ORDERED COMPUTER VULNERABILITY REMEDIATION REPORTING

US 20160072835A1
Filed: 11/16/2015
Published: 03/10/2016
Est. Priority Date: 02/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining a first plurality of vulnerabilities of a first computing asset;

generating a first risk score for the first computing asset based on the first plurality of vulnerabilities and on one or more contextual factors that a number of available exploits for each vulnerability of the first plurality of vulnerabilities,wherein the number of available exploits includes a first number of available exploits for a first vulnerability and a second number of available exploits for a second vulnerability,wherein the first number of available exploits is different than the second number of available exploits;

wherein the method is performed by one or more computing devices.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities.

17 Citations

View as Search Results

22 Claims

1. A method comprising:
- determining a first plurality of vulnerabilities of a first computing asset;
  
  generating a first risk score for the first computing asset based on the first plurality of vulnerabilities and on one or more contextual factors that a number of available exploits for each vulnerability of the first plurality of vulnerabilities,wherein the number of available exploits includes a first number of available exploits for a first vulnerability and a second number of available exploits for a second vulnerability,wherein the first number of available exploits is different than the second number of available exploits;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining a second plurality of vulnerabilities of a second computing asset that is different than the first computing asset;
      
      generating, based on the first plurality of vulnerabilities and the second plurality of vulnerabilities, a second risk score for a set of computing assets that includes the first computing asset and the second computing asset.
  - 3. The method of claim 2, further comprising:
    - causing the second risk score to be displayed on a screen of a computing device;
      
      receiving input that selects the second risk score;
      
      in response to receiving the input that selects the second risk score, causing data that indicates each computing asset in the set of computing assets to be displayed on the screen of the computing device.
  - 4. The method of claim 1, wherein the first computing asset is one of a database, an operating system, an application, a desktop computer, a server, or source code.
  - 5. The method of claim 1, further comprising:
    - causing, to be displayed concurrently on a screen of a computing device, a plurality of risk scores, each of which is associated with a different computing asset or a different set of computing assets;
      
      wherein each computing asset or set of computing assets is associated with a different plurality of vulnerabilities.
  - 6. The method of claim 1, wherein the one or more contextual factors include a number of active breaches of each vulnerability of the first plurality of vulnerabilities, wherein the active breaches occurred to computing assets that are external to the network that includes the first computing asset.
  - 7. The method of claim 1, wherein the one or more contextual factors include one or more values that indicate a popularity of the first computing asset across one or more organizations that are different than an organization that owns the first computing asset.
  - 8. The method of claim 1, wherein the one or more contextual factors include the one or more values that indicate the difficulty of exploiting the particular vulnerability of the plurality of vulnerabilities.
  - 9. The method of claim 1, further comprising:
    - receiving one or more values that indicate an importance of the computing asset to the customer;
      
      wherein the one or more contextual factors includes the one or more values that indicate the importance of the computing asset to the customer.

10. A method comprising:
- determining a first plurality of vulnerabilities of a first computing asset;
  
  generating a first risk score for the first computing asset based on the first plurality of vulnerabilities;
  
  determining a second plurality of vulnerabilities of a second computing asset that is different than the first computing asset;
  
  determining to include the first computing asset and the second computing asset in a set of computing assets based on geographical location of the first and second computing assets, type of the first and second computing assets, or subnet of the first and second computing assets;
  
  generating, based on the first plurality of vulnerabilities and the second plurality of vulnerabilities, a second risk score for the set of computing assets that includes the first computing asset and the second computing asset;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10, wherein determining to include the first computing asset and the second computing asset in the set of computing assets comprises determining to include the first computing asset and the second computing asset in the set of computing assets based on geographical location of the first and second computing assets.
  - 12. The method of claim 10, wherein determining to include the first computing asset and the second computing asset in the set of computing assets comprises determining to include the first computing asset and the second computing asset in the set of computing assets based on type of the first and second computing assets.
  - 13. The method of claim 10, wherein determining to include the first computing asset and the second computing asset in the set of computing assets comprises determining to include the first computing asset and the second computing asset in the set of computing assets based on subnet of the first and second computing assets.

14. An apparatus comprising:
- one or more processors;
  
  one or more non-transitory computer-readable media storing instructions which, when executed by the one or more processors, cause;
  
  determining a first plurality of vulnerabilities of a first computing asset;
  
  generating a first risk score for the first computing asset based on the first plurality of vulnerabilities and on one or more contextual factors that include a number of available exploits for each vulnerability of the first plurality of vulnerabilities,wherein the number of available exploits includes a first number of available exploits for a first vulnerability and a second number of available exploits for a second vulnerability,wherein the first number of available exploits is different than the second number of available exploits.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The apparatus of claim 14, wherein the instructions, when executed by the one or more processors, further cause:
    - determining a second plurality of vulnerabilities of a second computing asset that is different than the first computing asset;
      
      generating, based on the first plurality of vulnerabilities and the second plurality of vulnerabilities, a second risk score for a set of computing assets that includes the first computing asset and the second computing asset.
  - 16. The apparatus of claim 15, wherein the instructions, when executed by the one or more processors, further cause:
    - causing the second risk score to be displayed on a screen of a computing device;
      
      receiving input that selects the second risk score;
      
      in response to receiving the input that selects the second risk score, causing data that indicates each computing asset in the set of computing assets to be displayed on the screen of the computing device.
  - 17. The apparatus of claim 14, wherein the first computing asset is one of a database, an operating system, an application, a desktop computer, a server, or source code.
  - 18. The apparatus of claim 14, wherein the instructions, when executed by the one or more processors, further cause:
    - causing, to be displayed concurrently on a screen of a computing device, a plurality of risk scores, each of which is associated with a different computing asset or a different set of computing assets;
      
      wherein each computing asset or set of computing assets is associated with a different plurality of vulnerabilities.
  - 19. The apparatus of claim 14, wherein the one or more contextual factors include a number of active breaches of each vulnerability of the first plurality of vulnerabilities, wherein the active breaches occurred to computing assets that are external to the network that includes the first computing asset.
  - 20. The apparatus of claim 14, wherein the one or more contextual factors include one or more values that indicate a popularity of the first computing asset across one or more organizations that are different than an organization that owns the first computing asset.
  - 21. The apparatus of claim 14, wherein the one or more contextual factors include the one or more values that indicate the difficulty of exploiting the particular vulnerability of the plurality of vulnerabilities.
  - 22. The apparatus of claim 14, wherein the instructions, when executed by the one or more processors, further cause:
    - receiving one or more values that indicate an importance of the computing asset to the customer;
      
      wherein the one or more contextual factors includes the one or more values that indicate the importance of the computing asset to the customer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kenna Security, Inc. (Cisco Systems, Inc.)
Original Assignee
Risk I/O, Inc.
Inventors
Roytman, Michael, Bellis, Edward T., Heuer, Jeffrey

Granted Patent

US 9,825,981 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/06311   Scheduling, planning or tas...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

ORDERED COMPUTER VULNERABILITY REMEDIATION REPORTING

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

ORDERED COMPUTER VULNERABILITY REMEDIATION REPORTING

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links