Combining assessment models and client targeting to identify network security vulnerabilities

US 20080235801A1
Filed: 03/20/2007
Published: 09/25/2008
Est. Priority Date: 03/20/2007
Status: Active Grant

First Claim

Patent Images

1. In a computing environment including a network, a method comprising:

communicating with a first set of clients that are capable of self-assessment for security risks or security vulnerabilities, or self-assessment for both security risks and security vulnerabilities;

directing each client of the first set of clients to perform a self-assessment;

obtaining a first set of data corresponding to the self-assessment results from each of the clients;

performing a remote assessment on a second set of clients that to obtain a second set of data corresponding to remote assessment results; and

using the first set of data and second set of data to determine security risks and security vulnerabilities in the network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a technology for managing network security by having network clients that are capable of self-assessment assess themselves for security risks and/or security vulnerabilities. Other clients may be remotely assessed for security risks and/or security vulnerabilities. Assessments may include antimalware scans, vulnerability assessment, and/or port scans. The results of the self-assessments and remote assessments are combined into a data set (e.g., a view) indicative of the network security state. In this manner, for example, significant network resources are conserved by allowing those clients capable of self-assessment to assess themselves and thereafter only provide their self-assessment results. Clients capable of self-assessment may also be remotely assessed, to determine whether any discrepancies exist between their remote assessments and self-assessments. Clients may be discovered, along with their self-assessment capabilities, by network communication.

192 Citations

20 Claims

1. In a computing environment including a network, a method comprising:
- communicating with a first set of clients that are capable of self-assessment for security risks or security vulnerabilities, or self-assessment for both security risks and security vulnerabilities;
  
  directing each client of the first set of clients to perform a self-assessment;
  
  obtaining a first set of data corresponding to the self-assessment results from each of the clients;
  
  performing a remote assessment on a second set of clients that to obtain a second set of data corresponding to remote assessment results; and
  
  using the first set of data and second set of data to determine security risks and security vulnerabilities in the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising harvesting the first set of clients from a set of possible targets, including discovering which of the targets include components capable of performing self-assessment and are currently reachable via network communication.
  - 3. The method of claim 1 further comprising, performing port scans on the first and second sets of clients, and including in the first and second sets of data results of the port scans for the first and second sets of clients, respectively.
  - 4. The method of claim 1 wherein directing each client of the first set of clients to perform a self-assessment comprises instructing each client of the first set of clients to perform an antimalware scan including an antivirus scan or an antispyware scan, or both an antivirus scan and an antispyware scan.
  - 5. The method of claim 1 wherein directing each client of the first set of clients to perform a self-assessment comprises instructing each client of the first set of clients to perform a vulnerability assessment scan.
  - 6. The method of claim 1 wherein performing the remote assessment on the second set of clients comprises performing a remote antimalware scan, including an antivirus scan or an antispyware scan, or both an antivirus scan and an antispyware scan.
  - 7. The method of claim 1 wherein performing the remote assessment on the second set of clients comprises performing a remote vulnerability assessment scan.
  - 8. The method of claim 1 further comprising, performing a remote assessment on a selected client of the first set of clients, and comparing results of the remote assessment on the selected client against results of the self-assessment by the selected client to determine whether any discrepancy exists in the results.
  - 9. The method of claim 1 wherein obtaining the first set of data comprises collecting events from an event log associated with each client of the first set of clients.
  - 10. The method of claim 1 wherein using the first set of data and second set of data to determine the security risks and security vulnerabilities in the network comprises formatting the first and second sets of data into a data format corresponding to a database storage format, and storing the formatted data in a database.

11. In a computing environment including a network, a system comprising:
- a security server;
  
  a server agent associated with the security server, the server agent coupled for communication with a first set of at least one client managed by the security system, each client of the first set configured with an agent for self-assessment with respect to determining any security risks or security vulnerabilities, or determining both security risks and security vulnerabilities;
  
  a remote assessment component associated with the security server, the remote assessment component coupled for communication with a second set of at least one client managed by the security system to perform a remote assessment with respect to determining any security risks or security vulnerabilities, or determining both security risks and security vulnerabilities; and
  
  a reporting mechanism associated with the security server that combines results of the self-assessment of each client of the first set with the results of the remote assessment of each client of the second set to provide a combined data set indicative of security risks or security vulnerabilities, or both security risks and security vulnerabilities, of the clients managed by the security system.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11 wherein the reporting mechanism includes means for collecting the results of the self-assessment of each client, and a server program that provides a combined view of the combined data set.
  - 13. The system of claim 11 wherein the security server is associated with a network scanning engine that performs unauthenticated inspections of ports corresponding to each client of the first set and each client of the second set, and wherein the reporting mechanism further provides results of the unauthenticated inspections.
  - 14. The system of claim 11 wherein the security server is associated with a network scanning engine that communicates with clients to determine which clients are capable of self-assessment and which clients are not capable of self-assessment.
  - 15. The system of claim 11 wherein the remote assessment component further performs a remote assessment on a selected client of the first set of clients, and wherein the security server includes means for comparing results of the remote assessment on the selected client against results of the self-assessment by the selected client to determine whether any discrepancy exists in the results.

16. A computer-readable medium having computer-executable instructions, which when executed perform steps, comprising:
- managing a first set of clients of a network that are capable of self-assessment to each self-assess for security risks or security vulnerabilities, or self-assess for both security risks and security vulnerabilities, and to obtain a first set of results corresponding to the self assessments;
  
  remotely assessing a second set of clients of the network for security risks or security vulnerabilities, or both security risks and security vulnerabilities, to obtain a second set of results corresponding to the remote assessments; and
  
  combining the first and second sets of results into a combined data set indicative of security risks or security vulnerabilities, or both security risks and security vulnerabilities, of the first and second sets of the clients of the network.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable medium of claim 16 having further computer-executable instructions comprising, performing port scans on the first and second sets of clients to obtain port scan results, and adding the port scan results to combined data set.
  - 18. The computer-readable medium of claim 16 having further computer-executable instructions comprising, performing a remote assessment on a selected client of the first set of clients, and comparing results of the remote assessment on the selected client against results of the self-assessment by the selected client to determine whether any discrepancy exists in the results for that selected client.
  - 19. The computer-readable medium of claim 16 having further computer-executable instructions comprising, harvesting the first and second sets of clients from a target set of clients to assess, including by discovering at least some of the clients by name or by IP address.
  - 20. The computer-readable medium of claim 16 having further computer-executable instructions comprising, communicating with clients of the network to determine which clients are capable of self-assessment and including those clients in the first set, and to determine which clients are not capable of self-assessment and including those clients in the second set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Soderberg, Joel M., Kachachi, Bashar

Granted Patent

US 8,302,196 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/563   by source code analysis

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1433   Vulnerability analysis

Combining assessment models and client targeting to identify network security vulnerabilities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

192 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Combining assessment models and client targeting to identify network security vulnerabilities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

192 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links