Method and System for Managing Computer System Vulnerabilities
First Claim
1. A computer-implemented method for vulnerability risk management of an enterprise computer system, comprising the steps of:
- instantiating, by a cloud computing system, a vulnerability risk management module and an expert system coupled vulnerability risk management module, the vulnerability risk management module configured for;
receiving from an end user a type of vulnerability;
determining a list of potential vulnerabilities of the enterprise computer system based the received type of vulnerability;
transmitting the list of potential vulnerabilities to the expert system;
receiving from the expert system a refined list of potential vulnerabilities; and
reporting a refined set of vulnerabilities to the end user.
2 Assignments
0 Petitions
Accused Products
Abstract
A vulnerability risk management (VRM) module receives an indication of a VRM service to be provided from the end user. The VRM module extracts from the indication either external IP addresses or the web application URL and a list of assets of the enterprise computer system to be tested. The VRM module discovers the assets of the enterprise computer system. The VRM module receives a request for a vulnerability scan using a predefined scan configuration based on preferences of the end user and a specified date and time to conduct the scan. The VRM module reports and stores a preliminary list of potential vulnerabilities in the VRM vulnerability database. The preliminary list is fed to an expert system, which applies specific rule sets using an inference engine and a knowledge base to refine results stored in the VRM vulnerability database by removing extraneous information and false positives.
88 Citations
22 Claims
-
1. A computer-implemented method for vulnerability risk management of an enterprise computer system, comprising the steps of:
-
instantiating, by a cloud computing system, a vulnerability risk management module and an expert system coupled vulnerability risk management module, the vulnerability risk management module configured for; receiving from an end user a type of vulnerability; determining a list of potential vulnerabilities of the enterprise computer system based the received type of vulnerability; transmitting the list of potential vulnerabilities to the expert system; receiving from the expert system a refined list of potential vulnerabilities; and reporting a refined set of vulnerabilities to the end user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for vulnerability risk management of an enterprise computer system, comprising:
a cloud computing system configured to instantiate a vulnerability risk management module and an expert system coupled to the vulnerability risk management module, the vulnerability risk management module configured to; receive from an end user a type of vulnerability; determine a list of potential vulnerabilities of the enterprise computer system based the received type of vulnerability; transmit the list of potential vulnerabilities to the expert system; receive from the expert system a refined list of potential vulnerabilities; and report a refined set of vulnerabilities to the end user. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
22. A non-transitory computer-readable storage medium including instructions that, when accessed by a processing system, cause the processing system to perform a method for vulnerability risk management of an enterprise computer system, comprising the steps of:
-
instantiating, by a cloud computing system, a vulnerability risk management module and an expert system coupled vulnerability risk management module, the vulnerability risk management module configured for; receiving from an end user a type of vulnerability; determining a list of potential vulnerabilities of the enterprise computer system based the received type of vulnerability; transmitting the list of potential vulnerabilities to the expert system; receiving from the expert system a refined list of potential vulnerabilities; and reporting a refined set of vulnerabilities to the end user.
-
Specification