Risk-Based Vulnerability Assessment, Remediation and Network Access Protection

US 20080201780A1
Filed: 02/20/2007
Published: 08/21/2008
Est. Priority Date: 02/20/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of assessing risk on a client computing device managed in an enterprise by a system administrator, the method comprising:

defining a vulnerability for the client computing device;

defining a level of risk associated with the vulnerability;

assessing the level of risk for the vulnerability on the client machine; and

reporting data regarding the level of risk on the client computing device to the system administrator.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system administrator may define a vulnerability and vulnerability setting for the client machine and may associate a level of risk with the vulnerability. The client may assess the level of risk associated with the vulnerability setting on the client machine and may report data regarding the level of risk to the system administrator.

55 Citations

View as Search Results

20 Claims

1. A method of assessing risk on a client computing device managed in an enterprise by a system administrator, the method comprising:
- defining a vulnerability for the client computing device;
  
  defining a level of risk associated with the vulnerability;
  
  assessing the level of risk for the vulnerability on the client machine; and
  
  reporting data regarding the level of risk on the client computing device to the system administrator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, further comprising creating rules for defining the vulnerability and the level of risk.
  - 3. A method according to claim 2, wherein the rules are defined or selected by the system administrator.
  - 4. A method according to claim 1, further comprising prioritizing the vulnerability or the level of risk relative to other vulnerabilities and levels of risk.
  - 5. A method according to claim 4, wherein the priority is determined before assessing the level of risk for the vulnerability on the client machine.
  - 6. A method according to claim 4, wherein the priority is determined after reporting data regarding the level of risk on the client computing device to the system administrator.
  - 7. A method according to claim 1, wherein the vulnerability is a software based vulnerability, a system setting vulnerability, or a hardware vulnerability.
  - 8. A method according to claim 4, further comprising remediating the risks based on the priority associated with the vulnerability and the level of risk.
  - 9. A method according to claim 8, wherein remediating the risks comprises:
    - fixing the vulnerability by adjusting a vulnerability setting,informing the client computing device to fix the vulnerability by adjusting the vulnerability setting, orapplying a software update or patch or configuration script.
  - 10. A method according to claim 1, further comprising altering the quality of network service available to the client computing device based on the risk level assessment.
  - 11. A method according to claim 10, wherein the quality of network service is altered to prevent the client from accessing the network.

12. One or more computer-readable media comprising executable instructions that, when executed:
- define one or more vulnerability settings, each vulnerability setting based on a vulnerability on a client computing device in an enterprise;
  
  define a level of risk associated with the vulnerability setting;
  
  associate a customized priority with the vulnerability setting and the level of risk, the customized priority for determining the importance of each vulnerability setting relative to other vulnerability settings; and
  
  assess the overall level of risk in the enterprise associated with each vulnerability setting and the customized priority.
- View Dependent Claims (13, 14, 15, 16)
- - 13. One or more computer readable media according to claim 12, further comprising executable instructions that, when executed, direct software to:
    - remediate the risk based on the customized priority associated with the vulnerability setting and the level of risk.
  - 14. One or more computer readable media according to claim 12, further comprising executable instructions that, when executed, direct software to:
    - alter the quality of network service available to the client computing device based on the level of risk associated with the vulnerability setting.
  - 15. One or more computer readable media according to claim 12, wherein the vulnerability is a software based vulnerability, a system setting vulnerability, or a hardware vulnerability.
  - 16. A method according to claim 12, wherein the customized priority is determined after assessing the level of overall risk for the vulnerability in the enterprise.

17. A system comprising one or more modules that are configured to assess a level of risk associated with a vulnerability setting on a client computing device in an enterprise.
- View Dependent Claims (18, 19, 20)
- - 18. A system according to claim 17, wherein the vulnerability settings are defined by a system administrator using rules to calculate a level of risk based on the presence or absence of a vulnerability and predetermined aspects of the vulnerability.
  - 19. A system according to claim 17, wherein the overall risk in the enterprise may be assessed based on the risk associated with the vulnerability setting on one or more client machines in the enterprise.
  - 20. A system according to claim 17, further configured to:
    - prioritize the level of risk for the vulnerability setting relative to the levels of risk of other vulnerability settings; and
      
      remediate the risks based on the customized priority associated with the vulnerability setting and the level of risk by;
      
      adjusting the vulnerability setting,informing the client machine of the vulnerability, orapplying a patch or update or configuration script for the vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Iqbal, Khuzaima, Parupudi, Gopal, Khan, Shafqat U., Samak, Samoil, Keller, Bryan R., Murthy, Muki

Application Number

US11/677,001
Publication Number

US 20080201780A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Risk-Based Vulnerability Assessment, Remediation and Network Access Protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk-Based Vulnerability Assessment, Remediation and Network Access Protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links