Mapping remediation to plurality of vulnerabilities
First Claim
Patent Images
1. A method of mapping a remediation to a plurality of vulnerabilities, the method comprising:
- assessing susceptibility of a non-remediated machine to a first vulnerability and at least a second vulnerability by testing the non-remediated machine for susceptibility to the first vulnerability and at least the second vulnerability, the first vulnerability indicating a remediation;
if the assessing of the non-remediated machine results in a first set of two or more vulnerabilities, including the first vulnerability and the second vulnerability, to which the machine is susceptible, then;
implementing the remediation for the first vulnerability upon the machine to remediate the first vulnerability on the non-remediated machine;
assessing susceptibility of the remediated machine to the first vulnerability and at least the second vulnerability by testing the remediated machine for susceptibility to the first vulnerability and at least the second vulnerability;
if the assessing of the remediated machine identifies that the machine has been remediated for the first and second vulnerabilities and results in a second set of vulnerabilities to which the machine is susceptible, removing the vulnerabilities of the second set of vulnerabilities from first set of two or more vulnerabilities to obtain a residual set of plural vulnerabilities, the residual set including the first and second vulnerabilities, thencreating a machine-actionable map between the implemented remediation and the vulnerabilities of the residual set, the machine-actionable map available for further susceptibility assessment and vulnerability remediation.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of mapping a remediation to a plurality of vulnerabilities may include: assessing susceptibility of an non-remediated machine to a first vulnerability, which results in a first set of two or more vulnerabilities to which the machine is susceptible; implementing the remediation upon the machine; assessing susceptibility of the remediated machine to the first vulnerability, which results in a second set of vulnerabilities to which the machine is susceptible; and creating a machine-actionable map between the remediation and two or more members of the first set based upon differences between the first and second sets.
64 Citations
15 Claims
-
1. A method of mapping a remediation to a plurality of vulnerabilities, the method comprising:
-
assessing susceptibility of a non-remediated machine to a first vulnerability and at least a second vulnerability by testing the non-remediated machine for susceptibility to the first vulnerability and at least the second vulnerability, the first vulnerability indicating a remediation; if the assessing of the non-remediated machine results in a first set of two or more vulnerabilities, including the first vulnerability and the second vulnerability, to which the machine is susceptible, then; implementing the remediation for the first vulnerability upon the machine to remediate the first vulnerability on the non-remediated machine; assessing susceptibility of the remediated machine to the first vulnerability and at least the second vulnerability by testing the remediated machine for susceptibility to the first vulnerability and at least the second vulnerability; if the assessing of the remediated machine identifies that the machine has been remediated for the first and second vulnerabilities and results in a second set of vulnerabilities to which the machine is susceptible, removing the vulnerabilities of the second set of vulnerabilities from first set of two or more vulnerabilities to obtain a residual set of plural vulnerabilities, the residual set including the first and second vulnerabilities, then creating a machine-actionable map between the implemented remediation and the vulnerabilities of the residual set, the machine-actionable map available for further susceptibility assessment and vulnerability remediation. - View Dependent Claims (2, 3, 4, 9, 10, 11, 12, 14, 15)
-
-
5. A machine-readable medium comprising instructions, execution of which by a machine maps a remediation to a plurality of vulnerabilities, the machine-readable instructions including:
-
a first code segment to assess susceptibility of a non-remediated machine to a first vulnerability and at least a second vulnerability by testing the non-remediated machine for susceptibility to the first vulnerability and at least the second vulnerability, the first vulnerability indicating a remediation; if the assessing of the non-remediated machine results in a first set of two or more vulnerabilities to which the machine is susceptible, then executing; a second code segment to implement the remediation for the first vulnerability upon the machine to remediate the first vulnerability on the non-remediated machine; a third code segment to assess susceptibility of the remediated machine to the first vulnerability and at least the second vulnerability by testing the remediated machine for susceptibility to the first vulnerability and at least the second vulnerability; if the assessing of the remediated machine identifies that the machine has been remediated for the first and second vulnerabilities and results in a second set of vulnerabilities to which the machine is susceptible, then executing; a fourth code segment to remove the vulnerabilities of the second set of vulnerabilities from the first set of two or more vulnerabilities to obtain a residual set of plural vulnerabilities, the residual set including the first and second vulnerabilities and create a machine-actionable map between the implemented remediation and the vulnerabilities of the residual set, the machine actionable map available for further susceptibility assessment and vulnerability remediation. - View Dependent Claims (6, 7, 8)
-
-
13. An apparatus for mapping a remediation to a plurality of vulnerabilities, the apparatus comprising:
-
means for assessing susceptibility of a non-remediated machine to a first vulnerability and at least a second vulnerability by testing the non-remediated machine for susceptibility to the first vulnerability and at least the second vulnerability, the first vulnerability indicating a remediation; if the assessing of the non-remediated machine results in a first set of two or more vulnerabilities, including the first vulnerability and the second vulnerability, to which the machine is susceptible, then means for; implementing the remediation for the first vulnerability upon the machine to remediate the first vulnerability on the non-remediated machine; assessing susceptibility of the remediated machine to the first vulnerability and at least the second vulnerability by testing the remediated machine for susceptibility to the first vulnerability and at least the second vulnerability; if the means for assessing of the remediated machine identifies that the machine has been remediated for the first and second vulnerabilities and identifies a second set of vulnerabilities to which the machine is susceptible, means for; removing the vulnerabilities of the second set of vulnerabilities from first set of two or more vulnerabilities to obtain a residual set of plural vulnerabilities, the residual set including the first and second vulnerabilities, and creating a machine-actionable map between the implemented remediation and the vulnerabilities of the residual set, the machine-actionable map available for further susceptibility assessment and vulnerability remediation.
-
Specification