Data structure for vulnerability-based remediation selection

US 7,694,337 B2
Filed: 09/20/2004
Issued: 04/06/2010
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-readable storage medium storing machine-readable instructions executable by a processor of a machine, the machine-readable instructions comprising instructions executable by the processor to implement variations of one remediation that is appropriate to a vulnerability which is present on an asset to be remediated, the machine-readable instructions executable by the processor to implement the variations of the one remediation by:

arranging one or more machine-actionable records according to a data structure and representing variations of the one remediation differentiated by technology species, the data structure including links that respectively map between;

the one remediation, as represented in the data structure, and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T),for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT),wherein implementation of the one remediation upon the asset mitigates against the vulnerability present on the asset as a function of a T_ID of the asset to be remediated and at least one action respectively mapped to the one remediation selected as a function of the T_ID of the asset.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto.

42 Citations

View as Search Results

22 Claims

1. A machine-readable storage medium storing machine-readable instructions executable by a processor of a machine, the machine-readable instructions comprising instructions executable by the processor to implement variations of one remediation that is appropriate to a vulnerability which is present on an asset to be remediated, the machine-readable instructions executable by the processor to implement the variations of the one remediation by:
- arranging one or more machine-actionable records according to a data structure and representing variations of the one remediation differentiated by technology species, the data structure including links that respectively map between;
  
  the one remediation, as represented in the data structure, and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T),for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT),wherein implementation of the one remediation upon the asset mitigates against the vulnerability present on the asset as a function of a T_ID of the asset to be remediated and at least one action respectively mapped to the one remediation selected as a function of the T_ID of the asset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 16)
- - 2. The storage medium of claim 1, wherein the links of the data structure includes a R_ID field, the contents of which denote an identification (ID) of the one remediation (R_ID).
  - 3. The storage medium of claim 1, wherein:
    - execution of the action denoted by the contents of at least one ACT_ID field upon the asset at least in part implements the remediation.
  - 4. The storage medium of claim 1, wherein the data structure further includes:
    - at least one AS_ID field, the contents of which denotes an ID of an asset (AS_ID) to which the remediation is to be applied.
  - 5. The storage medium of claim 4, wherein:
    - execution of the action denoted by the contents of at least one ACT_ID field upon the asset denoted by the contents of the at least one AS_ID field at least in part implements the remediation.
  - 6. The storage medium of claim 4, wherein each machine-actionable record forms a data structure, the data structure for at least one of the one-or-more machine-actionable records including:
    - two or more V_ID fields, the contents of which denote two or more IDs of vulnerabilities (V_IDs), respectively;
      
      the plurality of ACT_ID fields;
      
      two or more SS links relating one or more among the plurality of ACT_ID fields as a subset (SS) thereof, respectively;
      
      two or more AS_ID fields, the contents of which denote two or more AS_IDs; and
      
      at least one of the following,(A) at least two vulnerability subset (V-SS) links between the two or more V_ID fields, respectively, and two or more subsets of the ACT_ID fields,(B) at least two remediation vulnerability (R-V) links between the R_ID field and the two or more V_ID fields, respectively,(C) at least two remediation subset (R-SS) links between the R_ID field and the two or more subsets of the ACT_ID fields, respectively, and(D) at least two remediation asset (R-AS) links between the R_ID field and the two or more AS_ID fields, respectively.
  - 7. The storage medium of claim 2, wherein each machine-actionable record forms a data structure, the data structure for at least one of the one-or-more machine-actionable records includes including:
    - two or more V_ID fields, the contents of which denote two or more V_IDs, respectively;
      
      the plurality of ACT_ID fields, the contents of which denote a plurality of ACT_IDs, respectively;
      
      at least two SS links relating one or more among the plurality of ACT_ID fields as a subset (SS) thereof, respectively; and
      
      at least one of the following,(A) at least two vulnerability subset (V-SS) links between the two or more V_ID fields, respectively, and two or more subsets of the ACT_ID fields,(B) at least two remediation vulnerability (R-V) links between the R_ID field and the two or more V_ID fields, respectively, and(C) at least two remediation subset (R-SS) links between the R_ID field and two or more subsets of the ACT_ID field, respectively.
  - 10. A machine having a machine-readable storage medium as in claim 1.
  - 11. A machine having a machine-readable storage medium as in claim 2.
  - 12. A machine having a machine-readable storage medium as in claim 3.
  - 13. A machine having a machine-readable storage medium as in claim 4.
  - 14. A machine having a machine-readable storage medium as in claim 5.
  - 15. A machine having a machine-readable storage medium as in claim 6.
  - 16. A machine having a machine-readable storage medium as in claim 7.

8. A method of selecting a remediation that is appropriate to a vulnerability which is present on a machine to be remediated, the method comprising:
- providing a machine-actionable memory that includes one or more machine-actionable records arranged according to a data structure and representing variations of remediations differentiated by technology species, the data structure including links within the one or more machine-actionable records that respectively map between;
  
  one remediation and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T),for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT), wherein implementation of the one remediation upon an asset mitigates against a vulnerability,indexing into the memory to select at least one machine-actionable record using a given vulnerability identifier (V_ID) and a remediation mapped to the given vulnerability identifier of the at least one selected machine-actionable record to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier, the at least one action selected as a function of a T_ID of the machine to be remediated;
  
  wherein the indexing into the memory and selecting the at least one machine-actionable record are performed according to an instruction set executed by a processor.
- View Dependent Claims (9, 19, 20)
- - 9. The method of claim 8, wherein:
    - the links of the data structure of respective machine-actionable records include a R_ID field, the contents of which denote an identification (ID) of the one remediation (R_ID),the indexing into the memory to select the at least one machine-actionable record indexes using the given V_ID value which denotes an ID of a vulnerability to determine (A) at least one of a R_ID value mapped thereto and (B) at least one ACT_ID value mapped to the given V_ID value.
  - 19. A machine configured to implement the method of claim 8.
  - 20. A machine configured to implement the method of claim 9.

17. A machine-readable storage medium storing machine-readable instructions executable by a processor of a machine, the machine-readable instructions comprising instructions executable by the processor to select a remediation that is appropriate to a vulnerability which is present on an asset to be remediated, the machine-readable instructions executable by the processor to select the remediation by:
- providing one or more machine-actionable records arranged according to a data structure and representing variations of remediations differentiated by technology species, the data structure including links within the one or more machine-actionable records that respectively map between;
  
  one remediation and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T),for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT), wherein implementation of the one remediation upon an asset mitigates against a vulnerability;
  
  indexing into the memory to select at least one machine-actionable record using a given vulnerability identifier (V_ID) and a technology species mapped to the given vulnerability identifier to determine (A) at least one of a remediation of the at least one selected machine-actionable record mapped thereto and (B) at least one action of the at least one selected machine-actionable record mapped to the given vulnerability identifier, the at least one action selected as a function of a T_ID of the asset to be remediated.
- View Dependent Claims (18)
- - 18. The machine-readable storage medium of claim 17, wherein:
    - the links of the data structure of respective machine-actionable records include a R_ID field, the contents of which denote an identification (ID) of the one remediation (R_ID);
      
      the indexing indexes into the memory to select the at least one machine-actionable record using the given V_ID value and a technology species mapped to the given vulnerability identifier to determine (A) at least one of a R_ID value mapped thereto and (B) at least one ACT_ID value mapped to the given V_ID value.

21. An apparatus for selecting a remediation that is appropriate to a vulnerability which is present on a machine to be remediated, comprising:
- a processor;
  
  a machine-readable memory in communication with the processor, the machine-readable memory storing one or more machine-actionable records arranged according to a data structure and representing variations of remediations differentiated by technology species, the data structure including links within the one or more machine-actionable records that respectively map between;
  
  one remediation and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T), andfor each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT), wherein implementation of the one remediation upon an asset mitigates against a vulnerability, andmeans for indexing into the memory to select at least one machine-actionable record using a given vulnerability identifier (V_ID) and a technology species mapped to the given vulnerability identifier to determine (A) at least one of a remediation of the at least one selected machine-actionable record mapped thereto and (B) at least one action of the at least one selected machine-actionable record mapped to the given vulnerability identifier, the at least one action selected as a function of the T_ID of the asset to be remediated.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, whereinthe links of the data structure within the at least one machine-actionable records, respectively, map betweena R_ID field, the contents of which denote an identification (ID) of a remediation (R_ID),at least one ACT_ID field, the contents of which denotes an ID of an action (ACT_ID), andat least two V_ID fields, the contents of which denote IDs of vulnerabilities (V_IDs);
    - andthe means for indexing includes means for indexing into the memory to select at least one machine-actionable record using the given V_ID value and a technology species mapped to the given vulnerability identifier to determine (A) at least one of a R_ID value mapped thereto and (B) at least one ACT_ID value mapped to the given V_ID value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Gandhe, Sudhir, O'Brien, Eric David, Tyree, David Spencer, D'Mello, Kurt
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
Zee; Edward

Application Number

US10/944,406
Publication Number

US 20060021053A1
Time in Patent Office

2,024 Days
Field of Search

713/201, 726 22- 25, 717/168, 717/170
US Class Current

726/22
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/577 Assessing vulnerabilities a...

Data structure for vulnerability-based remediation selection

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Data structure for vulnerability-based remediation selection

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links