Security countermeasure management platform
First Claim
Patent Images
1. Apparatus for use in association with a computing environment, comprising:
- a hardware processor;
computer memory holding computer program instructions executed by the processor to perform the following operations;
receiving risk data from one or more sources;
processing the received risk data against a vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable to potentially address the particular vulnerability;
with respect to the particular vulnerability, presenting information regarding the one or more discovered countermeasures, the information identifying (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment; and
receiving additional data defining a policy-based countermeasure workflow associated with a particular countermeasure of the one or more discovered countermeasures to attempt to address the particular vulnerability.
6 Assignments
0 Petitions
Accused Products
Abstract
A management platform that allows security and compliance users to view risks and vulnerabilities in their environment with the added context of what other mitigating security countermeasures are associated with that vulnerability and that are applicable and/or available within the overall security architecture. Additionally, the platform allows users to take one or more actions from controlling the operation of a security countermeasure for mitigation purposes to documenting the awareness of a security countermeasure that is in place.
-
Citations
26 Claims
-
1. Apparatus for use in association with a computing environment, comprising:
-
a hardware processor; computer memory holding computer program instructions executed by the processor to perform the following operations; receiving risk data from one or more sources; processing the received risk data against a vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable to potentially address the particular vulnerability; with respect to the particular vulnerability, presenting information regarding the one or more discovered countermeasures, the information identifying (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment; and receiving additional data defining a policy-based countermeasure workflow associated with a particular countermeasure of the one or more discovered countermeasures to attempt to address the particular vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 25)
-
-
18. A method of countermeasure awareness and control with respect to a computing environment, comprising:
-
receiving risk data from one or more sources; processing, using at least one hardware element, the received risk data against a vulnerability-to-countermeasures knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable to potentially address the particular vulnerability; with respect to the particular vulnerability, presenting information regarding the one or more discovered countermeasures, the information identifying (i) an expected cost of implementing the countermeasure, (ii) an expected effectiveness of implementing the countermeasure, and (iii) an indication of whether the countermeasure is available in the computing environment; and receiving additional data defining a policy-based countermeasure workflow associated with a particular countermeasure of the one or more discovered countermeasures to attempt to address the particular vulnerability. - View Dependent Claims (19, 20, 21, 22, 23, 24, 26)
-
Specification