Ordered computer vulnerability remediation reporting

US 8,984,643 B1
Filed: 02/14/2014
Issued: 03/17/2015
Est. Priority Date: 02/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a set of remediations that is associated with a risk score and a set of computing vulnerabilities;

prior to applying any remediation in the set of remediations to a corresponding computing vulnerability in the set of computing vulnerabilities;

for each remediation in the set of remediations, determining an amount that the risk score would be reduced if said each remediation is applied to a corresponding computing vulnerability in the set of computing vulnerabilities, wherein determining comprises;

determining that a first remediation in the set of remediations would reduce the risk score by a first amount, anddetermining that a second remediation in the set of remediations would reduce the risk score by a second amount;

ordering the set of remediations to generate an ordered set of remediations based, at least in part, on the amount determined for each remediation in the set of remediations, wherein the first remediation is ranked higher than the second remediation in the ordered set of remediations based on the first amount being greater than the second amount;

applying each remediation in the ordered set of remediations;

wherein applying each remediation in the ordered set of remediations results in removing a computing vulnerability that corresponds to said each remediation;

wherein ordering is performed by one or more computing devices.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities.

Citations

21 Claims

1. A method comprising:
- identifying a set of remediations that is associated with a risk score and a set of computing vulnerabilities;
  
  prior to applying any remediation in the set of remediations to a corresponding computing vulnerability in the set of computing vulnerabilities;
  
  for each remediation in the set of remediations, determining an amount that the risk score would be reduced if said each remediation is applied to a corresponding computing vulnerability in the set of computing vulnerabilities, wherein determining comprises;
  
  determining that a first remediation in the set of remediations would reduce the risk score by a first amount, anddetermining that a second remediation in the set of remediations would reduce the risk score by a second amount;
  
  ordering the set of remediations to generate an ordered set of remediations based, at least in part, on the amount determined for each remediation in the set of remediations, wherein the first remediation is ranked higher than the second remediation in the ordered set of remediations based on the first amount being greater than the second amount;
  
  applying each remediation in the ordered set of remediations;
  
  wherein applying each remediation in the ordered set of remediations results in removing a computing vulnerability that corresponds to said each remediation;
  
  wherein ordering is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 19)
- - 2. The method of claim 1, wherein ordering the set of remediations is also based, at least in part, on an ease of implementation of each remediation in the set of remediations.
  - 3. The method of claim 1, further comprising:
    - receiving user input that selects a particular remediation from the set of remediations;
      
      in response to receiving the user input, causing the particular remediation to be applied to a particular vulnerability, in the set of computing vulnerabilities, that corresponds to the particular remediation;
      
      wherein the particular vulnerability is removed from the set of computing vulnerabilities after the particular remediation is applied.
  - 4. The method of claim 1, further comprising:
    - in response to determining that a particular remediation, of the set of remediations, has been applied to a particular vulnerability, in the set of computing vulnerabilities, that corresponds to the particular remediation;
      
      removing the particular vulnerability from the set of computing vulnerabilities to create an updated set of computing vulnerabilities, andremoving the particular remediation from the set of remediations to create an updated set of remediations.
  - 5. The method of claim 4, further comprising:
    - generating a second risk score that is based on the updated set of computing vulnerabilities.
  - 6. The method of claim 5, further comprising:
    - for each remediation in the updated set of remediations, determining a certain amount that the second risk score would be reduced by if said each remediation in the updated set of remediations is applied to a corresponding computing vulnerability in the updated set of computing vulnerabilities;
      
      ordering the updated set of remediations based on the certain amount determined for each remediation in the updated set of remediations.
  - 19. The method of claim 1, further comprising:
    - determining that a first vulnerability in the set of computing vulnerabilities corresponds to the first remediation and is associated with a first number of breaches;
      
      determining that a second vulnerability in the set of computing vulnerabilities corresponds to the second remediation and is associated with a second number of breaches;
      
      wherein the first amount is based on the first number of breaches;
      
      wherein the second amount is based on the second number of breaches.

7. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause:
- identifying a set of remediations that is associated with a risk score and a set of computing vulnerabilities;
  
  prior to applying any remediation in the set of remediations to a corresponding computing vulnerability in the set of computing vulnerabilities;
  
  for each remediation in the set of remediations, determining an amount that the risk score would be reduced if said each remediation is applied to a corresponding computing vulnerability in the set of computing vulnerabilities, wherein determining comprises;
  
  determining that a first remediation in the set of remediations would reduce the risk score by a first amount, anddetermining that a second remediation in the set of remediations would reduce the risk score by a second amount;
  
  ordering the set of remediations to generate an ordered set of remediations based, at least in part, on the amount determined for each remediation in the set of remediations, wherein the first remediation is ranked higher than the second remediation in the ordered set of remediations based on the first amount being greater than the second amount;
  
  applying each remediation in the ordered set of remediations;
  
  wherein applying each remediation in the ordered set of remediations results in removing a computing vulnerability that corresponds to said each remediation.
- View Dependent Claims (8, 9, 10, 11, 12, 20)
- - 8. The one or more non-transitory computer-readable media of claim 7, wherein ordering the set of remediations is also based, at least in part, on an ease of implementation of each remediation in the set of remediations.
  - 9. The one or more non-transitory computer-readable media of claim 7, wherein the instructions, when executed by the one or more processors, further cause:
    - receiving user input that selects a particular remediation from the set of remediations;
      
      in response to receiving the user input, causing the particular remediation to be applied to a particular vulnerability, in the set of computing vulnerabilities, that corresponds to the particular remediation;
      
      wherein the particular vulnerability is removed from the set of computing vulnerabilities after the particular remediation is applied.
  - 10. The one or more non-transitory computer-readable media of claim 7, wherein the instructions, when executed by the one or more processors, further cause:
    - in response to determining that a particular remediation, of the set of remediations, has been applied to a particular vulnerability, in the set of computing vulnerabilities, that corresponds to the particular remediation;
      
      removing the particular vulnerability from the set of computing vulnerabilities to create an updated set of computing vulnerabilities, andremoving the particular remediation from the set of remediations to create an updated set of remediations.
  - 11. The one or more non-transitory computer-readable media of claim 10, wherein the instructions, when executed by the one or more processors, further cause:
    - generating a second risk score that is based on the updated set of computing vulnerabilities.
  - 12. The one or more non-transitory computer-readable media of claim 11, wherein the instructions, when executed by the one or more processors, further cause:
    - for each remediation in the updated set of remediations, determining a certain amount that the second risk score would be reduced by if said each remediation in the updated set of remediations is applied to a corresponding computing vulnerability in the updated set of computing vulnerabilities;
      
      ordering the updated set of remediations based on the certain amount determined for each remediation in the updated set of remediations.
  - 20. The one or more computer-readable media of claim 7, wherein the instructions, when executed by the one or more processors, further cause:
    - determining that a first vulnerability in the set of computing vulnerabilities corresponds to the first remediation and is associated with a first number of breaches;
      
      determining that a second vulnerability in the set of computing vulnerabilities corresponds to the second remediation and is associated with a second number of breaches;
      
      wherein the first amount is based on the first number of breaches;
      
      wherein the second amount is based on the second number of breaches.

13. An apparatus comprising:
- one or more hardware processors;
  
  one or more computer-readable media storing instructions which, when executed by the one or more hardware processors, cause;
  
  identifying a set of remediations that is associated with a risk score and a set of computing vulnerabilities;
  
  prior to applying any remediation in the set of remediations to a corresponding computing vulnerability in the set of computing vulnerabilities;
  
  for each remediation in the set of remediations, determining an amount that the risk score would be reduced if said each remediation is applied to a corresponding computing vulnerability in the set of computing vulnerabilities, wherein determining comprises;
  
  determining that a first remediation in the set of remediations would reduce the risk score by a first amount, anddetermining that a second remediation in the set of remediations would reduce the risk score by a second amount;
  
  ordering the set of remediations to generate an ordered set of remediations based, at least in part, on the amount determined for each remediation in the set of remediations, wherein the first remediation is ranked higher than the second remediation in the ordered set of remediations based on the first amount being greater than the second amount;
  
  applying each remediation in the ordered set of remediations;
  
  wherein applying each remediation in the ordered set of remediations results in removing a computing vulnerability that corresponds to said each remediation.
- View Dependent Claims (14, 15, 16, 17, 18, 21)
- - 14. The apparatus of claim 13, wherein ordering the set of remediations is also based, at least in part, on an ease of implementation of each remediation in the set of remediations.
  - 15. The apparatus of claim 13, wherein the instructions, when executed by the one or more processors, further cause:
    - receiving user input that selects a particular remediation from the set of remediations;
      
      in response to receiving the user input, causing the particular remediation to be applied to a particular vulnerability, in the set of computing vulnerabilities, that corresponds to the particular remediation;
      
      wherein the particular vulnerability is removed from the set of computing vulnerabilities after the particular remediation is applied.
  - 16. The apparatus of claim 13, wherein the instructions, when executed by the one or more processors, further cause:
    - in response to determining that a particular remediation, of the set of remediations, has been applied to a particular vulnerability, in the set of computing vulnerabilities, that corresponds to the particular remediation;
      
      removing the particular vulnerability from the set of computing vulnerabilities to create an updated set of computing vulnerabilities, andremoving the particular remediation from the set of remediations to create an updated set of remediations.
  - 17. The apparatus of claim 16, wherein the instructions, when executed by the one or more processors, further cause:
    - generating a second risk score that is based on the updated set of computing vulnerabilities.
  - 18. The apparatus of claim 17, wherein the instructions, when executed by the one or more processors, further cause:
    - for each remediation in the updated set of remediations, determining a certain amount that the second risk score would be reduced by if said each remediation in the updated set of remediations is applied to a corresponding computing vulnerability in the updated set of computing vulnerabilities;
      
      ordering the updated set of remediations based on the certain amount determined for each remediation in the updated set of remediations.
  - 21. The apparatus of claim 13, wherein the instructions, when executed by the one or more processors, further cause:
    - determining that a first vulnerability in the set of computing vulnerabilities corresponds to the first remediation and is associated with a first number of breaches;
      
      determining that a second vulnerability in the set of computing vulnerabilities corresponds to the second remediation and is associated with a second number of breaches;
      
      wherein the first amount is based on the first number of breaches;
      
      wherein the second amount is based on the second number of breaches.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kenna Security LLC (Cisco Systems, Inc.)
Original Assignee
Risk I/O, Inc.
Inventors
Bellis, Edward T., Heuer, Jeffrey, Krisher, Michael
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
Shayanfar, Ali

Application Number

US14/181,415
Time in Patent Office

396 Days
Field of Search

726/25, 726/3
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/06311   Scheduling, planning or tas...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Ordered computer vulnerability remediation reporting

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Ordered computer vulnerability remediation reporting

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links