Method for administration of computer security threat countermeasures to a computer system
First Claim
1. A method of administering a countermeasure for a computer security threat to a target computer system, comprising:
- receiving at a computer system a notification of a computer security threat;
encoding at the computer system information of the computer security threat into a threat management vector (TMV) that includes an identification of an affected operating system that is affected by the computer security threat, an identification of an affected operating system release level for the affected operating system, and an identification of one or more countermeasures for the affected operating system and the affected operating system release level;
transmitting the TMV from the computer system to a plurality of target computer systems;
receiving the TMV at a target computer system in the plurality of target computer systems;
processing at the target computer system the one or more countermeasures identified in the TMV that correspond to an operating system and operating system release level of the target computer system; and
mutating the TMV by extracting from the TMV a system vector that identifies the affected operating system, augmenting a system level vector referenced by the system vector with an instance identifier that identifies the target computer system, replacing a reference to a countermeasure in the system level vector with a reference to a vulnerability vector that identifies a vulnerability of the affected operating system, and augmenting the vulnerability vector with a reference to the countermeasure.
1 Assignment
0 Petitions
Accused Products
Abstract
A countermeasure for a computer security threat to a computer system is administered by establishing a baseline identification of an operating or application system type and an operating or application system release level for the computer system that is compatible with a Threat Management Vector (TMV). A TMV is then received, including therein a first field that provides identification of at least one operating system type that is affected by a computer security threat, a second field that provides identification of an operating system release level for the operating system type, and a third field that provides identification of a set of possible countermeasures for an operating system type and an operating system release level. Countermeasures that are identified in the TMV are processed if the TMV identifies the operating system type and operating system release level for the computer system as being affected by the computer security threat. The received TMV may be mutated to a format for processing of the countermeasure.
30 Citations
14 Claims
-
1. A method of administering a countermeasure for a computer security threat to a target computer system, comprising:
-
receiving at a computer system a notification of a computer security threat; encoding at the computer system information of the computer security threat into a threat management vector (TMV) that includes an identification of an affected operating system that is affected by the computer security threat, an identification of an affected operating system release level for the affected operating system, and an identification of one or more countermeasures for the affected operating system and the affected operating system release level; transmitting the TMV from the computer system to a plurality of target computer systems; receiving the TMV at a target computer system in the plurality of target computer systems; processing at the target computer system the one or more countermeasures identified in the TMV that correspond to an operating system and operating system release level of the target computer system; and mutating the TMV by extracting from the TMV a system vector that identifies the affected operating system, augmenting a system level vector referenced by the system vector with an instance identifier that identifies the target computer system, replacing a reference to a countermeasure in the system level vector with a reference to a vulnerability vector that identifies a vulnerability of the affected operating system, and augmenting the vulnerability vector with a reference to the countermeasure. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
a computer system that receives a notification of a computer security threat, encodes information of the computer security threat into a threat management vector (TMV) that includes therein a first field that provides identification of at least one affected operating system type that is affected by the computer security threat, a second field that provides identification of an affected operating system release level for the affected operating system type, and a third field that provides identification of a set of possible countermeasures for the affected operating system type and the affected operating system release level, and transmits the TMV from the computer system to a plurality of target computer systems; and a target computer system in the plurality of target computer systems that receives the TMV, the target computer system comprising; (a) an information base for establishing a baseline identification of an operating system type and an operating system release level for the target computer system that is compatible with the TMV, (b) a threat management criterion receiver for receiving the TMV in the target computer system, and (c) a remediation manager for processing in the target computer system countermeasures that are identified in the TMV if the TMV identifies the operating system type and operating system release level for the target computer system as being affected by the computer security threat, wherein the computer system mutates the TMV by extracting from the TMV a system vector that identifies the affected operating system type, augmenting a system level vector referenced by the system vector with an instance identifier that identifies the target computer system, replacing a reference to a countermeasure in the system level vector with a reference to a vulnerability vector that identifies a vulnerability of the affected operating system type, and augmenting the vulnerability vector with a reference to the countermeasure. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
Specification