Automated computer vulnerability resolution system
First Claim
1. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database;
constructing at least one remediation signature to address a computer vulnerability, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
scanning at least a portion of the plurality of computers in the network;
recording vulnerabilities identified by the scanner on the scanned portion of the plurality of computers in the network;
mapping the identified vulnerabilities to corresponding remediation signatures;
managing vulnerability resolution by selectively resolving at least one identified vulnerability on the scanned portion of the plurality of computers by deploying at least one remediation signature to at least a selected portion of the scanned portion of the plurality of computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of computers.
2 Assignments
0 Petitions
Reexamination
Accused Products
Abstract
A system and process for addressing computer security vulnerabilities. The system and process generally comprise aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; constructing a remediation signature to address the computer vulnerabilities; and deploying said remediation signature to a client computer. The remediation signature essentially comprises a sequence of actions to address a corresponding vulnerability. A managed automated approach to the process is contemplated in which the system is capable of selective deployment of remediation signatures; selective resolution of vulnerabilities; scheduled deployment of remediation signatures; and scheduled scanning of client computers for vulnerabilities.
175 Citations
47 Claims
-
1. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database; constructing at least one remediation signature to address a computer vulnerability, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer; scanning at least a portion of the plurality of computers in the network; recording vulnerabilities identified by the scanner on the scanned portion of the plurality of computers in the network; mapping the identified vulnerabilities to corresponding remediation signatures; managing vulnerability resolution by selectively resolving at least one identified vulnerability on the scanned portion of the plurality of computers by deploying at least one remediation signature to at least a selected portion of the scanned portion of the plurality of computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of computers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
providing a remediation database of a plurality of computer vulnerabilities including a plurality of remediation signatures, each remediation signature addressing at least one of the computer vulnerabilities, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer; detecting vulnerabilities on at least a portion of a plurality of computers in the network; mapping the detected vulnerabilities to corresponding remediation signatures; resolving at least one detected vulnerability on at least a portion of the plurality of computers by executing at least one corresponding remediation signature to remediate the detected vulnerability on the portion of the plurality of computers, wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least three of the following remediation types;
service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A system for resolving computer vulnerabilities comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database; a signature module coupled to the remediation server to generate a plurality of remediation signatures which each correspond to a vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer; a client server capable of receiving the remediation signatures; a deployment module coupled to the client server capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the client server for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers and capable of constructing a plurality of remediation profiles, each remediation profile corresponding to a computer, wherein the remediation profiles comprise remediation signatures to resolve vulnerabilities on the corresponding computers. - View Dependent Claims (20, 21)
-
-
22. A system for resolving computer vulnerabilities comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database; a signature module coupled to the remediation server to generate a plurality of remediation signatures which each correspond to a vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer; a client server capable of receiving the remediation signatures; a deployment module coupled to the client server capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the client server for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers; and a download server coupled to the signature module to provide remote access to the remediation signatures; wherein the client server is capable of coupling to the download server to receive the remediation signatures. - View Dependent Claims (23, 24, 25)
-
-
26. A system for resolving computer vulnerabilities comprising:
-
a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database; a signature module coupled to the remediation server to generate a plurality of remediation signatures which each correspond to a vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer; a client server capable of receiving the remediation signatures; a deployment module coupled to the client server capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the client server for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers, wherein the signature module and the remediation database are incorporated within the remediation server. - View Dependent Claims (27, 28, 29)
-
-
30. A system for resolving computer vulnerabilities comprising:
-
a remediation database containing a plurality of remediation signatures which each correspond to at least one vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer; the remediation database comprising an index mapping each remediation signature to corresponding vulnerabilities; a deployment module coupled to the remediation database capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the remediation database for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers, wherein the plurality of remediation signatures comprise at least three of the following remediation types;
configuration management, backdoor management, service management, account management, and patch management. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
-
-
38. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
-
aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database; constructing a plurality of remediation signatures to address the computer vulnerabilities, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer, and constructing an index mapping each remediation signature to corresponding vulnerabilities, wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type, and at least one remediation signature of at least one of the following additional remediation types;
service management, security permissions management, account management, policy management, audit management, file management, and process management. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification