Automated Computer Vulnerability Resolution System
First Claim
1. A method for resolving vulnerabilities in a computer, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
constructing a remediation database of said plurality of computer vulnerabilities; and
constructing a remediation signature to address a computer vulnerability.
12 Assignments
0 Petitions
Accused Products
Abstract
Abstract of the Disclosure
A system and process for addressing computer security vulnerabilities. The system and process generally comprise aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; constructing a remediation signature to address the computer vulnerabilities; and deploying said remediation signature to a client computer. The remediation signature essentially comprises a sequence of actions to address a corresponding vulnerability. A managed automated approach to the process is contemplated in which the system is capable of selective deployment of remediation signatures; selective resolution of vulnerabilities; scheduled deployment of remediation signatures; and scheduled scanning of client computers for vulnerabilities.
-
Citations
128 Claims
-
1. A method for resolving vulnerabilities in a computer, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; and constructing a remediation signature to address a computer vulnerability. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
-
-
5. A method for resolving vulnerabilities in a computer, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; and constructing a remediation database of said plurality of computer vulnerabilities; wherein constructing a remediation database further comprises constructing, testing and approving a remediation signature corresponding to a vulnerability.
-
-
10. A method for resolving vulnerabilities in a computer, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities;
constructing a remediation signature to address a computer vulnerability; anddeploying said remediation signature to a client computer;
wherein deploying said remediation signatures comprises providing remote access to said remediation signatures;
uploading approved remediation signatures to a download server for remote access by client computers or client servers; and
downloading remediation signatures from said download server to a client server.
-
-
11. A method for resolving vulnerabilities in a computer, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities;
constructing a remediation signature to address a computer vulnerability; anddeploying said remediation signature to a client computer;
wherein said deploying said remediation signatures comprises managing vulnerability resolution.- View Dependent Claims (12, 13, 14, 15, 111)
-
-
16. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability. - View Dependent Claims (17, 18, 19, 20, 23, 24, 25, 32, 35, 36)
- comprising;
-
21. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server; wherein said deployment module is capable of constructing a remediation profile for a client computer to address vulnerabilities on that computer; and
,wherein said remediation profile comprises selected remediation signatures for the client computer corresponding to vulnerabilities on the client computer. - View Dependent Claims (112)
- comprising;
-
22. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
wherein said remediation server assigns a remediation signature to each vulnerability.
- comprising;
-
26. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures, wherein said client server downloads said remediating signatures from said download server.
- comprising;
-
27. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server, wherein said deployment module allows managed vulnerability resolution. - View Dependent Claims (28, 29, 30, 31, 113)
- comprising;
-
33. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer.- View Dependent Claims (96, 97, 98, 99)
a scanner capable of scanning said client computer to identify vulnerabilities; a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures; wherein said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
- comprising;
-
97. The system of claim 96, wherein the scanner is an independent scanner and further comprising:
an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
-
98. The system of claim 33 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
-
99. The system of claim 33 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
-
34. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation signatures can be selectively included in said remediation profile.- View Dependent Claims (91, 92, 93, 94, 95, 114, 121, 122)
a scanner capable of scanning said client computer to identify vulnerabilities; a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures; wherein said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
- comprising;
-
93. The system of claim 92, wherein the scanner is an independent scanner and further comprising:
an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
-
94. The system of claim 91 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
-
95. The system of claim 91 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
-
114. The system of claim 34 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
-
121. The system of claim 114 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
-
122. The system of claim 121 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
-
37. Computer-readable media tangibly embodying a program of instructions executable by a computer to perform a process for resolving vulnerabilities in a computer, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; and
constructing a remediation signature to address a computer vulnerability.- View Dependent Claims (38)
-
-
39. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of the plurality of computer vulnerabilities;
constructing at least one remediation signature to address a computer vulnerability; anddeploying at least one remediation signature to at least a portion of the plurality of client computers;
wherein the deploying of the remediation signatures comprises managing vulnerability resolution for the plurality of computers in the network.- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 115)
-
-
48. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of the plurality of computer vulnerabilities;
constructing at least one remediation signature to address a computer vulnerability; anddeploying at least one remediation signature to at least a portion of the plurality of client computers;
wherein the deploying of the remediation signatures comprises managing vulnerability resolution for the plurality of computers in the network;wherein managing vulnerability resolution comprises selective resolution of vulnerabilities; wherein at least a portion of the plurality of client computers in the network are scanned and vulnerabilities identified and wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability; wherein scanning and identifying comprises; using an independent scanner to scan the at least a portion of the plurality of client computers in the network; importing vulnerabilities on the at least a portion of the plurality of client computers in the network identified by the independent scanner; and mapping the identified vulnerabilities to corresponding remediation signatures. - View Dependent Claims (100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 116, 123, 124)
-
-
49. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of the plurality of computer vulnerabilities;
constructing at least one remediation signature to address at least one computer vulnerability;downloading at least one remediation signature to a client server on the network; and deploying the remediation signature from the client server to at least a portion of the client computers on the network. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 117)
using an independent scanner to scan the client computer; and
,importing vulnerabilities on the client computer identified by the independent scanner.
-
-
60. The method of claim 59 wherein constructing a remediation profile comprises mapping the identified vulnerabilities to corresponding remediation signatures.
-
117. The method of claim 49 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
-
61. A system for resolving computer vulnerabilities;
- comprising;
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database; a signature module coupled to the remediation server to construct a remediation signature for each vulnerability; a client server capable of obtaining the remediation signatures; a deployment module coupled to the client server capable of deploying the remediation signatures to at least one of a plurality of client computers coupled to the client server for resolving corresponding vulnerabilities on the client computers. - View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 118)
- comprising;
-
74. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of the plurality of computer vulnerabilities;
constructing at least one remediation signature to address a computer vulnerability;using a scanner to scan at least a portion of the plurality of client computers in the network; recording vulnerabilities identified by the scanner on the scanned portion of the plurality of client computers in the network; mapping the identified vulnerabilities to corresponding remediation signatures; managing vulnerability resolution by selectively resolving at least one identified vulnerability on at least a selected portion of the scanned portion of the plurality of client computers by deploying at least one remediation signature to the selected portion of the scanned portion of the plurality of client computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of client computers. - View Dependent Claims (75, 76, 77, 119, 125, 126)
-
-
78. A system for resolving computer vulnerabilities comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct remediation signatures, each remediation signature corresponding to a vulnerability; a client server capable of receiving said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise remediation signatures to resolve vulnerabilities on said corresponding client computers.
-
-
79. A system for resolving computer vulnerabilities comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct remediation signatures, each remediation signature corresponding to a vulnerability; a client server capable of receiving said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation signatures can be selectively included in said remediation profiles.- View Dependent Claims (80, 81, 82, 83, 84)
a scanner capable of scanning said client computer to identify vulnerabilities; a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures; wherein said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
-
-
82. The system of claim 81, wherein the scanner is an independent scanner and further comprising:
an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
-
83. The system of claim 80 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
-
84. The system of claim 80 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
-
85. A system for resolving computer vulnerabilities in a plurality of computers on a network comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct remediation signatures, each remediation signature corresponding to a vulnerability; a client server capable of receiving said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a selection of client computers coupled to said client server;
wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise selectively included remediation signatures to resolve vulnerabilities on said corresponding client computers.- View Dependent Claims (86, 87, 88, 89, 90, 120, 127, 128)
a scanner capable of scanning a portion of the plurality of client computers on the network to identify vulnerabilities on each of the scanned client computers; a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures; wherein each said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
-
-
87. The system of claim 86, wherein the scanner is an independent scanner and further comprising:
an import module coupled to the client server capable of importing the identified vulnerabilities for the client computers.
-
88. The system of claim 85 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
-
89. The system of claim 85 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
-
90. The system of claim 85 further comprising:
-
a download server coupled to said signature module to provide remote access to said remediation signatures; wherein the client server is capable of coupling to said download server to receive said remediation signatures.
-
-
120. The system of claim 85 wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer.
-
127. The system of claim 120 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
-
128. The system of claim 127 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
- service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
Specification