System and method for network vulnerability detection and reporting
First Claim
1. A method comprising:
- identifying a particular security view from a plurality of available security views for a particular network including a plurality of computer devices;
identifying a particular set of instructions corresponding to the particular security view from a plurality of scanning instruction sets;
causing a particular scanner to utilize the particular set of instructions in a scan of the particular network, wherein the scan of the particular network identifies one or more vulnerabilities present on the particular network corresponding to the particular security view and one or more exposures present on the particular network corresponding to the particular security view; and
determining a security score corresponding to the particular security view, wherein the security score is to be derived from a formula of form F=a−
V−
E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss, and vulnerability loss V is dependent on vulnerability risk levels of the vulnerabilities and exposure loss E is dependent on exposure risk levels of the exposures.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target parts, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
-
Citations
22 Claims
-
1. A method comprising:
-
identifying a particular security view from a plurality of available security views for a particular network including a plurality of computer devices; identifying a particular set of instructions corresponding to the particular security view from a plurality of scanning instruction sets; causing a particular scanner to utilize the particular set of instructions in a scan of the particular network, wherein the scan of the particular network identifies one or more vulnerabilities present on the particular network corresponding to the particular security view and one or more exposures present on the particular network corresponding to the particular security view; and determining a security score corresponding to the particular security view, wherein the security score is to be derived from a formula of form F=a−
V−
E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss, and vulnerability loss V is dependent on vulnerability risk levels of the vulnerabilities and exposure loss E is dependent on exposure risk levels of the exposures. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one machine accessible, non-transitory storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify a particular security view for a particular network including a plurality of computer devices; identify a particular set of instructions corresponding to the particular security view from a plurality of scanning instruction sets; cause a particular scanner to utilize the particular set of instructions in a scan of the particular network, wherein the scan of the particular network identifies one or more vulnerabilities present on the particular network corresponding to the particular security view and one or more exposures present on the particular network corresponding to the particular security view; and determine a security score corresponding to the particular security view, wherein the security score is to be derived from a formula of form F=a−
V−
E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss, and vulnerability loss V is dependent on vulnerability risk levels of the vulnerabilities and exposure loss E is dependent on exposure risk levels of the exposures. - View Dependent Claims (20)
-
-
21. A system comprising:
-
one or more processor devices; at least one memory element; a vulnerability scanner, adapted when executed by the at least one of the one or more processor devices to; identify a particular security view from a plurality of available security views for a particular network including a plurality of computer devices; identify a particular set of instructions corresponding to the particular security view from a plurality of scanning instruction sets; utilize the particular set of instructions in a scan of the particular network, wherein the scan of the particular network identifies one or more vulnerabilities present on the particular network corresponding to the particular security view and one or more exposures present on the particular network corresponding to the particular security view; and a scoring module, adapted when executed by at least one of the one or more processor devices to determine a security score corresponding to the particular security view, wherein the security score is to be derived from a formula of form F=a−
V−
E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss, and vulnerability loss V is dependent on vulnerability risk levels of the vulnerabilities and exposure loss E is dependent on exposure risk levels of the exposures. - View Dependent Claims (22)
-
Specification