Method to provide customized vulnerability information to a plurality of organizations
First Claim
1. A computer security vulnerability remediation system, comprising:
- a. a plurality of Enterprise Servers attached to a plurality of organizations'"'"' networks;
b. a plurality of vendors that supply vulnerability information;
c. a collocation facility coupled to the plurality of Enterprise Servers and coupled to the plurality of vendors; and
d. wherein the collocation facility receives vulnerability information from at least one vendor related to at least one organization'"'"'s network, receives a Client Master File from at least one Enterprise Server, correlates the vulnerability information to the Client Master File, and sends the correlated vulnerability information to the Enterprise Server.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a means of providing computer security vulnerability information to a plurality of organizations such that the vulnerability information provided to each organization is customized to its network environment. Each organization has an Enterprise Server. An asset management module in each organization'"'"'s Enterprise Servers sends device configuration information to a system at a Co-Location Facility. The Co-Location Facility system aggregates this data. Information concerning vulnerabilities is also gathered from computer equipment vendors on an ongoing basis. This vulnerability information is compared to the aggregated data from the organizations'"'"' Enterprise Servers, and only the vulnerability information relevant to each organization is delivered back to that organization. The delivered information is then used to customize the vulnerability assessment and management activities, including scanning, for each organization such that their activities are limited to vulnerabilities that are directly related to their environment.
53 Citations
3 Claims
-
1. A computer security vulnerability remediation system, comprising:
-
a. a plurality of Enterprise Servers attached to a plurality of organizations'"'"' networks;
b. a plurality of vendors that supply vulnerability information;
c. a collocation facility coupled to the plurality of Enterprise Servers and coupled to the plurality of vendors; and
d. wherein the collocation facility receives vulnerability information from at least one vendor related to at least one organization'"'"'s network, receives a Client Master File from at least one Enterprise Server, correlates the vulnerability information to the Client Master File, and sends the correlated vulnerability information to the Enterprise Server.
-
-
2. A method to provide customized vulnerability information to an organization, comprising:
-
a. collecting information at an Enterprise Servers to create a Client Master File;
b. sending the client master file to a collocation facility c. receiving the client master file at the collocation facility;
d. obtaining vulnerability information from one or more vendors;
e. correlating the vulnerability information to information in the client master file; and
f. sending the correlated vulnerability information to the Enterprise Server.
-
-
3. A method to provide customized vulnerability information to two organizations with different vulnerabilities, comprising:
-
a. collecting information at a first Enterprise Server to create a first Client Master File of a first organization'"'"'s network;
b. collecting information at a second Enterprise Server to create a second Client Master File of a second organization'"'"'s network;
c. sending the first client master file to a collocation facility d. sending the second client master file to the collocation facility;
e. receiving the first client master file at the collocation facility;
f. receiving the second client master file at the collocation facility;
g. obtaining vulnerability information from one or more vendors;
h. correlating the vulnerability information to information in the first client master file to create a first set of correlated vulnerability information;
i. correlating the vulnerability information to information in the second client master file to create a second set of correlated vulnerability information;
j. sending the first set of correlated vulnerability information to the first Enterprise Server; and
k. sending the second set of correlated vulnerability information to the second Enterprise Server.
-
Specification