Automated computer vulnerability resolution system
DCFirst Claim
1. A system for resolving computer vulnerabilities, comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
a download server coupled to said signature module to provide remote access to said remediation signatures;
a client server capable of coupling to said download server to access said remediation signatures;
a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer;
wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management.
12 Assignments
Litigations
0 Petitions
Reexamination
Accused Products
Abstract
A system and process for addressing computer security vulnerabilities. The system and process generally comprise aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; constructing a remediation signature to address the computer vulnerabilities; and deploying said remediation signature to a client computer. The remediation signature essentially comprises a sequence of actions to address a corresponding vulnerability. A managed automated approach to the process is contemplated in which the system is capable of selective deployment of remediation signatures; selective resolution of vulnerabilities; scheduled deployment of remediation signatures; and scheduled scanning of client computers for vulnerabilities.
230 Citations
44 Claims
-
1. A system for resolving computer vulnerabilities, comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer;wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for resolving computer vulnerabilities, comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signature for each vulnerability; a download server coupled to said signature module to provide remote access to said remediation signatures; a client server capable of coupling to said download server to access said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation signatures can be selectively included in said remediation profile;wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of the plurality of computer vulnerabilities; constructing at least one remediation signature to address a computer vulnerability; and
deploying at least one remediation signature to at least a portion of the plurality of client computers;
wherein the deploying of the remediation signatures comprises managing vulnerability resolution for the plurality of computers in the network;wherein managing vulnerability resolution comprises selective resolution of vulnerabilities;
wherein at least a portion of the plurality of client computers in the network are scanned and vulnerabilities identified and wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability;wherein scanning and identifying comprises; using an independent scanner to scan the at least a portion of the plurality of client computers in the network; importing vulnerabilities on the at least a portion of the plurality of client computers in the network identified by the independent scanner; and mapping the identified vulnerabilities to corresponding remediation signatures; wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of the plurality of computer vulnerabilities; constructing at least one remediation signature to address a computer vulnerability; using a scanner to scan at least a portion of the plurality of client computers in the network; recording vulnerabilities identified by the scanner on the scanned portion of the plurality of client computers in the network; mapping the identified vulnerabilities to corresponding remediation signatures; managing vulnerability resolution by selectively resolving at least one identified vulnerability on at least a selected portion of the scanned portion of the plurality of client computers by deploying at least one remediation signature to the selected portion of the scanned portion of the plurality of client computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of client computers; wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management. - View Dependent Claims (27, 28, 29, 30)
-
-
31. A system for resolving computer vulnerabilities, comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signatures, each remediation signature corresponding to a vulnerability; a client server capable of receiving said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise remediation signatures to resolve vulnerabilities on said corresponding client computers;wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management.
-
-
32. A system for resolving computer vulnerabilities comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signatures, each remediation signature corresponding to a vulnerability; a client server capable of receiving said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
wherein said deployment module constructs a remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation signatures can be selectively included in said remediation profiles;wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management and process management. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A system for resolving computer vulnerabilities in a plurality of computers on a network comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database; a signature module coupled to said remediation server to construct a remediation signatures, each remediation signature corresponding to a vulnerability; a client server capable of receiving said remediation signatures; a deployment module coupled to said client server capable of deploying said remediation signatures to a selection of client computers coupled to said client server, wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise selectively included remediation signatures to resolve vulnerabilities on said corresponding client computers; wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer; wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
service management security permissions management, account management, policy management audit management, file management and process management. - View Dependent Claims (39, 40, 41, 42, 43, 44)
-
Specification