MULTIPLE-PATH REMEDIATION

US 20070113100A2
Filed: 07/01/2004
Published: 05/17/2007
Est. Priority Date: 07/01/2003
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a database associating a plurality of device vulnerabilities to which computing devices can be subject, each vulnerability having a vulnerability identifier, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities;

such that;

each of the device vulnerabilities is associated with at least one remediation technique;

each remediation technique associated with a particular device vulnerability remediates that particular vulnerability;

each remediation technique has a remediation type selected from the type group consisting of patch, policy setting, and configuration option; and

a first one of the device vulnerabilities is associated with at least two remediation techniques;

a query signal comprising the vulnerability identifier for the first one of the device vulnerabilities; and

a response signal, automatically generated in response to the query signal, that describes the at least two remediation techniques.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user'"'"'s selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.

Citations

27 Claims

1. A system, comprising:
- a database associating a plurality of device vulnerabilities to which computing devices can be subject, each vulnerability having a vulnerability identifier, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities;
  
  such that;
  
  each of the device vulnerabilities is associated with at least one remediation technique;
  
  each remediation technique associated with a particular device vulnerability remediates that particular vulnerability;
  
  each remediation technique has a remediation type selected from the type group consisting of patch, policy setting, and configuration option; and
  
  a first one of the device vulnerabilities is associated with at least two remediation techniques;
  
  a query signal comprising the vulnerability identifier for the first one of the device vulnerabilities; and
  
  a response signal, automatically generated in response to the query signal, that describes the at least two remediation techniques.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising a user interface that:
    - offers the at least two remediation techniques for selection by a user;
      
      accepts a selection by the user of at least one of the at least two remediation techniques; and
      
      applies the selected at least one of the at least two remediation techniques.
  - 3. The system of claim 1, further comprising:
    - a processor; and
      
      a memory encoded with programming instructions executable by the processor to;
      
      receive the response signal;
      
      automatically select one of the at least two remediation techniques; and
      
      apply the selected remediation technique.
  - 4. The system of claim 3, wherein:
    - each of the at least two remediation techniques has a remediation type; and
      
      the automatic selecting is based on the remediation type of each of the at least two remediation techniques.
  - 5. The system of claim 3, wherein the automatic selecting is based on input from a user that is acquired before the response signal is received.
  - 6. The system of claim 3, wherein the automatic selecting is based on input from a user that is acquired after the response signal is received.

7. A method, comprising:
- providing a database that associates a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities, wherein;
  
  each vulnerability has a vulnerability identifier;
  
  each vulnerability is associated with at least one remediation technique operable to remediate that particular vulnerability; and
  
  each remediation technique has a remediation type selected from the group consisting of patch, policy setting, and configuration option;
  
  transmitting a query signal comprising the vulnerability identifier for a first device vulnerability; and
  
  transmitting a response signal, automatically generated in response to the query signal, that describes at least two remediation techniques associated with the first device vulnerability.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, further comprising:
    - offering the at least two remediation techniques for selection by a user via a user interface; and
      
      accepting a selection by the user of at least one of the at least two remediation techniques via the user interface.
  - 9. The method of claim 7, further comprising providing a computing device including:
    - a processor; and
      
      memory encoded with programming instructions executable by the processor to;
      
      receive the response signal;
      
      automatically select one of the at least two remediation techniques; and
      
      apply the selected remediation technique.
  - 10. The method of claim 9, wherein:
    - each of the at least two remediation techniques has a remediation type; and
      
      the automatic selecting is based on the remediation types of the at least two remediation techniques.
  - 11. The method of claim 9, wherein the automatic selecting is based on input from a user.

12. A method of managing one or more computing devices, comprising:
- maintaining a table that;
  
  contains a plurality of vulnerabilities to which the computing devices might be vulnerable;
  
  contains a plurality of remediation techniques, each selected from the group consisting of patches, configuration settings, and policy settings; and
  
  associates each vulnerability with one or more remediation techniques that are effective to protect at least one of the computing devices from the vulnerability, in which a first vulnerability in the plurality of vulnerabilities is associated with both a first remediation technique and a second remediation technique;
  
  identifying a computing device that is vulnerable to the first vulnerability;
  
  presenting the first remediation technique and the second remediation technique to a user as options via a user interface;
  
  accepting user input via the user interface, wherein the user input selects at least one of the first remediation technique and the second remediation technique; and
  
  automatically implementing the at least one selected remediation technique.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the accepting occurs before the identifying.
  - 14. The method of claim 12, wherein the accepting occurs after the identifying.

15. A system, including:
- a processor; and
  
  software running on the processor that;
  
  maintains a list of vulnerabilities to which a computer might be vulnerable;
  
  maintains a collection of remediation techniques that collectively remediate all of the vulnerabilities on the list; and
  
  keeps track of one or more remediation techniques that remediate each vulnerability on the list, wherein a first particular vulnerability on the list might be remediated by either a first remediation technique or a second remediation technique.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the software also:
    - receives a query signal that identifies the first particular vulnerability; and
      
      automatically sends a response signal that is responsive to the query signal and identifies the first remediation technique and the second remediation technique.
  - 17. The system of claim 16, further comprising a computer that:
    - sends the query signal to the processor;
      
      receives the response signal; and
      
      implements the first remediation technique.
  - 18. The system of claim 15, wherein the software also:
    - receives a query signal that identifies the first particular vulnerability;
      
      automatically selects a remediation technique from the first remediation technique and the second remediation technique; and
      
      automatically sends a response signal that identifies the selected remediation technique.
  - 19. The system of claim 18, wherein the automatic selection is based on a predetermined selection rule provided by a user.
  - 20. The system of claim 15, wherein the software also updates the list and the collection based on information received from an update server.

21. An apparatus, comprising a device encoded with logic executable by one or more processors to manage one or more computing devices by associating a plurality of device vulnerabilities, to which the computing devices can be subject, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities, wherein:
- each vulnerability has a vulnerability identifier and is associated with at least one remediation technique;
  
  each remediation technique has a remediation type selected from the group consisting of patch, policy setting, and configuration option;
  
  a first one of the device vulnerabilities is associated with at least two remediation techniques;
  
  a query signal is sent to the device, the query signal comprising the vulnerability identifier for the first one of the device vulnerabilities; and
  
  a response signal is sent from the device, the response signal being automatically generated in response to the query signal.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The apparatus of claim 21, wherein the response signal describes the at least two remediation techniques.
  - 23. The apparatus of claim 22, wherein a user interface is operable to:
    - offer the at least two remediation techniques to a user; and
      
      accept a selection by the user of at least one of the at least two remediation techniques.
  - 24. The apparatus of claim 23, wherein the logic is further executable by the one or more processors to apply the selected remediation technique.
  - 25. The apparatus of claim 22, wherein a first computing device includes a processor and a memory encoded with programming instructions executable by the processor to:
    - receive the response signal;
      
      select automatically one of the at least two remediation techniques; and
      
      apply the selected remediation technique.
  - 26. The apparatus of claim 21, wherein:
    - the device automatically selects one of the at least two remediation techniques; and
      
      the response signal identifies the selected remediation technique.
  - 27. The apparatus of claim 26, wherein the automatic selection is based on a predetermined selection rule provided by a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett

Granted Patent

US 8,266,699 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/57   Certifying or maintaining t...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

MULTIPLE-PATH REMEDIATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

MULTIPLE-PATH REMEDIATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links