Vulnerability-based remediation selection

US 8,561,197 B2
Filed: 04/22/2010
Issued: 10/15/2013
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A host device comprising:

at least one processor;

at least one memory device;

a network interface device;

a sensor program held in the at least one memory device and executable by the at least one processor to;

assess a current state of the host device and identifying a set of vulnerabilities X;

send information representative of the current state of the host device including a representation of the set of vulnerabilities X to a server via the network interface device;

receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;

instructions executable by the processor through the sensor program, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and

for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);

implement the single remediation upon the host device through execution of the instructions of the received remediation information to mitigate the plurality of vulnerabilities present on the host device reassess the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y;

compare the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and

send information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto.

87 Citations

View as Search Results

12 Claims

1. A host device comprising:
- at least one processor;
  
  at least one memory device;
  
  a network interface device;
  
  a sensor program held in the at least one memory device and executable by the at least one processor to;
  
  assess a current state of the host device and identifying a set of vulnerabilities X;
  
  send information representative of the current state of the host device including a representation of the set of vulnerabilities X to a server via the network interface device;
  
  receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;
  
  instructions executable by the processor through the sensor program, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and
  
  for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
  
  implement the single remediation upon the host device through execution of the instructions of the received remediation information to mitigate the plurality of vulnerabilities present on the host device reassess the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y;
  
  compare the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and
  
  send information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device.
- View Dependent Claims (2, 3, 4)
- - 2. The host device of claim 1, wherein the host device is a printer.
  - 3. The host device of claim 1, wherein the vulnerability remediation information includes a R_ID denoting an identification (ID) of the at least one remediation (R).
  - 4. The host device of claim 1, where the sensor program is further executable by the at least one processor to:
    - receive, via the network interface device, information to be processed during the assessing of the current state of the host device, the received information identifying a particular vulnerability.

5. A method comprising:
- assessing, on a host device, a current state of the host device and identifying a set of vulnerabilities X;
  
  sending information representative of the current state of the host device including a representation of the set of vulnerabilities X from the host device to a server via a network interface device of the host device;
  
  receiving, via the network interface device of the host device, vulnerability remediation information from the server, the vulnerability remediation information including;
  
  instructions executable by a processor of the host device through a sensor program implementing the method, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and
  
  for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
  
  implementing the single remediation upon the host device through execution of the instruction of the received remediation information to mitigate the plurality of vulnerabilities present on the host device;
  
  reassessing the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y;
  
  comparing the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and
  
  sending information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the host device is a printer.
  - 7. The method of claim 5, wherein the vulnerability remediation information includes a R_ID denoting an identification (ID) of the at least one remediation (R).
  - 8. The method of claim 5, further comprising:
    - receiving, via the network interface device, information to be processed during the assessing of the current state of the host device, the received information identifying a particular vulnerability.

9. A non-transitory machine-readable storage medium, with instructions stored thereon, which when executed by at least one processor, causes a machine to perform a method comprising:
- assessing, on a host device, a current state of the host device and identifying a set of vulnerabilities X;
  
  sending information representative of the current state of the host device including a representation of the set of vulnerabilities X from the host device to a server via a network interface device of the host device;
  
  receiving, via the network interface device of the host device, vulnerability remediation information from the server, the vulnerability remediation information including;
  
  instructions executable by a processor of the host device through a sensor program implementing the method, the instructions including a single remediation to remediate a plurality of vulnerabilities of the set of vulnerabilities X on the host device and a plurality of T_ID fields, wherein the content of a T_ID field denotes an identification (ID) of a technology species (T) present in the host device; and
  
  for each of the T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
  
  implementing the single remediation upon the host device through execution of the instructions of the received remediation information to mitigate the plurality of vulnerabilities present on the host device˜
  
  reassessing the current state of the host device following implementation of the single remediation on the host device to identify a set of vulnerabilities Y;
  
  comparing the sets of vulnerabilities X and Y to verify successful remediation of the plurality of vulnerabilities of the set of vulnerabilities X and to identify any further vulnerabilities of the set of vulnerabilities X remediated; and
  
  sending information representative of the reassessed current state of the host device including a representation of any additional vulnerabilities of the set of vulnerabilities X remediated and the set of vulnerabilities Y to the server via the network interface device.
- View Dependent Claims (10, 11, 12)
- - 10. The non-transitory machine-readable storage medium of claim 9, wherein the host device is a printer.
  - 11. The non-transitory machine-readable storage medium of claim 9, wherein the vulnerability remediation information includes a R_ID denoting an identification (ID) of the at least one remediation (R).
  - 12. The non-transitory machine-readable storage medium of claim 9, the method further comprising:
    - receiving, via the network interface device, information to be processed during the assessing of the current state of the host device, the received information identifying a particular vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
D'Mello, Kurt, Tyree, David Spencer, Gandhe, Sudhir
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
WANG, HARRIS C

Application Number

US12/765,431
Publication Number

US 20100199353A1
Time in Patent Office

1,272 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/577 Assessing vulnerabilities a...

Vulnerability-based remediation selection

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Vulnerability-based remediation selection

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links