×

Prioritizing network security vulnerabilities using accessibility

  • US 8,918,883 B1
  • Filed: 06/14/2006
  • Issued: 12/23/2014
  • Est. Priority Date: 06/15/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method of prioritizing security vulnerabilities in an enterprise computer network having an address space accessible from a plurality of threat zones, comprising:

  • profiling hosts in the address space of the enterprise computer network by sending packets to addresses within the address space using a first device profiler located in a first threat zone of the network to identify vulnerabilities of the hosts accessible from the first threat zone;

    profiling the hosts in the address space of the enterprise computer network by sending packets to the addresses within the address space using a second device profiler located in a second threat zone of the network to identify vulnerabilities of the hosts accessible from the second threat zone;

    assigning a first threat level metric to the first threat zone and a second threat level metric to the second threat zone, the first threat level metric indicating a relative likelihood that a threat will emanate from the first threat zone, and the second threat level indicating a relative likelihood that a threat will emanate from the second threat zone;

    for an identified vulnerability accessible from both the first and second threat zones, calculating a risk associated with the identified vulnerability using the first and second threat level metrics;

    for a service affected by the identified vulnerability, calculating a risk associated with the service using the risk associated with the identified vulnerability and one or more risks associated with other vulnerabilities that affect the service; and

    prioritizing the identified vulnerability relative to other vulnerabilities using the calculated risk.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×