System and method for providing remediation management

US 7,698,275 B2
Filed: 05/20/2005
Issued: 04/13/2010
Est. Priority Date: 05/21/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A system for managing remediations for a plurality of assets in an enterprise network, the system comprising:

a remediation server configured to;

receive asset information from at least one asset to be protected from the plurality of assets, the asset information including information associated with configuration settings of the at least one asset to be protected and information associated with one or more components of the at least one asset to be protected;

generate an asset profile for the at least one asset to be protected, the asset profile including at least the received asset information for the at least one asset to be protected;

transmit, to a content management server, a content request for content associated with one or more vulnerabilities of the plurality of assets in the enterprise network, wherein the content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network is retrieved from one or more of a plurality of content providers that are external to the enterprise network;

in response to the content request, receive, from the content management server, the content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network;

identify one or more vulnerabilities of the at least one asset to be protected by comparing the received asset information in the asset profile of the at least one asset to be protected to the received content from the content management server;

identify one or more remediations for at least one of the identified one or more vulnerabilities of the at least one asset to be protected, wherein each of the one or more remediations includes at least particular content of the received content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network, wherein the particular content is associated with an identified vulnerability of the at least one asset to be protected, and wherein the particular content is operable to remediate the at least one vulnerability; and

generate a remediation task list associated with the at least one asset to be protected, the remediation task list including the one or more identified remediations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, software for remediation management is operable to automatically identify an asset in an enterprise network. One or more vulnerabilities of the identified asset is automatically identified based on comparing the identified asset to content associated with the one or more vulnerabilities. At least a portion of the content is collected from a plurality of third party content providers. Other example software for remediation management may be operable to identify one or more vulnerabilities of an asset based on comparing the asset to content associated with the one or more vulnerabilities and automatically generate remediations for the asset based on the content associated with the one or more vulnerabilities.

Citations

34 Claims

1. A system for managing remediations for a plurality of assets in an enterprise network, the system comprising:
- a remediation server configured to;
  
  receive asset information from at least one asset to be protected from the plurality of assets, the asset information including information associated with configuration settings of the at least one asset to be protected and information associated with one or more components of the at least one asset to be protected;
  
  generate an asset profile for the at least one asset to be protected, the asset profile including at least the received asset information for the at least one asset to be protected;
  
  transmit, to a content management server, a content request for content associated with one or more vulnerabilities of the plurality of assets in the enterprise network, wherein the content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network is retrieved from one or more of a plurality of content providers that are external to the enterprise network;
  
  in response to the content request, receive, from the content management server, the content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network;
  
  identify one or more vulnerabilities of the at least one asset to be protected by comparing the received asset information in the asset profile of the at least one asset to be protected to the received content from the content management server;
  
  identify one or more remediations for at least one of the identified one or more vulnerabilities of the at least one asset to be protected, wherein each of the one or more remediations includes at least particular content of the received content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network, wherein the particular content is associated with an identified vulnerability of the at least one asset to be protected, and wherein the particular content is operable to remediate the at least one vulnerability; and
  
  generate a remediation task list associated with the at least one asset to be protected, the remediation task list including the one or more identified remediations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 34)
- - 2. The system of claim 1, wherein the received content is operable to remediate with the one or more identified vulnerabilities of the at least one asset to be protected.
  - 3. The system of claim 2, wherein the received content is operable to update a configuration setting of the at least one asset to be protected.
  - 4. The system of claim 2, wherein the received content is operable to update at least one of the one or more components of the at least one asset to be protected.
  - 5. The system of claim 1, wherein the remediation server is further configured to:
    - receive, from the at least one asset to be protected, updated asset information associated with the configuration settings and the one or more components of the at least one asset to be protected;
      
      update the asset profile associated with the at least one asset to be protected based on the received updated asset information; and
      
      identify one or more vulnerabilities of the at least one asset to be protected based on comparing the received updated asset information in the updated asset profile to the received content from the content management server, the received content operable to update the at least one asset to be protected.
  - 6. The system of claim 1, wherein the asset information associated with configuration settings and one or more components of the at least one asset to be protected is received from a hidden agent running on the at least one asset to be protected.
  - 7. The system of claim 1, wherein the remediation server is further configured to:
    - transmit, to the content management server, a content request for content associated with one or more vulnerabilities of the at least one asset to be protected, wherein the remediation server retrieves the received asset information associated with the configuration settings and the one or more components of the at least one asset to be protected from the asset profile and includes the retrieved asset information in the content request; and
      
      in response to the content request, receive, from the content management server, at least a portion of the retrieved content associated with the one or more vulnerabilities of at least one asset to be protected, wherein the portion of the retrieved content is identified for the at least one asset to be protected based on at least the retrieved asset information in the content request, and wherein the portion of the retrieved content is operable to remediate the one or more vulnerabilities of the at least one asset to be protected.
  - 8. The system of claim 1, wherein the remediation server is further configured to:
    - determine whether the remediation task list exists for the at least one asset to be protected,wherein the remediation task list is generated in response to a determination that the remediation task list does not exist.
  - 9. The system of claim 1, wherein the received content from the content management server comprises one or more of a script, a release, a link, a patch, or a configuration setting.
  - 10. The system of claim 1, wherein the content retrieved from the content providers comprises content retrieved from one or more of a vendor, a research security firm, a Usenet group, or an original equipment manufacturer.
  - 11. The system of claim 1, wherein the remediation server is further configured to:
    - identify a plurality of assets communicably coupled with the enterprise network;
      
      associate a subset of the plurality of assets as a group based on a subset of a plurality of asset characteristics;
      
      identify one or more vulnerabilities associated with the group based on comparing the subset of asset characteristics to the received content; and
      
      communicate the respective content to the group based on the one or more identified vulnerabilities.
  - 34. The system of claim 1, wherein the remediation server is further configured to:
    - receive a selection of at least one remediation from the identified one or more remediations in the remediation task list; and
      
      transmit the selected at least one remediation to the at least one asset to be protected.

12. An article of manufacture comprising a computer readable storage medium, the computer readable storage medium comprising software for remediation management, the software operable to:
- transmit, by a remediation server to a content management server, a content request for content associated with one or more vulnerabilities of a plurality of assets in an enterprise network, wherein the content associated with the one or more vulnerabilities of the plurality of assets is retrieved from a plurality of content providers that are external to the enterprise network;
  
  in response to the content request, receive at the remediation server from the content management server, the content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network;
  
  identify, at the remediation server, one or more vulnerabilities of at least one asset to be protected from the plurality of assets based on comparing an asset profile of the at least one asset to be protected to the received content from the content management server, the asset profile comprising asset information that includes information associated with configuration settings and information associated with one or more components of the at least one asset to be protected, the at least one asset to be protected communicably coupled to the enterprise network;
  
  identify, at the remediation server, one or more remediations for at least one of the identified one or more vulnerabilities of the at least one asset to be protected, wherein each of the one or more remediations includes at least particular content of the received content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network, wherein the particular content is associated with an identified vulnerability of the at least one asset to be protected, and wherein the particular content is operable to remediate the identified vulnerability;
  
  generate, at the remediation server, a remediation task list associated with the at least one asset to be protected, the remediation task list including the one or more identified remediations; and
  
  communicate, from the remediation server, the identified remediations to the at least one asset to be protected.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 33)
- - 13. The article of manufacture of claim 12, wherein the software is further operable to update the at least one asset to be protected using the identified remediations while prohibiting end user intervention.
  - 14. The article of manufacture of claim 13, wherein a configuration setting of the at least one asset to be protected is updated.
  - 15. The software article of manufacture of claim 13, wherein firmware of at least one of the one or more components of the at least one asset to be protected is updated.
  - 16. The article of manufacture of claim 12, wherein the software is further operable to update, at the remediation server, the asset profile of the at least one asset to be protected based on undated asset information associated with configuration settings and one or more components of the at least one asset to be protected that is received from the at least one asset to be protected.
  - 17. The article of manufacture of claim 12, wherein the software is further operable to:
    - display the remediation task list to an administrator; and
      
      in response to the administrator selecting the one or more identified remediations for the at least one asset to be protected, bundle the selected remediations into an update bundle;
      
      wherein the software operable to communicate the identified remediations comprises software operable to communicate the update bundle to the at least one asset to be protected; and
      
      the software is further operable to automatically update the at least one asset to be protected using the update bundle.
  - 18. The article of manufacture of claim 13, wherein each remediation is associated with a risk level, and the software further operable to:
    - identify a risk threshold associated with the at least one asset to be protected; and
      
      in response to a risk level of a remediation violating the risk threshold, update the at least one asset to be protected based on the remediation while prohibiting end user intervention.
  - 19. The article of manufacture of claim 12, wherein the received content from the content management server comprises one or more of a script, a release, a link, a patch, or a configuration setting.
  - 20. The article of manufacture of claim 12, wherein the content retrieved from the content providers comprises content retrieved from one or more of a vendor, a research security firm, a Usenet group, or an original equipment manufacturer.
  - 21. The article of manufacture of claim 12, wherein the software is further operable to:
    - identify a plurality of assets communicably coupled with the enterprise network;
      
      associate a subset of the plurality of assets as a group based on a subset of a plurality of asset characteristics;
      
      identify one or more vulnerabilities associated with the group based on comparing the subset of asset characteristics to the content; and
      
      communicate the respective content to the group based on the one or more identified vulnerabilities.
  - 22. The article of manufacture of claim 12, wherein the software is further operable to:
    - poll the content management server for content associated with the at least one asset to be protected at a configurable period of time; and
      
      update local content at the remediation server based on content identified at the content management server.
  - 33. The method of claim 22, further comprising:
    - polling the content management server for content associated with the at least one asset to be protected at a configurable period of time; and
      
      updating local content at the remediation server based on content identified at the content management server.

23. A method for remediation management, the method comprising:
- transmitting, by a remediation server to a content management server, a content request for content associated with one or more vulnerabilities of a plurality of assets in an enterprise network, wherein the content associated with the one or more vulnerabilities of the plurality of assets is retrieved from a plurality of content providers that are external to the enterprise network;
  
  in response to the content request, receiving at the remediation server from the content management server, the content associated with the one or more vulnerabilities of the plurality of assets in the enterprise network;
  
  identifying, at the remediation server, one or more vulnerabilities of at least one asset to be protected from the plurality of assets based on comparing an asset profile of the at least one asset to be protected to the received content from the content management server, the asset profile comprising asset information that includes information associated with configuration settings and information associated with one or more components of the at least one asset to be protected, the at least one asset to be protected communicably coupled to an enterprise network;
  
  identifying, at the remediation server, one or more remediations for at least one of the identified one or more vulnerabilities of the at least one asset to be protected, wherein each of the one or more remediations includes at least particular content of the received content associated with the one or more vulnerabilities of the of assets in the enterprise network, wherein the particular content is associated with an identified vulnerability of the at least one asset to be protected, and wherein the particular content is operable to remediate the identified vulnerability;
  
  generating at the remediation server, a remediation task list associated with the at least one asset to be protected, the remediation task list including the one or more identified remediations; and
  
  communicating, from the remediation server, the identified remediations to the at least one asset to be protected.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The method of claim 23, further comprising updating the at least one asset to be protected using the identified remediations while prohibiting end user intervention.
  - 25. The method of claim 24, wherein a configuration setting of the at least one asset to be protected is updated.
  - 26. The method of claim 24, wherein firmware of at least one of the one or more components of the at least one asset to be protected is updated.
  - 27. The method of claim 23, further comprising updating, at the remediation server, the asset profile of the at least one asset to be protected based on updated asset information associated with configuration settings and one or more components of the at least one asset to be protected that is received from the at least one asset to be protected.
  - 28. The method of claim 23, further comprising:
    - displaying the remediation task list to an administrator; and
      
      in response to the administrator selecting the one or more identified remediations for the at least one asset to be protected, bundling the selected remediations into an update bundle;
      
      wherein communicating the identified remediations comprises communicating the update bundle to the at least one asset to be protected; and
      
      the method further comprising automatically updating the at least one asset to be protected using the update bundle.
  - 29. The method of claim 24, wherein each remediation is associated with a risk level, and the method further comprising:
    - identifying a risk threshold associated with the at least one asset to be protected; and
      
      in response to a risk level of a remediation violating the risk threshold, updating the at least one asset to be protected based on the remediation while prohibiting end user intervention.
  - 30. The method of claim 23, wherein the received content from the content management server comprises one or more of a script, a release, a link, a patch, or a configuration setting.
  - 31. The method of claim 23, wherein the content retrieved from the content providers comprises content retrieved from one or more of a vendor, a research security firm, a Usenet group, or an original equipment manufacturer.
  - 32. The method of claim 23, further comprising:
    - identifying a plurality of assets communicably coupled with the enterprise network;
      
      associating a subset of the plurality of assets as a group based on a subset of a plurality of asset characteristics;
      
      identifying one or more vulnerabilities associated with the group based on comparing the subset of asset characteristics to the content; and
      
      communicating the respective content to the group based on the one or more identified vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Computer Associates Think Inc. (Broadcom, Inc.)
Inventors
Giubileo, John, Rankin, David C., O'Brien, Darci
Primary Examiner(s)
Alam; Hosain T
Assistant Examiner(s)
OBERLY, VAN HONG

Application Number

US11/133,958
Publication Number

US 20060010497A1
Time in Patent Office

1,789 Days
Field of Search

707/9, 707/10
US Class Current

1/1
CPC Class Codes

G06Q 10/10 Office automation; Time man...

System and method for providing remediation management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing remediation management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links