Automated computer vulnerability resolution system

US 7,000,247 B2
Filed: 12/31/2002
Issued: 02/14/2006
Est. Priority Date: 12/31/2001
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A system for resolving computer vulnerabilities, comprising:

a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;

a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;

a download server coupled to said signature module to provide remote access to said remediation signatures;

a client server capable of coupling to said download server to access said remediation signatures;

a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;

wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer;

wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;

wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;

service management, security permissions management, account management, policy management, audit management, file management and process management.

View all claims

12 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

A system and process for addressing computer security vulnerabilities. The system and process generally comprise aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; constructing a remediation signature to address the computer vulnerabilities; and deploying said remediation signature to a client computer. The remediation signature essentially comprises a sequence of actions to address a corresponding vulnerability. A managed automated approach to the process is contemplated in which the system is capable of selective deployment of remediation signatures; selective resolution of vulnerabilities; scheduled deployment of remediation signatures; and scheduled scanning of client computers for vulnerabilities.

230 Citations

44 Claims

1. A system for resolving computer vulnerabilities, comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management and process management.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1 further comprising:
    - a scanner capable of scanning said client computer to identify vulnerabilities;
      
      a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures;
      
      wherein said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
  - 3. The system of claim 2, wherein the scanner is an independent scanner and further comprising:
    - an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
  - 4. The system of claim 1 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
  - 5. The system of claim 1 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.

6. A system for resolving computer vulnerabilities, comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signature for each vulnerability;
  
  a download server coupled to said signature module to provide remote access to said remediation signatures;
  
  a client server capable of coupling to said download server to access said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs a remediation profile for each client computer, wherein said remediation signatures can be selectively included in said remediation profile;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management and process management.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The system of claim 6 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 8. The system of claim 6, wherein said remediation profile comprises remediation signatures to resolve vulnerabilities on said client computer.
  - 9. The system of claim 8 further comprising:
    - a scanner capable of scanning said client computer to identify vulnerabilities;
      
      a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures;
      
      wherein said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
  - 10. The system of claim 9, wherein the scanner is an independent scanner and further comprising:
    - an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
  - 11. The system of claim 8 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
  - 12. The system of claim 8 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.

13. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of the plurality of computer vulnerabilities;
  
  constructing at least one remediation signature to address a computer vulnerability; and
  
  deploying at least one remediation signature to at least a portion of the plurality of client computers;
  
  wherein the deploying of the remediation signatures comprises managing vulnerability resolution for the plurality of computers in the network;
  
  wherein managing vulnerability resolution comprises selective resolution of vulnerabilities;
  
  wherein at least a portion of the plurality of client computers in the network are scanned and vulnerabilities identified and wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability;
  
  wherein scanning and identifying comprises;
  
  using an independent scanner to scan the at least a portion of the plurality of client computers in the network;
  
  importing vulnerabilities on the at least a portion of the plurality of client computers in the network identified by the independent scanner;
  
  and mapping the identified vulnerabilities to corresponding remediation signatures;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management and process management.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The system of claim 13 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 15. The method of claim 13, wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability.
  - 16. The method of claim 13, wherein selective resolution of at least one identified vulnerability comprises resolution of selected but not all of the identified vulnerabilities for which corresponding remediation signatures have been mapped.
  - 17. The method of claim 13 wherein the aggregating of vulnerability information comprises obtaining vulnerability information from at least two security intelligence agents.
  - 18. The method of claim 17 wherein the security intelligence agents comprise a database of information regarding known computer vulnerabilities.
  - 19. The method of claim 17 wherein the security intelligence agents comprise a scanning service.
  - 20. The method of claim 13 wherein constructing a remediation database further comprises associating each remediation signature to a corresponding computer vulnerability.
  - 21. The method of claim 13 wherein constructing a remediation database further comprises constructing, testing and approving a remediation signature corresponding to a vulnerability.
  - 22. The method of claim 13 wherein deploying at least one remediation signature comprises constructing a remediation profile for a client computer to address vulnerabilities on that computer.
  - 23. The method of claim 13 wherein the remediation profile comprises selected remediation signatures for the client computer corresponding to vulnerabilities on the client computer.
  - 24. The method of claim 13 further comprising downloading at least one remediation signature to a client server on the network and wherein deploying at least one remediation signature to at least a portion of the plurality of client computers comprises deploying at least one remediation signature from the client server.
  - 25. The method of claim 24 wherein downloading at least one remediation signature comprises providing remote access to at least one remediation signature by uploading at least one approved remediation signature to a download server for remote access by client servers and subsequently downloading at least one remediation signature from the download server to a client server.

26. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities;
  
  constructing a remediation database of the plurality of computer vulnerabilities;
  
  constructing at least one remediation signature to address a computer vulnerability;
  
  using a scanner to scan at least a portion of the plurality of client computers in the network;
  
  recording vulnerabilities identified by the scanner on the scanned portion of the plurality of client computers in the network;
  
  mapping the identified vulnerabilities to corresponding remediation signatures;
  
  managing vulnerability resolution by selectively resolving at least one identified vulnerability on at least a selected portion of the scanned portion of the plurality of client computers by deploying at least one remediation signature to the selected portion of the scanned portion of the plurality of client computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of client computers;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management and process management.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The system of claim 26 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 28. The method of claim 26, wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability.
  - 29. The method of claim 26 wherein selective resolution of at least one identified vulnerability comprises resolution of selected but not all of the identified vulnerabilities for which corresponding remediation signatures have been mapped.
  - 30. The method of claim 26 wherein the scanner is an independent scanner and wherein recording vulnerabilities comprises importing vulnerabilities from the independent scanner.

31. A system for resolving computer vulnerabilities, comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signatures, each remediation signature corresponding to a vulnerability;
  
  a client server capable of receiving said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs a remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise remediation signatures to resolve vulnerabilities on said corresponding client computers;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management and process management.

32. A system for resolving computer vulnerabilities comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signatures, each remediation signature corresponding to a vulnerability;
  
  a client server capable of receiving said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a client computer coupled to said client server;
  
  wherein said deployment module constructs a remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation signatures can be selectively included in said remediation profiles;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management and process management.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The system of claim 32 wherein said remediation profiles comprise remediation signatures to resolve vulnerabilities on said corresponding client computers.
  - 34. The system of claim 33 further comprising:
    - a scanner capable of scanning said client computer to identify vulnerabilities;
      
      a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures;
      
      wherein said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
  - 35. The system of claim 34, wherein the scanner is an independent scanner and further comprising:
    - an import module coupled to the client server capable of importing the identified vulnerabilities for the client computer.
  - 36. The system of claim 33 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
  - 37. The system of claim 33 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.

38. A system for resolving computer vulnerabilities in a plurality of computers on a network comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate said vulnerability information into a remediation database;
  
  a signature module coupled to said remediation server to construct a remediation signatures, each remediation signature corresponding to a vulnerability;
  
  a client server capable of receiving said remediation signatures;
  
  a deployment module coupled to said client server capable of deploying said remediation signatures to a selection of client computers coupled to said client server, wherein said deployment module constructs remediation profiles, each remediation profile corresponding to a client computer, wherein said remediation profiles comprise selectively included remediation signatures to resolve vulnerabilities on said corresponding client computers;
  
  wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a client computer to modify the client computer to address a corresponding vulnerability on the client computer;
  
  wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type and at least one remediation signature of at least one of the following additional remediation types;
  
  service management security permissions management, account management, policy management audit management, file management and process management.
- View Dependent Claims (39, 40, 41, 42, 43, 44)
- - 39. The system of claim 38 wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 40. The system of claim 38 further comprising:
    - a scanner capable of scanning a portion of the plurality of client computers on the network to identify vulnerabilities on each of the scanned client computers;
      
      a mapping module coupled to the client server capable of mapping said identified vulnerabilities to remediation signatures;
      
      wherein each said remediation profile comprises at least one identified vulnerability on the client computer and selectively included remediation signatures mapped to the identified vulnerabilities.
  - 41. The system of claim 40, wherein the scanner is an independent scanner and further comprising:
    - an import module coupled to the client server capable of importing the identified vulnerabilities for the client computers.
  - 42. The system of claim 38 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of selected but not all remediation signatures.
  - 43. The system of claim 38 wherein selective inclusion of said remediation signatures in said remediation profiles comprises inclusion of a remediation signature to selected but not all of the profiles of the plurality of computers in the network.
  - 44. The system of claim 38 further comprising:
    - a download server coupled to said signature module to provide remote access to said remediation signatures;
      
      wherein the client server is capable of coupling to said download server to receive said remediation signatures.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
McAfee, LLC
Original Assignee
Citadel Security Software Incorporated (Green Energy Management Services Holdings, Inc.)
Inventors
Banzhof, Carl E.
Primary Examiner(s)
Song, Hosuk

Application Number

US10/335,490
Publication Number

US 20030126472A1
Time in Patent Office

1,141 Days
Field of Search

713200-202, 713/176, 713/181, 713/150, 713/153, 713/154, 709223-226, 709/229, 709/200, 709/217, 709/219, 726 1- 4, 726/6, 726/11, 726 22- 27
US Class Current

726/2
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/12   Applying verification of th...

H04L 63/1433   Vulnerability analysis

Automated computer vulnerability resolution system

First Claim

12 Assignments

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

230 Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Automated computer vulnerability resolution system

First Claim

12 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

230 Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links