System and method for providing remediation management

US 20060010497A1
Filed: 05/20/2005
Published: 01/12/2006
Est. Priority Date: 05/21/2004
Status: Active Grant

First Claim

Patent Images

1. Software for remediation management, the software operable to:

automatically identify an asset in an enterprise network upon entrance of the asset to the enterprise network; and

automatically identify one or more vulnerabilities of the identified asset by comparing the identified asset to content, at least a portion of the content collected from a plurality of third party content providers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, software for remediation management is operable to automatically identify an asset in an enterprise network. One or more vulnerabilities of the identified asset is automatically identified based on comparing the identified asset to content associated with the one or more vulnerabilities. At least a portion of the content is collected from a plurality of third party content providers. Other example software for remediation management may be operable to identify one or more vulnerabilities of an asset based on comparing the asset to content associated with the one or more vulnerabilities and automatically generate remediations for the asset based on the content associated with the one or more vulnerabilities.

Citations

38 Claims

1. Software for remediation management, the software operable to:
- automatically identify an asset in an enterprise network upon entrance of the asset to the enterprise network; and
  
  automatically identify one or more vulnerabilities of the identified asset by comparing the identified asset to content, at least a portion of the content collected from a plurality of third party content providers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The software of claim 1, the software further operable to automatically update the identified asset based on the content associated with the one or more identified vulnerabilities.
  - 3. The software of claim 2, wherein a configuration setting of the asset is updated.
  - 4. The software of claim 2, wherein a component of the asset is updated.
  - 5. The software of claim 1, the software further operable to:
    - automatically generate a profile of the identified asset, the profile comprising information associated with configuration settings and at least one component of the asset; and
      
      automatically identify one or more vulnerabilities of the identified asset based on comparing the profile of the identified asset to content associated with the one or more vulnerabilities.
  - 6. The software of claim 5, further operable to:
    - receive information associated with the identified asset;
      
      automatically update the profile associated with the identified asset based on the received information; and
      
      automatically identify one or more vulnerabilities of the identified asset based on comparing the updated profile to content associated with the one or more vulnerabilities, the content operable to update the identified asset.
  - 7. The software of claim 6, wherein the information is received from a hidden agent running on the identified asset.
  - 8. The software of claim 1, wherein the software operable to automatically identify one or more vulnerabilities of the identified asset based on comparing the identified asset to content comprises software operable to:
    - automatically identify one or more components of the identified asset;
      
      automatically transmit a request to a server that manages the content for content associated with the identified vulnerabilities, the request comprising information associated with configuration settings of the asset and the one or more identified components; and
      
      receive content associated with the identified asset, the content operable to update the identified asset.
  - 9. The software of claim 1, the software further operable to automatically generate a remediation task list associated with the identified asset in response to identifying the one or more vulnerabilities, the remediation task list comprising a plurality of remediations, each remediation comprising the particular content and an asset identifier.
  - 10. The software of claim 1, the content comprising one of a script, a release, a link, a patch, and a configuration setting.
  - 11. The software of claim 1, the portion of content collected from third party content providers comprising content collected from a vendor, a research security firm, a Usenet group, and an original equipment manufacturer.
  - 12. The software of claim 1, further operable to:
    - automatically identify a plurality of assets communicably coupled with the enterprise network;
      
      associate a subset of the plurality of assets as a group based on a subset of a plurality of asset characteristics;
      
      automatically identify one or more vulnerabilities associated with the group based on comparing the subset of asset characteristics to the content; and
      
      communicate the respective content to the group based on the one or more identified vulnerabilities.

13. Software for remediation management, the software operable to:
- identify one or more vulnerabilities of an asset based on comparing the asset to local stored content, the asset communicably coupled to an enterprise network and at least a portion of the content collected from a plurality of third party content providers;
  
  automatically generate one or more remediations for the asset based on the content associated with the one or more vulnerabilities; and
  
  communicate the generated remediations to the asset.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The software of claim 13, further operable to automatically update the asset using the remediations while prohibiting end user intervention.
  - 15. The software of claim 14, wherein a configuration setting of the asset is updated.
  - 16. The software of claim 14, wherein firmware of a component of the asset is updated.
  - 17. The software of claim 13, the software operable to identify one or more vulnerabilities of the identified asset by comparing a pre-generated profile of the particular asset to the content, the profile identifying a plurality configuration settings, software versions, and at least one hardware component of the asset.
  - 18. The software of claim 17, further operable to update the profile of the asset based on information received from the asset upon entrance into the enterprise network.
  - 19. The software of claim 13, further operable to automatically generate a remediation task list associated with the asset, the task list including the generated remediations.
  - 20. The software of claim 19, further operable to:
    - display the remediation task list to an administrator of the software; and
      
      in response to the administrator selecting a plurality of remediations for a particular asset, automatically bundle the plurality of selected remediations into an update bundle;
      
      wherein the software operable to communicate the general remediations comprises software operable to communicate the update bundle to the asset; and
      
      the software is further operable to automatically update the asset using the update bundle.
  - 21. The software of claim 19, each remediation associated with a risk level, the software further operable to:
    - identify a risk threshold associated with the asset; and
      
      in response to a risk level of a remediation violating the risk threshold, automatically update the asset based on the remediation while prohibiting end user intervention.
  - 22. The software of claim 13, the content comprising one of a script, a release, a link, a patch, and a configuration setting.
  - 23. The software of claim 13, the portion of content collected from third parties comprising content collected from a vendor, a research security firm, a Usenet group, and an original equipment manufacturer.
  - 24. The software of claim 13, further operable to:
    - automatically identify a plurality of assets communicably coupled with the enterprise network;
      
      associate a subset of the plurality of assets as a group based on a subset of a plurality of asset characteristics;
      
      automatically identify one or more vulnerabilities associated with the group based on comparing the subset of asset characteristics to the content; and
      
      communicate the respective content to the group based on the one or more identified vulnerabilities.
  - 25. The software of claim 13, further operable to:
    - poll a remote server that manages content associated with vulnerabilities of assets for content associated with the asset at a configurable period of time; and
      
      update the local content based on content identified at the remote server.

26. A method, comprising:
- identifying one or more vulnerabilities of an asset based on comparing the asset to local stored content, the asset communicably coupled to an enterprise network and at least a portion of the content collected from a plurality of third party content providers;
  
  automatically generating one or more remediations for the asset based on the content associated with the one or more vulnerabilities; and
  
  communicating the generated remediations to the asset.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 27. The method of claim 26, further comprising automatically updating the asset using the remediations while prohibiting end user intervention.
  - 28. The method of claim 27, wherein a configuration setting of the asset is updated.
  - 29. The method of claim 27, wherein firmware of a component of the asset is updated.
  - 30. The method of claim 26, wherein identifying one or more vulnerabilities of the identified asset comprises identifying one or more vulnerabilities of the identified asset by comparing a pre-generated profile of the particular asset to the content, the profile identifying a plurality configuration settings, software versions, and at least one hardware component of the asset.
  - 31. The method of claim 30, further comprising updating the profile of the asset based on information received from the asset upon entrance into the enterprise network.
  - 32. The method of claim 26, further comprising automatically generating a remediation task list associated with the asset, the task list including the generated remediations.
  - 33. The method of claim 32, further comprising:
    - displaying the remediation task list to an administrator of the software; and
      
      in response to the administrator selecting a plurality of remediations for a particular asset, automatically bundling the plurality of selected remediations into an update bundle;
      
      wherein communicating the generated remediations comprises communicating the update bundle to the asset; and
      
      the method further comprising automatically updating the asset using the update bundle.
  - 34. The method of claim 32, each remediation associated with a risk level, comprising:
    - identifying a risk threshold associated with the asset; and
      
      in response to a risk level of a remediation violating the risk threshold, automatically updating the asset based on the remediation while prohibiting end user intervention.
  - 35. The method of claim 26, the content comprising one of a script, a release, a link, a patch, and a configuration setting.
  - 36. The method of claim 26, the portion of content collected from third parties comprising content collected from a vendor, a research security firm, a Usenet group, and an original equipment manufacturer.
  - 37. The method of claim 26, further comprising:
    - automatically identifying a plurality of assets communicably coupled with the enterprise network;
      
      associating a subset of the plurality of assets as a group based on a subset of a plurality of asset characteristics;
      
      automatically identifying one or more vulnerabilities associated with the group based on comparing the subset of asset characteristics to the content; and
      
      communicating the respective content to the group based on the one or more identified vulnerabilities.
  - 38. The method of claim 26, further comprising:
    - polling a remote server that manages content associated with vulnerabilities of assets for content associated with the asset at a configurable period of time; and
      
      updating the local content based on content identified at the remote server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Giubileo, John, Rankin, David C., O'Brien, Darci

Granted Patent

US 7,698,275 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06Q 10/10 Office automation; Time man...

System and method for providing remediation management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing remediation management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links