Determining technology-appropriate remediation for vulnerability

US 8,635,702 B2
Filed: 04/04/2012
Issued: 01/21/2014
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. An automated computerized method of determining one or more technology-appropriate remediations for a common aspect of vulnerability in a system, the method comprising:

receiving one or more vulnerability identifications (VIDs) and descriptions thereof, respectively, that have a common aspect of vulnerability;

in response to the receiving of the one or more VIDs, determining, by executing instructions on a processor of a computer, a remediation identification (RID) associated with the common aspect of vulnerability;

in response to the determining of the RID, creating, by executing further instructions on the processor of the computer, based upon the one or more VIDs and the descriptions thereof, a first machine-actionable map between the RID, one or more technology identifications (TIDs), and one or more action identifications (ACTIDs) for actions that remediate the common aspect of vulnerability represented by the RID, where the first machine-actionable map is a representation of the remediation candidate, wherein the creating of the first machine-actionable map includes;

providing a plurality of machine-actionable second maps, each second map being between a given RID, at least two TIDs for which the given RID can be used, and two or more sets of ACTIDs, the two or more set of ACTIDs corresponding to the at least two TIDs, respectively;

selecting one or more instances of the plurality of second maps, where the one or more selected instances of second maps represents the first machine-actionable map, the selecting of one or more instances of the plurality of second maps includes;

indexing into the plurality of second maps using the RID to obtain a first subset of the plurality of second maps;

determining a list of one or more TIDs that correspond to the one or more VIDs, the determining of the list including;

determining, for each of the one or more VIDs, a technology genus associated with a given VID; and

populating the list with TIDs of technology species associated with the technology genus; and

eliminating members of the first subset that are specific to TIDs which are not present on the list; and

storing the first machine-actionable map.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between: a RID field, the contents of which denote an identification (ID) of a remediation (RID); at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively; and at least one ACTID field, the contents of which denotes an ID of an action (ACTID). A method, of selecting a remediation that is appropriate to a technology present on a machine to be remediated, may include: providing such a machine-actionable memory; and indexing into the memory using a given RID value and a given TID value to determine values of the at-least-one ACTID corresponding to the given RID value and appropriate to the given TID value.

83 Citations

View as Search Results

18 Claims

1. An automated computerized method of determining one or more technology-appropriate remediations for a common aspect of vulnerability in a system, the method comprising:
- receiving one or more vulnerability identifications (VIDs) and descriptions thereof, respectively, that have a common aspect of vulnerability;
  
  in response to the receiving of the one or more VIDs, determining, by executing instructions on a processor of a computer, a remediation identification (RID) associated with the common aspect of vulnerability;
  
  in response to the determining of the RID, creating, by executing further instructions on the processor of the computer, based upon the one or more VIDs and the descriptions thereof, a first machine-actionable map between the RID, one or more technology identifications (TIDs), and one or more action identifications (ACTIDs) for actions that remediate the common aspect of vulnerability represented by the RID, where the first machine-actionable map is a representation of the remediation candidate, wherein the creating of the first machine-actionable map includes;
  
  providing a plurality of machine-actionable second maps, each second map being between a given RID, at least two TIDs for which the given RID can be used, and two or more sets of ACTIDs, the two or more set of ACTIDs corresponding to the at least two TIDs, respectively;
  
  selecting one or more instances of the plurality of second maps, where the one or more selected instances of second maps represents the first machine-actionable map, the selecting of one or more instances of the plurality of second maps includes;
  
  indexing into the plurality of second maps using the RID to obtain a first subset of the plurality of second maps;
  
  determining a list of one or more TIDs that correspond to the one or more VIDs, the determining of the list including;
  
  determining, for each of the one or more VIDs, a technology genus associated with a given VID; and
  
  populating the list with TIDs of technology species associated with the technology genus; and
  
  eliminating members of the first subset that are specific to TIDs which are not present on the list; and
  
  storing the first machine-actionable map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The automated computerized method of claim 1, further comprising:
    - transmitting the machine-actionable map via a network to a client to remediate at least one of the one or more vulnerabilities for which the remediation was created to remediate.
  - 3. The computerized method of claim 1, wherein:
    - the receiving receives two or more VIDs and descriptions thereof, respectively; and
      
      the creating creates the first machine-actionable map between the RID, two or more TIDs, and the two or more action identifications (ACTIDs).
  - 4. The computerized method of claim 1, wherein the creating of the first machine-actionable map includes:
    - creating a machine-actionable map between the one or more TIDs and the RID; and
      
      expanding the machine-actionable map to include the one or more ACTIDs.
  - 5. The computerized method of claim 1, wherein each ACTID represents one or more operations that remediate the common aspect of vulnerability represented by the RID for a given TID.
  - 6. The computerized method of claim 5, wherein each operation is an automatically-machine-actionable type of operation.
  - 7. The computerized method of claim 6, wherein each operation is a machine-language command.
  - 8. The computerized method of claim 7, wherein the machine-language command is a set of one or more Java byte codes.
  - 9. The computerized method of claim 1, wherein the description of a VID is provided in a non-machine-actionable format.
  - 10. The computerized method of claim 9, wherein the description of a VID includes substantially non-machine-actionable identifications of one or more technologies which are susceptible to a specific vulnerability corresponding to the VID.
  - 11. The computerized method of claim 1, further comprising:
    - expanding the first machine-actionable map to include a non-machine-actionable description of vulnerability corresponding to the RID.

12. A non-transitory machine-readable medium, with instructions stored thereon, which when executed by at least one processor of a machine, causes the machine to perform a method to determine one or more technology-appropriate remediations for a common aspect of vulnerability in a device, the method comprising:
- receiving one or more vulnerability identifications (VIDs) and descriptions thereof, respectively, that have a common aspect of vulnerability;
  
  in response to the receiving of the one or more VIDs, determining, by executing instructions on a processor of a computer, a remediation identification (RID) associated with the common aspect of vulnerability;
  
  in response to the determining of the RID, creating, by executing further instructions on the processor of the computer, based upon the one or more VIDs and the descriptions thereof, a first machine-actionable map between the RID, one or more technology identifications (TIDs), and one or more action identifications (ACTIDs) for actions that remediate the common aspect of vulnerability represented by the RID, where the first machine-actionable map is a representation of the remediation candidate, wherein the creating of the first machine-actionable map includes;
  
  providing a plurality of machine-actionable second maps, each second map being between a given RID, at least two TIDs for which the given RID can be used, and two or more sets of ACTIDs, the two or more set of ACTIDs corresponding to the at least two TIDs, respectively;
  
  selecting one or more instances of the plurality of second maps, where the one or more selected instances of second maps represents the first machine-actionable map, the selecting of one or more instances of the plurality of second maps includes;
  
  indexing into the plurality of second maps using the RID to obtain a first subset of the plurality of second maps;
  
  determining a list of one or more TIDs that correspond to the one or more VIDs, the determining of the list including;
  
  determining, for each of the one or more VIDs, a technology genus associated with a given VID; and
  
  populating the list with TIDs of technology species associated with the technology genus; and
  
  eliminating members of the first subset that are specific to TIDs which are not present on the list; and
  
  storing the first machine-actionable map.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The non-transitory machine-readable medium of claim 12, wherein the method further comprises:
    - transmitting the machine-actionable map via a network to a client to remediate at least one of the one or more vulnerabilities for which the remediation was created to remediate.
  - 14. The non-transitory machine-readable medium of claim 12, wherein:
    - the receiving receives two or more VIDs and descriptions thereof, respectively; and
      
      the creating creates the first machine-actionable map between the RID, two or more TIDs, and the two or more action identifications (ACTIDs).
  - 15. The non-transitory machine-readable medium of claim 12, wherein the creating of the first machine-actionable map includes:
    - creating a machine-actionable map between the one or more TIDs and the RID; and
      
      expanding the machine-actionable map to include the one or more ACTIDs.
  - 16. The non-transitory machine-readable medium of claim 12, wherein each ACTID represents one or more operations that remediate the common aspect of vulnerability represented by the RID for a given TID.
  - 17. The non-transitory machine-readable medium of claim 16, wherein each operation is an automatically-machine-actionable type of operation.
  - 18. The non-transitory machine-readable medium of claim 17, wherein each operation is a machine-language command.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
D'Mello, Kurt, Tyree, David Spencer, Gandhe, Sudhir, O'Brien, Eric David
Primary Examiner(s)
Khoshnoodi, Nadia

Application Number

US13/439,385
Publication Number

US 20120192281A1
Time in Patent Office

657 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/577 Assessing vulnerabilities a...

Determining technology-appropriate remediation for vulnerability

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Determining technology-appropriate remediation for vulnerability

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links