Vulnerability-based remediation selection
First Claim
1. A host device comprising:
- at least one processor;
at least one memory device;
a network interface device;
a sensor program held in the at least one memory device and executable by the at least one processor to;
assess a current state of the host device and identifying a set of vulnerabilities X;
send information representative of the current state of the host device including a representation of the set of vulnerabilities X to a server via the network interface device;
receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;
instructions executable by the processor through the sensor program, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and
for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
implement the single remediation upon the host device through execution of the instructions of the received remediation information to mitigate the plurality of vulnerabilities present on the host device reassess the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y;
compare the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and
send information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device.
0 Assignments
0 Petitions
Accused Products
Abstract
A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto.
87 Citations
12 Claims
-
1. A host device comprising:
-
at least one processor; at least one memory device; a network interface device; a sensor program held in the at least one memory device and executable by the at least one processor to; assess a current state of the host device and identifying a set of vulnerabilities X; send information representative of the current state of the host device including a representation of the set of vulnerabilities X to a server via the network interface device; receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including; instructions executable by the processor through the sensor program, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
implement the single remediation upon the host device through execution of the instructions of the received remediation information to mitigate the plurality of vulnerabilities present on the host device reassess the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y;compare the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and send information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device. - View Dependent Claims (2, 3, 4)
-
-
5. A method comprising:
-
assessing, on a host device, a current state of the host device and identifying a set of vulnerabilities X; sending information representative of the current state of the host device including a representation of the set of vulnerabilities X from the host device to a server via a network interface device of the host device; receiving, via the network interface device of the host device, vulnerability remediation information from the server, the vulnerability remediation information including; instructions executable by a processor of the host device through a sensor program implementing the method, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
implementing the single remediation upon the host device through execution of the instruction of the received remediation information to mitigate the plurality of vulnerabilities present on the host device;reassessing the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y; comparing the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and sending information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device. - View Dependent Claims (6, 7, 8)
-
-
9. A non-transitory machine-readable storage medium, with instructions stored thereon, which when executed by at least one processor, causes a machine to perform a method comprising:
-
assessing, on a host device, a current state of the host device and identifying a set of vulnerabilities X; sending information representative of the current state of the host device including a representation of the set of vulnerabilities X from the host device to a server via a network interface device of the host device; receiving, via the network interface device of the host device, vulnerability remediation information from the server, the vulnerability remediation information including; instructions executable by a processor of the host device through a sensor program implementing the method, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); implementing the single remediation upon the host device through execution of the instructions of the received remediation information to mitigate the plurality of vulnerabilities present on the host device˜ reassessing the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y; comparing the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and sending information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device. - View Dependent Claims (10, 11, 12)
-
Specification