VULNERABILITY AND REMEDIATION DATABASE
First Claim
Patent Images
1. A remediation system, comprising:
- a database comprising a remediation table listing a plurality of remediation techniques; and
a vulnerabilities table listing a plurality of vulnerabilities, each having an identifier, and each being associated with at least one of the plurality of remediation techniques;
wherein a first remediation technique includes application of a software patch, a second remediation technique includes changing a system policy setting, and a third remediation technique includes changing a configuration registry setting;
a query signal comprising a first vulnerability identifier; and
a response signal, automatically generated in response to the query signal that communicates at least one remediation technique associated with a vulnerability that has the first vulnerability identifier.
0 Assignments
0 Petitions
Accused Products
Abstract
Abstract of the Disclosure
A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device’s policy settings, and some that change one of the device’s configuration files or registry.
25 Citations
19 Claims
-
1. A remediation system, comprising:
-
a database comprising a remediation table listing a plurality of remediation techniques; and a vulnerabilities table listing a plurality of vulnerabilities, each having an identifier, and each being associated with at least one of the plurality of remediation techniques; wherein a first remediation technique includes application of a software patch, a second remediation technique includes changing a system policy setting, and a third remediation technique includes changing a configuration registry setting; a query signal comprising a first vulnerability identifier; and a response signal, automatically generated in response to the query signal that communicates at least one remediation technique associated with a vulnerability that has the first vulnerability identifier. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12)
sends the query signal; and receives the response signal.
-
-
6. The system of claim 5, wherein the first computing device has the vulnerability identified by the first vulnerability identifier.
-
7. The system of claim 5, further comprising a second computing device that is a different device from the first computing device, wherein the second computing device has the vulnerability identified by the first vulnerability identifier.
-
8. The system of claim 5, wherein the first computing device implements one or more of the at least one remediation technique associated with the vulnerability that has the first vulnerability identifier.
-
9. The system of claim 1, wherein the first, second, and third remediation techniques are alternative ways to mediate the same vulnerability in the vulnerabilities table.
-
10. The system of claim 1, wherein the first, second, and third remediation techniques each mediate a different vulnerability in the vulnerabilities table.
-
11. The system of claim 1, further comprising:
-
a processor; and a memory encoded with programming instructions executable by the processor to; send the query signal; receive the response signal; and apply the at least one remediation technique communicated by the response signal.
-
-
12. The system of claim 1, wherein the remediation table and the vulnerabilities table are updated in substantially real time based on information received from an update server.
-
2. In a system for remediating computing device vulnerabilities, wherein the system has a list of possible vulnerabilities and applicable remediation techniques, the improvement comprising:
-
a first remediation technique identifies a software patch that remediates a first vulnerability; a second remediation technique identifies a policy change that remediates a second vulnerability; and a third remediation technique identifies configuration registry change that remediates a third vulnerability. - View Dependent Claims (13, 14, 15)
a query signal sent from a first computing device to a vulnerability and remediation database in the system, the query signal comprising a vulnerability identifier for a particular vulnerability; and a response signal sent from the database to the first computing device, the response signal identifying a remediation technique operable to remediate the particular vulnerability identified in the query signal; wherein the first computing device applies the remediation technique described in the response signal.
-
-
14. The system of claim 13, wherein:
-
the first computing device has the vulnerability identified in the query signal; and the remediation technique described in the response signal is applied to the first computing device.
-
-
15. The system of claim 13, wherein:
-
a second computing device has the vulnerability identified in the query signal; and the remediation technique described in the response signal is applied to the second computing device.
-
-
3. An apparatus comprising a database that stores:
-
configuration information for each of a plurality of computing devices connected to a network, where the configuration information includes one or more installed operating system components, software applications, operating system and software patches, and security policy items; a plurality of possible vulnerability exposures; and a plurality of remediation techniques for the possible vulnerability exposures; wherein the configuration information is retrieved from a source that is selected from the group consisting of software agents and a security server. - View Dependent Claims (4, 16, 17, 18, 19)
vulnerabilities to which each of the devices are subject, if any; and one or more remediation techniques operable to mitigate the vulnerabilities.
-
-
16. The apparatus of claim [Claim 3], wherein the software agents execute on each of the plurality of computing devices.
-
17. The apparatus of claim 16, wherein for at least one of the plurality of computing devices, the configuration information is kept current and updated in substantially real-time by the software agent executing on the at least one computing device.
-
18. The apparatus of claim 3, wherein each remediation technique in the plurality of remediation techniques has a remediation type selected from the group consisting of patch, policy setting, and configuration option.
-
19. The apparatus of claim 3, wherein:
-
a query signal is sent to the database from a first computing device in the plurality of computing devices, the query signal identifying a vulnerability to which the first computing device is subject; a response signal is sent from the database to the first computing device, the response signal describing at least one remediation technique for the vulnerability to which the first computing device is subject; and the at least one remediation technique is applied to the first computing device.
-
Specification