METHODS AND SYSTEMS FOR IMPROVED RISK SCORING OF VULNERABILITIES

US 20130074188A1
Filed: 11/17/2011
Published: 03/21/2013
Est. Priority Date: 09/16/2011
Status: Active Grant

First Claim

Patent Images

1. A method for security testing, comprising:

identifying a vulnerability in an asset;

identifying whether the vulnerability is utilized by an existing malicious software program; and

determining a risk level of the vulnerability based on whether the vulnerability is utilized by the existing malicious software program.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security tool can identify vulnerabilities in a computing system and determine a risk level of the vulnerabilities based on base and optional CVSS vectors and additional factors that represent the evolving nature of vulnerabilities. Likewise, the security tool can determine an overall risk for vulnerabilities, an asset, and/or a collection of assets that encompasses a global view of an asset'"'"'s risk and/or collection of assets'"'"' risk, business considerations of an entity that own and controls the asset and/or the collection of assets, and the entity'"'"'s associations.

89 Citations

View as Search Results

31 Claims

1. A method for security testing, comprising:
- identifying a vulnerability in an asset;
  
  identifying whether the vulnerability is utilized by an existing malicious software program; and
  
  determining a risk level of the vulnerability based on whether the vulnerability is utilized by the existing malicious software program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, the method further comprising:
    - notifying a user of the vulnerability and the risk level.
  - 3. The method of claim 1, the method further comprising:
    - determining a remediation to the vulnerability on the asset; and
      
      determining a residual risk of the vulnerability based on an effectiveness of the remediation.
  - 4. The method of claim 1, wherein the asset comprises at least one of a physical computer system and a virtual machine.
  - 5. The method of claim 1, the method further comprising:
    - searching a security community for information about the vulnerability, wherein the risk is further based on the information about the vulnerability.
  - 6. The method of claim 1, the method further comprising:
    - identifying that the vulnerability is utilized by a new malicious software program; and
      
      determining a new risk level of the vulnerability based on the vulnerability being utilized by the new malicious software program.
  - 7. The method of claim 1, the method further comprising:
    - determining a new risk level for a future time based on factors utilized to determine the risk level.
  - 8. The A system for security testing, comprising:
    - a computer readable storage medium storing instructions; and
      
      a processor configured to execute the instructions to perform the method of claim 1.
  - 9. The A computer readable storage medium storing instructions that cause a processor to perform the method of claim 1.

10. The A method for security testing, comprising:
- identifying a vulnerability in asset;
  
  identifying that the asset is hosting virtual machines or that the asset is a virtual machine; and
  
  determining a risk level of the vulnerability based on the asset hosting the virtual machines or based on the asset being a virtual machine.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, the method further comprising:
    - notifying a user of the vulnerability and the risk level.
  - 12. The method of claim 10, the method further comprising:
    - identifying a number of the virtual machines potentially affected by the vulnerability, wherein determining the risk level is further based on the number of virtual machines affected by the vulnerability.
  - 13. The method of claim 10, the method further comprising:
    - identifying that the vulnerability is located in one of the virtual machines; and
      
      identifying that the one of the virtual machines activates and deactivates according to a schedule, wherein determining the risk level is further based on the schedule.
  - 14. The method of claim 10, the method further comprising:
    - determining a new risk level for a future time based on factors utilized to determine the risk level.
  - 15. The A system for security testing, comprising:
    - a computer readable storage medium storing instructions; and
      
      a processor configured to execute the instructions to perform the method of claim 10.
  - 16. The A computer readable storage medium storing instructions that cause a processor to perform the method of claim 10.

17. The A method for security testing, comprising:
- identifying a vulnerability in an asset;
  
  determining a risk level of the vulnerability based on the vulnerability'"'"'s ability to affect the asset;
  
  determining a classification of the asset based on a value of the asset; and
  
  determining an overall risk to the asset based on the risk level of the vulnerability and the classification of the asset.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 18. The method of claim 17, the method further comprising:
    - notifying a user of at least one of the asset, the vulnerability, the risk level of the vulnerability, the classification of the asset, and the overall risk.
  - 19. The method of claim 17, wherein the asset comprises at least one of a physical computer system and a virtual machine.
  - 20. The method of claim 17, wherein the value of the asset comprises at least one of a value of data stored by the asset, competitive advantage loss associated with a failure of the asset, business loss associated with a failure of the asset, productivity loss associated with a failure of the asset, reputation loss associated with a failure of the asset, and a legal impact of a failure of the asset.
  - 21. The method of claim 17, wherein the overall risk is further based on a classification of a second asset connected to the asset.
  - 22. The method of claim 21, wherein the overall risk is further based on a level of connection between the asset and the second asset.
  - 23. The method of claim 17, the method further comprising:
    - identifying a frequency that the asset is scanned for vulnerabilities, wherein the overall risk is further based on the frequency.
  - 24. The method of claim 17, the method further comprising:
    - determining a confidence that all vulnerabilities on the asset were identified, wherein the overall risk is further based on the confidence.
  - 25. The method of claim 17, the method further comprising:
    - identifying an entity that is associated the asset, wherein the entity operates other assets connected to the asset; and
      
      determining a risk profile of the entity, wherein the overall risk is further based on the risk profile of the entity.
  - 26. The method of claim 17, the method further comprising:
    - determining a remediation to the vulnerability based on the overall risk.
  - 27. The method of claim 17, the method further comprising:
    - determining whether the asset is inactive, wherein the overall risk is further based on the determination whether the asset is inactive.
  - 28. The method of claim 17, the method further comprising:
    - determining a new risk level for a future time based on factors utilized to determine the risk level.
  - 29. The method of claim 28, the method further comprising:
    - determining a new overall risk for the future time based on the new risk level.
  - 30. A system for security testing, comprising:
    - a computer readable storage medium storing instructions; and
      
      a processor configured to execute the instructions to perform the method of claim 17.
  - 31. A computer readable storage medium storing instructions that cause a processor to perform the method of claim 17.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rapid7 (Rapid7, Inc.)
Original Assignee
Rapid7 (Rapid7, Inc.)
Inventors
Giakouminakis, Anastasios, Loder, Chad, Malm, Sheldon E., Li, Richard D.

Granted Patent

US 9,141,805 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

METHODS AND SYSTEMS FOR IMPROVED RISK SCORING OF VULNERABILITIES

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR IMPROVED RISK SCORING OF VULNERABILITIES

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links