Systems and methods for performing risk analysis

US 20060195905A1
Filed: 10/19/2005
Published: 08/31/2006
Est. Priority Date: 02/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing a network element, comprising:

assigning values to each of a plurality of vulnerabilities;

identifying at least one vulnerability associated with the network element; and

generating a risk indicator for the network element based on an assigned value associated with the at least one identified vulnerability.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for analyzing a network element may include assigning values to each of a plurality of vulnerabilities. The method may also include identifying a vulnerability associated with the network element and generating a risk indicator for the network element based on the assigned value associated with the identified vulnerability.

Citations

28 Claims

1. A method for analyzing a network element, comprising:
- assigning values to each of a plurality of vulnerabilities;
  
  identifying at least one vulnerability associated with the network element; and
  
  generating a risk indicator for the network element based on an assigned value associated with the at least one identified vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the generating a risk indicator for the network element comprises:
    - performing an operation on values associated with each of a plurality of identified vulnerabilities associated with the network element.
  - 3. The method of claim 1, further comprising:
    - displaying the risk indicator at a user device.
  - 4. The method of claim 1, further comprising:
    - monitoring a plurality of network elements;
      
      generating a risk indicator for each of the network elements, the risk indicator representing a relative risk level associated with the corresponding network element; and
      
      providing the risk indicator for each of the network elements to a user device for display.
  - 5. The method of claim 4, further comprising:
    - prioritizing risk associated with the plurality of network elements based on the risk indicators.
  - 6. The method of claim 4, wherein the monitoring comprises:
    - scanning the plurality of network elements to identify vulnerabilities, the vulnerabilities representing potential points of attack.
  - 7. The method of claim 1, further comprising:
    - determining whether action is required with respect to the network element based on the risk indicator.
  - 8. The method of claim 7, further comprising:
    - automatically performing a remedial action with respect to the network element when the determining determines that action is required.
  - 9. The method of claim 8, wherein the remedial action comprises:
    - quarantining or preventing access to the network element.
  - 10. The method of claim 1, wherein the risk indicator comprises a numerical score.

11. A method, comprising:
- providing an interface to a user device, the interface including options associated with monitoring network devices;
  
  receiving an input from the user device;
  
  identifying at least one network element in response to the input;
  
  generating a risk indicator associated with the at least one network device, the risk indicator representing a relative risk associated with the at least one network device; and
  
  providing the risk indicator to the user device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising:
    - receiving login information from the user device; and
      
      identifying access privileges based on the login information, wherein the providing an interface comprises;
      
      providing options based on the identified access privileges.
  - 13. The method of claim 11, wherein the generating a risk indicator comprises:
    - identifying vulnerabilities associated with the network element, and generating a risk indicator for the at least one network element based on values associated with the identified vulnerabilities.
  - 14. The method of claim 13, further comprising:
    - storing information representing exceptions to security rules associated with the at least one network element, wherein the generating a risk indicator further comprises;
      
      accessing the stored information to generate the risk indicator.
  - 15. The method of claim 13, wherein the generating a risk indicator further comprises:
    - generating a numerical score.
  - 16. The method of claim 13, wherein the generating a risk indicator further comprises:
    - generating at least one of a high, medium or low indicator or generating a letter grade.
  - 17. The method of claim 11, further comprising:
    - monitoring the at least one network element to identify vulnerabilities with respect to potential points of attack, each of the identified vulnerabilities having an assigned value.
  - 18. The method of claim 17, wherein the assigned values are based on at least one a function associated with the at least one network element or a location of the at least one network element.

19. A system, comprising:
- a memory configured to;
  
  store values associated with a plurality of network-related vulnerabilities; and
  
  a processing device configured to;
  
  receive information corresponding to identified vulnerabilities associated with a first network device, access the memory to determine values associated with the identified vulnerabilities, and generate a risk level indicator for the first network device based on values associated with the identified vulnerabilities.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The system of claim 19, wherein the memory is further configured to:
    - store information representing exceptions to security rules, wherein when generating a risk level indicator, the processing device is further configured to;
      
      access the memory to determine whether an exception exists with respect to any of the identified vulnerabilities associated with the first network device.
  - 21. The system of claim 19, wherein the processing device is further configured to:
    - forward the risk level indicator to a user device for display.
  - 22. The system of claim 19, wherein the processing device is further configured to:
    - provide an interface to a user device, the interface including options associated with monitoring network devices, receive an input from the user device, identify at least one network element in response to the input, generate a risk level indicator associated with the at least one network device, and provide the risk level indicator to the user device.
  - 23. The system of claim 22, wherein the processing device is further configured to:
    - identify access privileges associated with the user device based on login information provided by the user device and when providing an interface, the processing device is configured to;
      
      provide options based on the identified access privileges.
  - 24. The system of claim 19, wherein the processing device is further configured to:
    - scan the first network device to identify whether any open ports exist on the first network device.
  - 25. The system of claim 19, wherein the risk level indicator comprises a numerical score or a grade.

26. A system for performing risk analysis for a network element, comprising:
- means for storing values associated with each of a plurality of vulnerabilities;
  
  means for identifying at least one of the plurality of vulnerabilities associated with the network element; and
  
  means for generating a risk indicator for the network element based on the stored value associated with the at least one identified vulnerability.
- View Dependent Claims (27, 28)
- - 27. The system of claim 26, wherein the means for identifying comprises:
    - means for scanning the network element to identify vulnerabilities, the vulnerabilities representing potential points of attack.
  - 28. The system of claim 26, further comprising:
    - means for determining whether action is required with respect to the network element based on the risk indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ebates Performance Marketing, Inc. (Rakuten Group, Inc.)
Original Assignee
MCI Incorporated (Verizon Communications Inc.)
Inventors
Fudge, Robert T.

Granted Patent

US 7,962,960 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 11/008   Reliability or availability...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Systems and methods for performing risk analysis

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for performing risk analysis

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links