System and method for providing automated computer security compromise as a service

US 9,183,397 B2
Filed: 06/05/2012
Issued: 11/10/2015
Est. Priority Date: 06/05/2011
Status: Active Grant

First Claim

Patent Images

1. A system for providing automated computer security compromise as a service, running within a cloud computing environment, the system comprising:

a web server having a web front end running on the web server, wherein users connect to the web server via the web front end, and wherein the web server has stored therein pentest definitions created by the users through use of the web front end;

wherein the web server further comprises a computer-based command and control component which processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors different portions of the system, wherein the portions of the system are selected from the group consisting of at least one computer-based penetration tester component and at least one computer-based report generator component,wherein the command and control component interacts with the cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns the task tickets to the penetration tester components and to the report generator components,at least one of the computer-based penetration tester components runs a penetration testing framework, the penetration tester component being configured to run penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets built by the command and control component;

at least one of the computer-based report generator components generates reports based on the reporting tasks tickets built by the command and control service; and

a central database including memory for storing pentest results wherein results are isolated by the central database for each front end user.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing automated computer security compromise as a service, contains a web server having a web front end running on the web server. The Web server has stored therein pentest definitions. A command and control component processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors at least one penetration tester component and/or at least one report generator component. The command and control component interacts with a cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns task tickets to the penetration tester and report generator components. At least one penetration tester component runs penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets. At least one reporter generator component generates reports based on the reporting tasks tickets generated by the command and control service.

Citations

17 Claims

1. A system for providing automated computer security compromise as a service, running within a cloud computing environment, the system comprising:
- a web server having a web front end running on the web server, wherein users connect to the web server via the web front end, and wherein the web server has stored therein pentest definitions created by the users through use of the web front end;
  
  wherein the web server further comprises a computer-based command and control component which processes the pentest definitions, builds pentest task tickets and reporting task tickets, and monitors different portions of the system, wherein the portions of the system are selected from the group consisting of at least one computer-based penetration tester component and at least one computer-based report generator component,wherein the command and control component interacts with the cloud computing environment to scale up or down the number of penetration tester components and the number of report generator components, and assigns the task tickets to the penetration tester components and to the report generator components,at least one of the computer-based penetration tester components runs a penetration testing framework, the penetration tester component being configured to run penetration testing modules available inside the penetration testing framework as instructed by the pentest task tickets built by the command and control component;
  
  at least one of the computer-based report generator components generates reports based on the reporting tasks tickets built by the command and control service; and
  
  a central database including memory for storing pentest results wherein results are isolated by the central database for each front end user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the results of the penetration testing framework are stored in the central database.
  - 3. The system of claim 1, wherein the report generator component generates reports based on the reporting task tickets and the pentest results stored in the central database.
  - 4. The system of claim 1 wherein the pentest definitions include machines and web applications owned by the user to be attacked and parameters defining a pentest.
  - 5. The system of claim 4 wherein the parameters include but are not limited to mandatory modules to be executed or avoided by the penetration tester components, timeframes and dates where the pentest should be executed, how the pentest should be repeated over time and default credentials to log into web applications to be attacked.
  - 6. The system of claim 1 wherein the web front end sends the pentest definitions to the command and control component.
  - 7. The system of claim 6 wherein the web front end allows the user to review past penetration tests and reports by selecting a specific machine or web application inside an infrastructure of the user.
  - 8. The system of claim 1, wherein the computer-based command and control component, the computer-based penetration tester component and the computer-based reporter generator component are implemented using a computer-based processor for executing software stored in computer-based memory.
  - 9. The system of claim 8 implemented as a computer having the computer-based memory, the computer-based processor and one or more input and/or output devices or peripherals that are communicatively coupled via a local interface.
  - 10. The system of claim 1, wherein the computer-based command and control component is a module that includes a load monitor, a task builder and a web API, wherein the load monitor periodically monitors a size of a pentesting queue, and wherein the task builder is configured to define pentest task tickets that are assigned to the penetration tester components.

11. A method for providing automated security compromise as a service, the method comprising:
- interacting with a user to define and assess assets the user can test;
  
  creating a pentest definition by selecting a set of target computers and web applications from a web front end and setting up parameters for a pentest;
  
  submitting the pentest definition to a command and control service which defines pentest and reporting task tickets, wherein the pentest and reporting task tickets include penetration testing modules to run, the parameters required by the modules and in particular a target of the penetration testing module;
  
  monitoring a status of a system'"'"'s components and scaling up or down penetration testing instances and reporting instances with a computer-based command and control component;
  
  each penetration testing instance executing the modules detailed in one of the pentest tickets and according to the parameters included in the pentest tickets;
  
  each reporting instance executing reporting tasks detailed in one of the reporting task tickets and according to the parameters included in the reporting task tickets;
  
  defining a ticket as closed once a reporting or penetration testing instance finishes running underlying penetration testing or reporting modules.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11 wherein the pentest definition parameters include but are not limited to mandatory modules to be executed or avoided by the penetration testing service instances, timeframes and dates where the pentest should be executed, how the pentest should be repeated over time and default credentials to log into web applications to be attacked.
  - 13. The method of claim 11 wherein the pentest tasks contain a list of penetration testing modules present in a penetration testing framework running in each penetration testing service instance to be executed.
  - 14. The method of claim 13 wherein the penetration testing service instances execute pentest tasks and store the results of the execution in a central database.
  - 15. The method of claim 14 wherein the reporting instances generate reports specified in the reporting tasks by reading the results of the executed pentest tasks stored in the central database.
  - 16. The method of claim 11 wherein the user visualizes results of the pentest definition by opening produced reports.
  - 17. The method of claim 11 wherein the user compares different penetration tests performed over time by browsing history data stored in a central database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ecrime Management Strategies, Inc.
Original Assignee
Core SDI, Inc.
Inventors
Futoransky, Ariel, Calvo, Aureliano Emanuel, Russ, Fernando Russ Federico, Lucangeli Obes, Jorge, Waissbein, Ariel, Frydman, Alejandro Javier, Gutesman, Ezequiel David, Varangot, Pedro Oscar
Primary Examiner(s)
Chang, Kenneth

Application Number

US14/123,647
Publication Number

US 20140237606A1
Time in Patent Office

1,253 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 67/025   for remote control or remot...

System and method for providing automated computer security compromise as a service

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing automated computer security compromise as a service

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links