SYSTEM AND METHOD FOR VULNERABILITY RISK ANALYSIS

US 20140189873A1
Filed: 05/21/2010
Published: 07/03/2014
Est. Priority Date: 12/21/2009
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing risk, the method comprising:

accessing, within an electronic system, host configuration information of a host;

querying a vulnerability database based on said host configuration information;

receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host;

accessing a plurality of vulnerability scores;

determining a composite risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and a software product of said host;

determining an aggregate risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and a software product of said host; and

reporting said composite risk score and said aggregate risk score.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention are directed to a method and system for automated risk analysis. The method includes accessing host configuration information of a host and querying a vulnerability database based on the host configuration information. The method further includes receiving a list of vulnerabilities and accessing a plurality of vulnerability scores. The list of vulnerabilities corresponds to vulnerabilities of the host. Vulnerabilities can be removed from the list based on checking for installed fixes corresponding to vulnerability. A composite risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores. An aggregate risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores.

Citations

20 Claims

1. A method for analyzing risk, the method comprising:
- accessing, within an electronic system, host configuration information of a host;
  
  querying a vulnerability database based on said host configuration information;
  
  receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host;
  
  accessing a plurality of vulnerability scores;
  
  determining a composite risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and a software product of said host;
  
  determining an aggregate risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and a software product of said host; and
  
  reporting said composite risk score and said aggregate risk score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein said host configuration information comprises information about a plurality of software applications and an operating system.
  - 3. The method of claim 1 further comprising:
    - querying a fixes database based on said list of vulnerabilities;
      
      receiving a list of fixes; and
      
      checking said list of fixes against said host configuration information.
  - 4. The method of claim 3 further comprising:
    - determining a software product contributing the most risk to an enterprise.
  - 5. The method of claim 4 further comprising:
    - determining a host contributing the most risk to said enterprise.
  - 6. The method of claim 5 further comprising:
    - determining a vulnerability contributing the most risk to said enterprise.
  - 7. The method of claim 1 wherein said vulnerability database is a National Vulnerability Database (NVD).
  - 8. The method of claim 1 wherein said vulnerability scores comprise Common Vulnerability Scoring System (CVSS) scores.

9. A non-transitory computer readable storage medium having stored thereon, computer executable instructions that, if executed by a computer system cause the computer system to perform a method of risk analysis comprising:
- accessing, within an electronic system, host configuration information of a host;
  
  querying a vulnerability database based on said host configuration information;
  
  receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host;
  
  accessing a plurality of vulnerability scores;
  
  determining a composite risk score for at least one of said host and each software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and a software product of said host;
  
  determining an aggregate risk score for said host and each software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and a software product of said host; and
  
  reporting said composite risk score and said aggregate risk score.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer readable storage medium of claim 9, wherein said host configuration information comprises information about a plurality of software applications and an operating system.
  - 11. The computer readable storage medium of claim 9, wherein said method further comprises:
    - querying a fixes database based on said list of vulnerabilities;
      
      receiving a list of fixes; and
      
      checking said list of fixes against said host configuration information.
  - 12. The computer readable storage medium of claim 9, wherein said method further comprises:
    - determining a software product contributing the most risk to an enterprise.
  - 13. The computer readable storage medium of claim 9, wherein said method further comprises:
    - determining a host contributing the most risk to said enterprise.
  - 14. The computer readable storage medium of claim 9, wherein said method further comprises:
    - determining a vulnerability contributing the most risk to said enterprise.
  - 15. The computer readable storage medium of claim 9, wherein said vulnerability scores comprise Common Vulnerability Scoring System (CVSS) scores.
  - 16. The computer readable storage medium of claim 9, wherein said vulnerability database is a National Vulnerability Database (NVD).

17. A system comprising:
- a host configuration access module for accessing host configuration information;
  
  a vulnerability database query module for querying a vulnerability database;
  
  a fix database query module for querying a fix database;
  
  a composite risk determination module for determining and reporting a composite risk score based on data from said vulnerability database and based on data from said fix database, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of a host and a software product of said host; and
  
  an aggregate risk determination module for determining and reporting an aggregate risk score based on data from said vulnerability database and based on data from said fix database, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and a software product of said host.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17 further comprising:
    - a software product risk contribution module for determining a software product contributing the most risk to an enterprise.
  - 19. The system of claim 17 further comprising:
    - a host risk contribution module for determining a host contributing the most risk to an enterprise.
  - 20. The system of claim 17 further comprising:
    - a vulnerability risk contribution module for determining a vulnerability contributing the most risk to an enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Elder, Matthew Cruz, Kienzle, Darrell Martin, Manadhata, Pratyusa K., Persaud, Ryan Kumar

Granted Patent

US 9,317,692 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

SYSTEM AND METHOD FOR VULNERABILITY RISK ANALYSIS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR VULNERABILITY RISK ANALYSIS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links