SYSTEMS AND METHODS FOR PERFORMING VULNERABILITY SCANS ON VIRTUAL MACHINES

US 20130055398A1
Filed: 08/26/2011
Published: 02/28/2013
Est. Priority Date: 08/26/2011
Status: Active Grant

First Claim

Patent Images

1. A method of vulnerability scanning in a group of virtual machines hosted by a plurality of physical machines, comprising:

identifying a physical machine from the plurality of physical machines hosting at least one virtual machine in the group of virtual machines;

providing, by a processor to the physical machine, a vulnerability scanner, wherein the vulnerability scanner is configured to scan the at least one virtual machine utilizing a hypervisor associated with the at least one virtual machine;

receiving, from the vulnerability scanner, a result of a vulnerability scan performed on the at least one virtual machine; and

identifying a vulnerability in the at least one virtual machine based on the result of the vulnerability scan.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments described herein relate to systems and methods for performing vulnerability scans on virtual machines. The systems and methods comprise a virtual asset tool that can instantiate a vulnerability scanner on a physical machine hosting a set of virtual machines. The vulnerability scanner can scan the virtual machines to identify any vulnerabilities, security flaws, or other risks, and can provide a result of the scan to the virtual asset tool. In embodiments, the virtual asset tool can examine the result of the scan to identify any vulnerabilities resulting from the scan.

Citations

30 Claims

1. A method of vulnerability scanning in a group of virtual machines hosted by a plurality of physical machines, comprising:
- identifying a physical machine from the plurality of physical machines hosting at least one virtual machine in the group of virtual machines;
  
  providing, by a processor to the physical machine, a vulnerability scanner, wherein the vulnerability scanner is configured to scan the at least one virtual machine utilizing a hypervisor associated with the at least one virtual machine;
  
  receiving, from the vulnerability scanner, a result of a vulnerability scan performed on the at least one virtual machine; and
  
  identifying a vulnerability in the at least one virtual machine based on the result of the vulnerability scan.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - pinning a virtual machine running the vulnerability scanner to the physical machine so that the virtual machine running the vulnerability scanner is not moved off of the physical machine.
  - 3. The method of claim 1, wherein the vulnerability scanner uses in-memory operations of the physical machine to perform the vulnerability scan.
  - 4. The method of claim 1, wherein providing the vulnerability scanner comprises:
    - receiving, from a virtualization manager, an indication of a update to the physical machine; and
      
      deploying the vulnerability scanner to the physical machine in response to receiving the indication.
  - 5. The method of claim 1, wherein the vulnerability scanner obtains credentials for the at least one virtual machine from a virtualization manager prior to performing the vulnerability scan.
  - 6. The method of claim 1, further comprising:
    - querying a virtualization manager associated with the group of virtual machines to identify the group of virtual machines and the plurality of physical machines hosting the group of virtual machines.
  - 7. The method of claim 6, further comprising:
    - subscribing to updates to the group of the virtual machines provided by the virtualization manager, wherein the updates to the group comprise at least one of changes in the virtual machines and identifications of new virtual machines.
  - 8. The method of claim 7, further comprising:
    - receiving an update from the virtualization manager; and
      
      initiating a new vulnerability scan based on the update received from the virtualization manager.
  - 9. The method of claim 1, wherein providing the vulnerability scanner comprises:
    - instantiating the vulnerability scanner in a new virtual machine hosted by the physical machine based on results of a virtual machine discovery.
  - 10. The method of claim 9, further comprising:
    - suspending the new virtual machine after a completion of the vulnerability scan; and
      
      automatically resuming the new virtual machine when a new vulnerability scan is needed.

11. A system for vulnerability scanning in a group of virtual machines hosted by a plurality of physical machines, comprising:
- a processor; and
  
  a computer readable storage medium coupled to the processor and comprising instructions for causing the processor to perform the method comprising;
  
  identifying a physical machine from the plurality of physical machines hosting at least one virtual machine in the group of virtual machines;
  
  providing, to the physical machine, a vulnerability scanner, wherein the vulnerability scanner is configured to scan the at least one virtual machine utilizing a hypervisor associated with the at least one virtual machine;
  
  receiving, from the vulnerability scanner, a result of a vulnerability scan performed on the at least one virtual machine; and
  
  identifying a vulnerability in the at least one virtual machine based on the result of the vulnerability scan.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the processor further performs:
    - pinning a virtual machine running the vulnerability scanner to the physical machine so that the virtual machine running the vulnerability scanner is not moved off of the physical. machine.
  - 13. The system of claim 11, wherein the vulnerability scanner uses in-memory operations of the physical machine to perform the vulnerability scan.
  - 14. The system of claim 11, wherein providing the vulnerability scanner comprises:
    - receiving, from a virtualization manager, an indication of a update to the physical machine; and
      
      deploying the vulnerability scanner to the physical in response to receiving the indication.
  - 15. The system of claim 11, wherein the vulnerability scanner obtains credentials for the at least one virtual machine from a virtualization manager prior to performing the vulnerability scan.
  - 16. The system of claim 11, wherein the processor further performs:
    - querying a virtualization manager associated with the group of virtual machines to identify the group of virtual machines and the plurality of physical machines hosting the group of virtual machines.
  - 17. The system of claim 16, wherein the processor further performs:
    - subscribing to updates to the group of the virtual machines provided by the virtualization manager, wherein the updates to the group comprise at least one of changes in the virtual machines and identifications of new virtual machines.
  - 18. The system of claim 17, wherein the processor further performs:
    - receiving an update from the virtualization manager; and
      
      initiating a new vulnerability scan based on the update received from the virtualization manager.
  - 19. The system of claim 11, wherein providing the vulnerability scanner comprises:
    - instantiating the vulnerability scanner in a new virtual machine hosted by the physical machine based on results of a virtual machine discovery.
  - 20. The system of claim 19, wherein the processor further performs:
    - suspending the new virtual machine after a completion of the vulnerability scan; and
      
      automatically resuming the new virtual machine when a new vulnerability scan is needed.

21. A non-transitory computer readable storage medium embodying instructions for causing a processor to perform the method comprising:
- identifying a physical machine from a plurality of physical machines hosting at least one virtual machine in a group of virtual machines;
  
  providing, to the physical machine, a vulnerability scanner, wherein the vulnerability scanner is configured to scan the at least one virtual machine utilizing a hypervisor associated with the at least one virtual machine;
  
  receiving, from the vulnerability scanner, a result of a vulnerability scan performed on the at least one virtual machine; and
  
  identifying a vulnerability in the at least one virtual machine based on the result of the vulnerability scan.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The non-transitory computer readable storage medium of claim 21, wherein the processor further performs:
    - pinning a virtual machine running the vulnerability scanner to the physical machine so that the virtual machine running the vulnerability scanner is not moved off of the physical machine.
  - 23. The non-transitory computer readable storage medium of claim 21, wherein the vulnerability scanner uses in-memory operations of the physical machine to perform the vulnerability scan.
  - 24. The non-transitory computer readable storage medium of claim 21, wherein providing the vulnerability scanner comprises:
    - receiving, from a virtualization manager, an indication of a update to the physical machine; and
      
      deploying the vulnerability scanner to the physical in response to receiving the indication.
  - 25. The non-transitory computer readable storage medium of claim 21, wherein the vulnerability scanner obtains credentials for the at least one virtual machine from a virtualization manager prior to performing the vulnerability scan.
  - 26. The non-transitory computer readable storage medium of claim 21, wherein the processor further performs:
    - querying a virtualization manager associated with the group of virtual machines to identify the group of virtual machines and the plurality of physical machines hosting the group of virtual machines.
  - 27. The non-transitory computer readable storage medium of claim 26, wherein the processor further performs:
    - subscribing to updates to the group of the virtual machines provided by the virtualization manager, wherein the updates to the group comprise at least one of changes in the virtual machines and identifications of new virtual machines.
  - 28. The non-transitory computer readable storage medium of claim 27, wherein the processor further performs:
    - receiving an update from the virtualization manager; and
      
      initiating a new vulnerability scan based on the update received from the virtualization manager.
  - 29. The non-transitory computer readable storage medium of claim 21, wherein providing the vulnerability scanner comprises:
    - instantiating the vulnerability scanner in a new virtual machine hosted by the physical machine based on results of a virtual machine discovery.
  - 30. The non-transitory computer readable storage medium of claim 29, wherein the processor further performs:
    - suspending the new virtual machine after a completion of the vulnerability scan; and
      
      automatically resuming the new virtual machine when a new vulnerability scan is needed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rapid7 (Rapid7, Inc.)
Original Assignee
Rapid7 (Rapid7, Inc.)
Inventors
Li, Richard D., Giakouminakis, Anastasios, Berger, Jeffrey L.

Granted Patent

US 8,819,832 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

SYSTEMS AND METHODS FOR PERFORMING VULNERABILITY SCANS ON VIRTUAL MACHINES

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PERFORMING VULNERABILITY SCANS ON VIRTUAL MACHINES

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links