ENTERPRISE VULNERABILITY MANAGEMENT

US 20120304300A1
Filed: 04/09/2012
Published: 11/29/2012
Est. Priority Date: 05/23/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing vulnerability of information technology assets of an enterprise, said method comprising:

executing computer software code on at least one computer hardware platform, the software code enabling the at least one hardware platform to perform the steps of;

receiving login information from a user;

inventorying current information technology assets of the enterprise;

conducting vulnerability scanning of the inventoried information technology assets;

analyzing vulnerability correlation and prioritization of the information technology assets, wherein said analyzing includes generating one or more vulnerability scores;

remediating one or more vulnerabilities of the information technology assets; and

reporting to the user about the vulnerabilities and remediation undertaken.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An enterprise vulnerability management application (EVMA), enterprise vulnerability management process (EVMP) and system. In one embodiment, the EVMP may include executing computer software code on at least one computer hardware platform to receive login information from a user, inventory current information technology assets of the enterprise, conduct vulnerability scanning of the inventoried information technology assets, analyze vulnerability correlation and prioritization of the information technology assets, remediate one or more vulnerabilities of the information technology assets, and report to the user about the vulnerabilities and remediation undertaken. As part of the analysis, one or more vulnerability scores such as, for example, Common Vulnerability Scoring System (CVSS) scores, may be generated from base score metrics, temporal score metrics and environment score metrics.

Citations

21 Claims

1. A computer-implemented method for managing vulnerability of information technology assets of an enterprise, said method comprising:
- executing computer software code on at least one computer hardware platform, the software code enabling the at least one hardware platform to perform the steps of;
  
  receiving login information from a user;
  
  inventorying current information technology assets of the enterprise;
  
  conducting vulnerability scanning of the inventoried information technology assets;
  
  analyzing vulnerability correlation and prioritization of the information technology assets, wherein said analyzing includes generating one or more vulnerability scores;
  
  remediating one or more vulnerabilities of the information technology assets; and
  
  reporting to the user about the vulnerabilities and remediation undertaken.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein said step of receiving login information includes the step of displaying a login input box to the user on at least one display device in communication with the at least one computer hardware platform.
  - 3. The method of claim 1 wherein said step of inventorying includes at least one of:
    - displaying an asset topography chart to the user on at least one display device in communication with the at least one computer hardware platform; and
      
      displaying an execute new discovery scans input box to the user on the at least one display device.
  - 4. The method of claim 1 wherein said step of conducting includes at least one of:
    - displaying a scan configurations list to the user on at least one display device in communication with the at least one computer hardware platform;
      
      displaying a create new scan input box to the user on the at least one display device;
      
      displaying a job configuration list to the user on the at least one display device; and
      
      displaying a create new job input box to the user on the at least one display device.
  - 5. The method of claim 1 wherein said step of analyzing includes at least one of:
    - displaying a number of issues versus date chart to the user on at least one display device in communication with the at least one computer hardware platform;
      
      displaying a vulnerability severity ratio chart to the user on the at least one display device;
      
      displaying a selected vulnerability score versus number of assets chart to the user on the at least one display device; and
      
      displaying an identified issues list to the user on the at least one display device.
  - 6. The method of claim 1 wherein said step of remediating includes at least one of:
    - displaying details of a selected identified issue to the user on at least one display device in communication with the at least one computer hardware platform; and
      
      displaying information regarding the remediation status of identified issues to the user on the at least one display device.
  - 7. The method of claim 1 wherein said step of reporting includes at least one of:
    - displaying a list of current issues, affected assets and one or more associated vulnerability scores to the user on at least one display device in communication with the at least one computer hardware platform; and
      
      displaying an asset topography chart to the user on the at least one display device, wherein the asset topography chart includes an identification of the severity of issues affecting the assets included in the chart.

8. An enterprise vulnerability management system comprising:
- a processing module; and
  
  a memory module logically connected to the processing module and comprising a set of computer readable instructions executable by the processing module to;
  
  receive login information from a user;
  
  inventory current information technology assets of the enterprise;
  
  conduct vulnerability scanning of the inventoried information technology assets;
  
  analyze vulnerability correlation and prioritization of the information technology assets, wherein one or more vulnerability scores are generated;
  
  remediate one or more vulnerabilities of the information technology assets; and
  
  report to the user about the vulnerabilities and remediation undertaken.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein the computer readable instructions are further executable by the processing module to:
    - display a login input box to the user on at least one display device in communication with the processing module.
  - 10. The system of claim 8 wherein the computer readable instructions are further executable by the processing module to perform at least one of:
    - display an asset topography chart to the user on at least one display device in communication with the processing module; and
      
      display an execute new discovery scans input box to the user on the at least one display device.
  - 11. The system of claim 8 wherein the computer readable instructions are further executable by the processing module to perform at least one of:
    - display a scan configurations list to the user on at least one display device in communication with the processing module;
      
      display a create new scan input box to the user on the at least one display device;
      
      display a job configuration list to the user on the at least one display device; and
      
      display a create new job input box to the user on the at least one display device.
  - 12. The system of claim 8 wherein the computer readable instructions are further executable by the processing module to perform at least one of:
    - display a number of issues versus date chart to the user on at least one display device in communication with the processing module;
      
      display a vulnerability severity ratio chart to the user on the at least one display device;
      
      display a selected vulnerability score versus number of assets chart to the user on the at least one display device; and
      
      display an identified issues list to the user on the at least one display device.
  - 13. The system of claim 8 wherein the computer readable instructions are further executable by the processing module to perform at least one of:
    - display details of a selected identified issue to the user on at least one display device in communication with the processing module; and
      
      display information regarding the remediation status of identified issues to the user on the at least one display device.
  - 14. The system of claim 8 wherein the computer readable instructions are further executable by the processing module to perform at least one of:
    - display a list of current issues, affected assets and one or more associated vulnerability scores to the user on at least one display device in communication with the processing module; and
      
      display an asset topography chart to the user on the at least one display device, wherein the asset topography chart includes an identification of the severity of issues affecting the assets included in the chart.

15. A method for generating a vulnerability score associated with an information technology assets of an enterprise, said method comprising:
- collecting results of at least one vulnerability assessment conducted on the information technology assets by at least one vendor tool;
  
  analyzing each result for base score metrics;
  
  analyzing each result for temporal score metrics;
  
  analyzing each result for environment score metrics;
  
  generating a CVSS score for each result based on the base score metrics, temporal score metrics and environment score metrics for each result.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15 wherein said step of analyzing each result for base score metrics comprises:
    - retrieving NVD information;
      
      when CVE is present, retrieving base score metrics from NVD repository;
      
      when CWE is present and CWE is mapped to one or more CVEs, retrieving CVSS base score metrics for associated one or more CVEs from NVD repository;
      
      when CWE is present and CWE is mapped to one or more CVEs and a plurality of CVEs are retrieved, using CVSS base score metrics to generate a pseudo-CVE from retrieved CVEs;
      
      when CWE is present and CWE is not mapped to one or more CVEs, using CVSS base score metrics to generate a pseudo-CVE based on result details; and
      
      when CVE is not present and CWE is not present, using CVSS base score metrics to generate a pseudo-CVE based on result details.
  - 17. The method of claim 15 wherein said step of analyzing each result for temporal score metrics comprises:
    - retrieving a CVE;
      
      when a temporal score is indicated as being available from a NVD repository, retrieving CVSS temporal score metrics from the NVD repository;
      
      when an NVD temporal score is not available, analyzing CVE links to determine if temporal score metrics are available from an outside repository and, when the outside repository has temporal score metrics, retrieving CVSS temporal score metrics from the outside repository;
      
      when an NVD temporal score is not available and temporal score metrics are not available from an outside source, determining whether a temporal score can be calculated and if so, using CVSS temporal score metrics to generate a pseudo-CVE based on details of the result; and
      
      when an NVD temporal score is not available and temporal score metrics are not available from an outside source and a temporal score cannot be calculated, using default temporal score metrics.
  - 18. The method of claim 15 wherein said step of analyzing each result for environment score metrics comprises:
    - retrieving an asset associated with the result;
      
      when a user provided environment score is indicated as being available, retrieving CVSS environment score metrics from an EVMA repository, and when an AVA provided environment score is indicated as being available, retrieving CVSS environment score metrics from an EVMA\AVA repository and blending the environment score metrics retrieved from the EVMA repository and the AVA repository;
      
      when a user provided environment score is not available and an AVA provided environment score is indicated as being available, retrieving CVSS environment score metrics from an EVMA\AVA repository; and
      
      when a user provided environment score is not available and an AVA provided environment score is not available, using default environment score metrics.
  - 19. The method of claim 15 wherein, in said step of analyzing each result for base score metrics, the base metrics comprise one or more of an access vector metric, an access complexity metric, an authentication metric, a confidentiality impact metric, an integrity impact metric, and an availability impact metric.
  - 20. The method of claim 15 wherein, in said analyzing each result for temporal score metrics, the temporal score metrics comprise one or more of an exploitability metric, a remediation level metric, and a report confidence metric.
  - 21. The method of claim 15 wherein one or more of said steps of collecting results of at least one vulnerability assessment, analyzing each result for base score metrics, analyzing each result for temporal score metrics, analyzing each result for environment score metrics, and generating a CVSS score for each result are performed on a computer hardware platform having a processing module executing computer program code stored on a memory module of the computer hardware platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leidos Innovations Technology, Inc.
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
LaBumbard, Jason M.

Granted Patent

US 8,789,192 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

ENTERPRISE VULNERABILITY MANAGEMENT

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

ENTERPRISE VULNERABILITY MANAGEMENT

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links