabilities.
  - 42. The method of claim 39 wherein managing vulnerability resolution comprises scheduled scanning of the plurality of computers in the network for vulnerabilities.
  - 43. The method of claim 39 wherein managing vulnerability resolution comprises scheduled deployment of remediation signatures.
  - 44. The method of claim 40 wherein remediation signatures are approved before deployment and wherein selective deployment of remediation signatures comprises deployment of selected but not all approved remediation signatures.
  - 45. The method of claim 40 wherein remediation signatures are approved before deployment and wherein selective deployment of remediation signatures comprises deployment of a remediation signature to selected but not all of the plurality of computers in the network.
  - 46. The method of claim 41 wherein at least a portion of the plurality of client computers in the network are scanned and vulnerabilities recorded and wherein selective resolution of vulnerabilities comprises resolution of selected but not all of the recorded vulnerabilities.
  - 47. The method of claim 41 wherein at least a portion of the plurality of client computers in the network are scanned and vulnerabilities identified and wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability.
  - 115. The method of claim 39 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.

48. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of the plurality of computer vulnerabilities;
  
  constructing at least one remediation signature to address a computer vulnerability; and
  
  deploying at least one remediation signature to at least a portion of the plurality of client computers;
  
  wherein the deploying of the remediation signatures comprises managing vulnerability resolution for the plurality of computers in the network;
  
  wherein managing vulnerability resolution comprises selective resolution of vulnerabilities;
  
  wherein at least a portion of the plurality of client computers in the network are scanned and vulnerabilities identified and wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability;
  
  wherein scanning and identifying comprises;
  
  using an independent scanner to scan the at least a portion of the plurality of client computers in the network;
  
  importing vulnerabilities on the at least a portion of the plurality of client computers in the network identified by the independent scanner;
  
  and mapping the identified vulnerabilities to corresponding remediation signatures.
- View Dependent Claims (100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 116, 123, 124)
- - 100. The method of claim 48, wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability.
  - 101. The method of claim 48, wherein selective resolution of at least one identified vulnerability comprises resolution of selected but not all of the identified vulnerabilities for which corresponding remediation signatures have been mapped.
  - 102. The method of claim 48 wherein the aggregating of vulnerability information comprises obtaining vulnerability information from at least two security intelligence agents.
  - 103. The method of claim 102 wherein the security intelligence agents comprise a database of information regarding known computer vulnerabilities.
  - 104. The method of claim 102 wherein the security intelligence agents comprise a scanning service.
  - 105. The method of claim 48 wherein constructing a remediation database further comprises associating each remediation signature to a corresponding computer vulnerability.
  - 106. The method of claim 48 wherein constructing a remediation database further comprises constructing, testing and approving a remediation signature corresponding to a vulnerability.
  - 107. The method of claim 48 wherein deploying at least one remediation signature comprises constructing a remediation profile for a client computer to address vulnerabilities on that computer.
  - 108. The method of claim 48 wherein the remediation profile comprises selected remediation signatures for the client computer corresponding to vulnerabilities on the client computer.
  - 109. The method of claim 48 further comprising downloading at least one remediation signature to a client server on the network and wherein deploying at least one remediation signature to at least a portion of the plurality of client computers comprises deploying at least one remediation signature from the client server.
  - 110. The method of claim 109 wherein downloading at least one remediation signature comprises providing remote access to at least one remediation signature by uploading at least one approved remediation signature to a download server for remote access by client servers and subsequently downloading at least one remediation signature from the download server to a client server.
  - 116. The method of claim 48 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
  - 123. The system of claim 116 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 124. The system of claim 123 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.

49. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of the plurality of computer vulnerabilities;
  
  constructing at least one remediation signature to address at least one computer vulnerability;
  
  downloading at least one remediation signature to a client server on the network; and
  
  deploying the remediation signature from the client server to at least a portion of the client computers on the network.
- View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 117)
- - 50. The method of claim 49 wherein downloading at least one remediation signature comprises providing remote access to at least one remediation signature by uploading at least one approved remediation signature to a download server for remote access by client servers and subsequently downloading at least one remediation signature from the download server to a client server.
  - 51. The method of claim 49 wherein the aggregating of vulnerability information comprises obtaining vulnerability information from at least one security intelligence agent.
  - 52. The method of claim 50 wherein the security intelligence agent comprises a database of information regarding known computer vulnerabilities.
  - 53. The method of claim 50 wherein the security intelligence agent comprises a scanning service.
  - 54. The method of claim 49 wherein a remediation signature comprises a sequence of actions to address a corresponding vulnerability.
  - 55. The method of claim 49 wherein constructing a remediation database further comprises associating each remediation signature to a corresponding computer vulnerability.
  - 56. The method of claim 49 wherein constructing a remediation database further comprises constructing, testing and approving a remediation signature corresponding to a vulnerability.
  - 57. The method of claim 49 wherein deploying at least one remediation signature comprises constructing a remediation profile for a client computer to address vulnerabilities on that computer.
  - 58. The method of claim 57 wherein the remediation profile comprises selected remediation signatures for the client computer corresponding to vulnerabilities on the client computer.
  - 59. The method of claim 57 further comprising prior to constructing a remediation profile for a client computer:
60. The method of claim 59 wherein constructing a remediation profile comprises mapping the identified vulnerabilities to corresponding remediation signatures.
117. The method of claim 49 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.

61. A system for resolving computer vulnerabilities;
- comprising;
  
  a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database;
  
  a signature module coupled to the remediation server to construct a remediation signature for each vulnerability;
  
  a client server capable of obtaining the remediation signatures;
  
  a deployment module coupled to the client server capable of deploying the remediation signatures to at least one of a plurality of client computers coupled to the client server for resolving corresponding vulnerabilities on the client computers.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 118)
- - 62. The system of claim 61 wherein obtaining the remediation signatures comprises downloading the remediation signatures.
  - 63. The system of claim 62, further comprising a download server coupled to the signature module to provide remote access to the remediation signatures, wherein the client server is capable of coupling to the download server and wherein downloading the remediation signatures comprises downloading the remediation signatures from the download server.
  - 64. The system of claim 61 further comprising a download server coupled to the signature module to provide remote access to the remediation signatures and wherein the client server is capable of coupling to the download server.
  - 65. The system of claim 61 wherein the deployment module is capable of constructing a remediation profile for a client computer to address vulnerabilities on that computer.
  - 66. The system of claim 61 wherein the security intelligence agent comprises a database of information regarding known computer vulnerabilities.
  - 67. The system of claim 61 wherein the security intelligence agent comprises a scanning service.
  - 68. The system of claim 61 further comprising an import module which automatically imports the vulnerability information from the security intelligence agent into the remediation server for aggregation.
  - 69. The system of claim 68 wherein the import module automatically imports the vulnerability information from a plurality of security intelligence agents.
  - 70. The system of claim 61 wherein the remediation server assigns a remediation signature to each vulnerability.
  - 71. The system of claim 61 wherein the signature module is capable of constructing, testing and approving a remediation signature.
  - 72. The system of claim 61 wherein the download server provides access to approved remediation signatures.
  - 73. The system of claim 72 wherein the remediation signatures are uploaded to the download server.
  - 118. The system of claim 61 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.

74. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of the plurality of computer vulnerabilities;
  
  constructing at least one remediation signature to address a computer vulnerability;
  
  using a scanner to scan at least a portion of the plurality of client computers in the network;
  
  recording vulnerabilities identified by the scanner on the scanned portion of the plurality of client computers in the network;
  
  mapping the identified vulnerabilities to corresponding remediation signatures;
  
  managing vulnerability resolution by selectively resolving at least one identified vulnerability on at least a selected portion of the scanned portion of the plurality of client computers by deploying at least one remediation signature to the selected portion of the scanned portion of the plurality of client computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of client computers.
- View Dependent Claims (75, 76, 77, 119, 125, 126)
- - 75. The method of claim 74, wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability.
  - 76. The method of claim 74 wherein selective resolution of at least one identified vulnerability comprises resolution of selected but not all of the identified vulnerabilities for which corresponding remediation signatures have been mapped.
  - 77. The method of claim 74 wherein the scanner is an independent scanner and wherein recording vulnerabilities comprises importing vulnerabilities from the independent scanner.
  - 119. The system of claim 74 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
  - 125. The system of claim 119 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 126. The system of claim 125 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.

78. A system for resolving computer vulnerabilities comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct remediation signatures, each remediation signature corresponding to a vulnerability;
  
  a client server capable of receiving said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise remediation signatures to resolve vulnerabilities on said corresponding client computers.

79. A system for resolving computer vulnerabilities comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct remediation signatures, each remediation signature corresponding to a vulnerability;
  
  a client server capable of receiving said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation signatures can be selectively included in said remediation profiles.
- View Dependent Claims (80, 81, 82, 83, 84)
- - 80. The system of claim 79 wherein said remediation profiles comprise remediation signatures to resolve vulnerabilities on said corresponding client computers.
  - 81. The system of claim 80 further comprising:
82. The system of claim 81, wherein the scanner is an independent scanner and further comprising:
- an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
83. The system of claim 80 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
84. The system of claim 80 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.

85. A system for resolving computer vulnerabilities in a plurality of computers on a network comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct remediation signatures, each remediation signature corresponding to a vulnerability;
  
  a client server capable of receiving said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a selection of client computers coupled to said client server;
  
  wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise selectively included remediation signatures to resolve vulnerabilities on said corresponding client computers.
- View Dependent Claims (86, 87, 88, 89, 90, 120, 127, 128)
- - 86. The system of claim 85 further comprising:
87. The system of claim 86, wherein the scanner is an independent scanner and further comprising:
- an import module coupled to the client server capable of importing the identified vulnerabilities for the client computers.
88. The system of claim 85 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
89. The system of claim 85 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
90. The system of claim 85 further comprising:
- a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  wherein the client server is capable of coupling to said download server to receive said remediation signatures.
120. The system of claim 85 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
127. The system of claim 120 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
128. The system of claim 127 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Citadel Security Software Incorporated (Green Energy Management Services Holdings, Inc.)
Inventors
Banzhof, Carl E.

Granted Patent

US 7,000,247 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/12   Applying verification of th...

H04L 63/1433   Vulnerability analysis

Automated Computer Vulnerability Resolution System

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

128 Claims

Specification

Solutions

Use Cases

Quick Links

Automated Computer Vulnerability Resolution System

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

128 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links