Automated computer vulnerability resolution system

US 7,308,712 B2
Filed: 12/10/2004
Issued: 12/11/2007
Est. Priority Date: 12/31/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:

aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database;

constructing at least one remediation signature to address a computer vulnerability, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;

scanning at least a portion of the plurality of computers in the network;

recording vulnerabilities identified by the scanner on the scanned portion of the plurality of computers in the network;

mapping the identified vulnerabilities to corresponding remediation signatures;

managing vulnerability resolution by selectively resolving at least one identified vulnerability on the scanned portion of the plurality of computers by deploying at least one remediation signature to at least a selected portion of the scanned portion of the plurality of computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of computers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Reexamination

Accused Products

Abstract

A system and process for addressing computer security vulnerabilities. The system and process generally comprise aggregating vulnerability information on a plurality of computer vulnerabilities; constructing a remediation database of said plurality of computer vulnerabilities; constructing a remediation signature to address the computer vulnerabilities; and deploying said remediation signature to a client computer. The remediation signature essentially comprises a sequence of actions to address a corresponding vulnerability. A managed automated approach to the process is contemplated in which the system is capable of selective deployment of remediation signatures; selective resolution of vulnerabilities; scheduled deployment of remediation signatures; and scheduled scanning of client computers for vulnerabilities.

175 Citations

47 Claims

1. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database;
  
  constructing at least one remediation signature to address a computer vulnerability, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
  
  scanning at least a portion of the plurality of computers in the network;
  
  recording vulnerabilities identified by the scanner on the scanned portion of the plurality of computers in the network;
  
  mapping the identified vulnerabilities to corresponding remediation signatures;
  
  managing vulnerability resolution by selectively resolving at least one identified vulnerability on the scanned portion of the plurality of computers by deploying at least one remediation signature to at least a selected portion of the scanned portion of the plurality of computers and using the deployed signature to remediate the identified vulnerability on the selected portion of the scanned portion of the plurality of computers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 3. The method of claim 2, wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type, and at least one remediation signature of at least one of the following additional remediation types:
    - service management, security permissions management, account management, policy management, audit management, file management, and process management.
  - 4. The method of claim 2, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 5. The method of claim 2, wherein selective resolution of vulnerabilities comprises resolution of an identified vulnerability in selected but not all of the plurality of computers in the network having the identified vulnerability.
  - 6. The method of claim 2, wherein selective resolution of at least one identified vulnerability comprises resolution of selected but not all of the identified vulnerabilities for which corresponding remediation signatures have been mapped.
  - 7. The method of claim 2, wherein the scanner is an independent scanner and wherein recording vulnerabilities comprises importing vulnerabilities from the independent scanner.
  - 8. The method of claim 1 wherein the action of aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database comprises the actions of:
    - aggregating vulnerability information on a plurality of computer vulnerabilities; and
      
      constructing a remediation database of the plurality of computer vulnerabilities.
  - 9. The method of claim 1, wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 10. The method of claim 9, wherein the plurality of remediation signatures comprise at least three of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 11. The method of claim 9, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.

12. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- providing a remediation database of a plurality of computer vulnerabilities including a plurality of remediation signatures, each remediation signature addressing at least one of the computer vulnerabilities, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
  
  detecting vulnerabilities on at least a portion of a plurality of computers in the network;
  
  mapping the detected vulnerabilities to corresponding remediation signatures;
  
  resolving at least one detected vulnerability on at least a portion of the plurality of computers by executing at least one corresponding remediation signature to remediate the detected vulnerability on the portion of the plurality of computers,wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least three of the following remediation types;
  
  service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The method of claim 12, wherein the detecting action comprises:
    - using a scanner to scan at least a portion of a plurality of computers in the network to detect vulnerabilities;
      
      recording vulnerabilities detected by the scanner on the portion of the plurality of computers in the network.
  - 14. The method of claim 12, wherein the executing action comprises:
    - deploying the corresponding remediation signature to at least a portion of the detected portion of the network; and
      
      ,using the deployed remediation signature to remediate the detected vulnerability on the portion of the detected portion of the network.
  - 15. The method of claim 12, wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 16. The method of claim 12, wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 17. The method of claim 16, wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise at least three of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 18. The system of claim 16, wherein there are a plurality of remediation signatures and wherein the plurality of remediation signatures comprise all of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.

19. A system for resolving computer vulnerabilities comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database;
  
  a signature module coupled to the remediation server to generate a plurality of remediation signatures which each correspond to a vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
  
  a client server capable of receiving the remediation signatures;
  
  a deployment module coupled to the client server capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the client server for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers and capable of constructing a plurality of remediation profiles, each remediation profile corresponding to a computer, wherein the remediation profiles comprise remediation signatures to resolve vulnerabilities on the corresponding computers.
- View Dependent Claims (20, 21)
- - 20. The system of claim 19, further comprising:
    - a scanner capable of scanning the computer to identify vulnerabilities;
      
      a mapping module coupled to the client server capable of mapping the identified vulnerabilities to remediation signatures;
      
      wherein the remediation profile comprises at least one identified vulnerability on the computer and at least one remediation signature mapped to the identified vulnerability.
  - 21. The system of claim 20, wherein the scanner is an independent scanner and further comprising:
    - an import module coupled to the client server capable of importing the identified vulnerabilities for the computer.

22. A system for resolving computer vulnerabilities comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database;
  
  a signature module coupled to the remediation server to generate a plurality of remediation signatures which each correspond to a vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
  
  a client server capable of receiving the remediation signatures;
  
  a deployment module coupled to the client server capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the client server for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers; and
  
  a download server coupled to the signature module to provide remote access to the remediation signatures;
  
  wherein the client server is capable of coupling to the download server to receive the remediation signatures.
- View Dependent Claims (23, 24, 25)
- - 23. The system of claim 22, wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 24. The system of claim 23, wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type, and at least one remediation signature of at least one of the following additional remediation types:
    - service management, security permissions management, account management, policy management, audit management, file management, and process management.
  - 25. The system of claim 23, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.

26. A system for resolving computer vulnerabilities comprising:
- a remediation server capable of coupling to a security intelligence agent having information about computer vulnerabilities in order to aggregate the vulnerability information into a remediation database;
  
  a signature module coupled to the remediation server to generate a plurality of remediation signatures which each correspond to a vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
  
  a client server capable of receiving the remediation signatures;
  
  a deployment module coupled to the client server capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the client server for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers,wherein the signature module and the remediation database are incorporated within the remediation server.
- View Dependent Claims (27, 28, 29)
- - 27. The system of claim 26, wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 28. The system of claim 27, wherein the plurality of remediation signatures comprise at least three of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 29. The system of claim 27, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.

30. A system for resolving computer vulnerabilities comprising:
- a remediation database containing a plurality of remediation signatures which each correspond to at least one vulnerability and which each comprise an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer;
  
  the remediation database comprising an index mapping each remediation signature to corresponding vulnerabilities;
  
  a deployment module coupled to the remediation database capable of deploying at least a portion of the remediation signatures to a plurality of computers coupled to the remediation database for resolving corresponding vulnerabilities on at least a portion of the plurality of the computers,wherein the plurality of remediation signatures comprise at least three of the following remediation types;
  
  configuration management, backdoor management, service management, account management, and patch management.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. The system of claim 30, wherein the deployment module is capable of selectively deploying remediation signatures to the plurality of computers.
  - 32. The system of claim 31, wherein selective deployment of the remediation signatures comprises deployment of selected but not all remediation signatures.
  - 33. The system of claim 31, wherein selective deployment of the remediation signatures in the comprises deployment of a remediation signature to selected but not all of the plurality of computers.
  - 34. The system of claim 30, wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 35. The system of claim 34, wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type, and at least one remediation signature of at least one of the following additional remediation types:
    - service management, security permissions management, account management, policy management, audit management, file management, and process management.
  - 36. The system of claim 34, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 37. The system of claim 30, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.

38. A method for resolving vulnerabilities in a plurality of computers in a network, comprising:
- aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database;
  
  constructing a plurality of remediation signatures to address the computer vulnerabilities, wherein a remediation signature comprises an automated sequence of actions which may be taken with respect to a computer to modify the computer to address a corresponding vulnerability on the computer, andconstructing an index mapping each remediation signature to corresponding vulnerabilities,wherein the plurality of remediation signatures comprise at least one remediation signature of the registry management type, at least one remediation signature of the patch installation type, and at least one remediation signature of at least one of the following additional remediation types;
  
  service management, security permissions management, account management, policy management, audit management, file management, and process management.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 39. The method of claim 38, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - service management, registry management, security permissions management, account management, policy management, audit management, file management, process management, and patch installation.
  - 40. The method of claim 38, wherein the action of aggregating vulnerability information on a plurality of computer vulnerabilities into a remediation database comprises the actions of:
    - aggregating vulnerability information on a plurality of computer vulnerabilities; and
      
      constructing a remediation database of the plurality of computer vulnerabilities.
  - 41. The method of claim 40, wherein the plurality of remediation signatures comprise at least two of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 42. The method of claim 41, wherein the plurality of remediation signatures comprise at least three of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 43. The method of claim 41, wherein the plurality of remediation signatures comprise all of the following remediation types:
    - configuration management, backdoor management, service management, account management, and patch management.
  - 44. The method of claim 38, wherein the aggregating of vulnerability information comprises obtaining vulnerability information from at least one security intelligence agent.
  - 45. The method of claim 44, wherein the security intelligence agent comprises a database of information regarding known computer vulnerabilities.
  - 46. The method of claim 44, wherein the security intelligence agent comprises a scanning service which scans a computer for vulnerabilities and records the vulnerability information.
  - 47. The method of claim 38, further comprising deploying the remediation signature to a computer and using the remediation signature to modify the computer to address a corresponding vulnerability on the computer.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Banzhof, Carl E.
Primary Examiner(s)
Song, Hosuk

Application Number

US11/009,782
Publication Number

US 20050091542A1
Time in Patent Office

1,096 Days
Field of Search

713/188, 726/1, 726/2, 726/4, 726/6, 726/3, 726/11, 726 22- 27, 709223-225, 709/229
US Class Current

726/22
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/12   Applying verification of th...

H04L 63/1433   Vulnerability analysis

Automated computer vulnerability resolution system

First Claim

2 Assignments

0 Petitions

Reexamination

Accused Products

Abstract

175 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Automated computer vulnerability resolution system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

175 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links