SYSTEM AND METHOD FOR RESOLVING VULNERABILITIES IN A COMPUTER NETWORK

US 20110138469A1
Filed: 12/03/2009
Published: 06/09/2011
Est. Priority Date: 12/03/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method for resolving vulnerabilities on a computer network comprising a plurality of nodes, the method comprising:

collating vulnerability results from a plurality of the nodes;

determining a plurality of nodes with a common vulnerability;

retrieving an executable fix for the common vulnerability; and

multicasting the executable fix to a plurality of the nodes with the common vulnerability.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a computer network, a remedy server may be provided that controls vulnerability scans of the computer nodes. The remedy server determines a security level of a computer node and dispatches an agent to the node with a scan matching the security level. The agent executes the scan and reports the scan results to the remedy server. The remedy server collates scan results from a plurality of the network computers and determines which computers have a common vulnerability. A fix for the vulnerability, such as an executable patch file, is retrieved and multicast to those relevant computers.

127 Citations

20 Claims

1. A method for resolving vulnerabilities on a computer network comprising a plurality of nodes, the method comprising:
- collating vulnerability results from a plurality of the nodes;
  
  determining a plurality of nodes with a common vulnerability;
  
  retrieving an executable fix for the common vulnerability; and
  
  multicasting the executable fix to a plurality of the nodes with the common vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1 comprising providing an agent to a plurality of nodes with the common vulnerability, the agent being configured to:
    - execute within a node;
      
      receive the executable fix into the node; and
      
      execute the executable fix on the node.
  - 3. The method according to claim 1 wherein collating vulnerability results comprises building a vulnerability table that maps a vulnerability to one or more nodes that indicate the vulnerability in vulnerability results for the respective node.
  - 4. The method according to claim 1 comprising providing an agent to the plurality of nodes, the agent being configured to generate the vulnerability results.
  - 5. The method according to claim 4 wherein the agent is configured to:
    - convey an executable file to a node;
      
      execute the executable file on the node; and
      
      return the executable file after execution on the node;
      
      wherein the method comprises;
      
      analyzing an executable file after execution on a node to determine if the executable file has been modified by execution on the node; and
      
      isolating from the network a node which has modified an executable file.
  - 6. The method according to claim 4 wherein the agent is configured to execute a vulnerability scan on a node.
  - 7. The method according to claim 6 comprising:
    - selecting a vulnerability scan for a node; and
      
      providing the vulnerability scan with the agent to the node.
  - 8. The method according to claim 7 comprising:
    - determining a security level of a node; and
      
      selecting a vulnerability scan for the node dependent on the security level.
  - 9. The method according to claim 1 comprising maintaining a fix table that maps a vulnerability to a location of a fix for the vulnerability, wherein retrieving a fix for a vulnerability comprises looking up a vulnerability in the fix table.

10. A computer network comprising:
- a plurality of computer nodes; and
  
  a remedy server configured to;
  
  determine a scan for a computer node;
  
  provide the scan to the computer node;
  
  receive a scan result from the computer node that indicates vulnerabilities exhibited by the respective computer node;
  
  determine one or more vulnerabilities of the plurality of the computer nodes from a plurality of scan results;
  
  retrieve one or more fixes for the one or more vulnerabilities of the plurality of computer nodes; and
  
  provide the one or more fixes to the plurality of computer nodes.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer network according to claim 10 wherein the remedy server comprises an agent module configured to provide at least one agent to at least one computer node and wherein the at least one computer node supports an agent host environment that is configured to receive and execute the at least one agent.
  - 12. The computer network according to claim 11 wherein the at least one agent comprises an agent configured to provide a scan to a computer node and to execute the scan.
  - 13. The computer network according to claim 12 wherein the remedy server comprises a configuration module that stores a security level of a plurality of the computer nodes;
    - wherein the remedy server is configured to select a scan to provide to a computer node depending on the security level of the computer node.
  - 14. The computer network according to claim 11 wherein the at least one agent comprises an agent configured to:
    - convey an executable file to a computer node;
      
      execute the executable file; and
      
      return the executable file to the remedy server;
      
      wherein the remedy server is configured to;
      
      analyze a returned executable file to determine if the returned executable file has been modified during execution at the computer node; and
      
      isolate the computer node from the network if the returned executable file has been modified by the computer node.
  - 15. The computer network according to claim 10 wherein the remedy server comprises a result module that is configured to receive the plurality of scan results and generate a vulnerability table that associates a vulnerability with one or more of the plurality of computer nodes that exhibit the vulnerability.
  - 16. The computer system according to claim 15 wherein the remedy server is configured to:
    - look up the vulnerability table to determine a plurality of computer nodes with a common vulnerability;
      
      retrieve a fix for the common vulnerability; and
      
      multicast the fix to the plurality of computer nodes with the common vulnerability.
  - 17. The computer system according to claim 16 wherein a plurality of the computer nodes support an agent host environment that is configured to receive and execute at least one agent, wherein the remedy server comprises an agent module configured to provide at least one agent to a plurality of the computer nodes with the common vulnerability, and wherein the at least one agent comprises an agent configured to receive the multicast fix and execute the multicast fix on the computer node.

18. A computer-readable medium comprising computer-executable instructions for execution by at least one processor, that, when executed, cause the at least one processor to:
- receive a plurality of scan results that indicate one or more vulnerabilities on a plurality of computers of a computer network;
  
  generate a vulnerability table that associates a vulnerability with one or more of the plurality of computers that exhibit the vulnerability; and
  
  store the vulnerability table in a memory.
- View Dependent Claims (19, 20)
- - 19. The computer readable medium according to claim 18 comprising instructions that, when executed by the at least one processor, cause the at least one processor to:
    - select a vulnerability of the vulnerability table;
      
      look up the selected vulnerability in a database that associates the selected vulnerability with a location of a fix for the selected vulnerability;
      
      retrieve the fix from the location;
      
      select the computers associated with the vulnerability in the vulnerability table; and
      
      multicast the fix to the selected computers.
  - 20. The computer readable medium according to claim 19 comprising instructions that, when executed by the at least one processor, cause the at least one processor to communicate an agent to the selected computers, wherein the agent is configured to receive the multicast and execute the fix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Osocad Remote LLC (Intellectual Ventures LLC)
Original Assignee
Recursion Software, Inc.
Inventors
Patoskie, John, Ebdon, Deren G., Ye, Qin

Application Number

US12/629,933
Publication Number

US 20110138469A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 67/34   involving the movement of s...

SYSTEM AND METHOD FOR RESOLVING VULNERABILITIES IN A COMPUTER NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

127 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR RESOLVING VULNERABILITIES IN A COMPUTER NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links