Method and system for dynamic and comprehensive vulnerability management

US 9,246,935 B2
Filed: 10/14/2013
Issued: 01/26/2016
Est. Priority Date: 10/14/2013
Status: Active Grant

First Claim

Patent Images

1. A system for dynamic and comprehensive vulnerability management comprising:

at least one processor; and

at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;

obtaining vulnerability management data;

obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset;

obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time;

correlating the remedy data with vulnerabilities discoverable by the scanner tests;

obtaining asset data associated with an asset;

analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner data to be applied to the asset;

determining an ideal time to deploy the relevant scanner test on the asset;

automatically deploying the relevant scanner test on the asset at, or before, the ideal time;

if a vulnerability is identified by the relevant scanner test, identifying the remedy in the remedy data associated with the identified vulnerability;

automatically applying the identified remedy to the asset;

automatically re-deploying the relevant scanner on the asset to determine if the identified vulnerability has been corrected; and

if the identified vulnerability is present after the remedy associated with the identified vulnerability has been applied taking protective action to mitigate the vulnerability.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.

134 Citations

45 Claims

1. A system for dynamic and comprehensive vulnerability management comprising:
- at least one processor; and
  
  at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
  
  obtaining vulnerability management data;
  
  obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset;
  
  obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time;
  
  correlating the remedy data with vulnerabilities discoverable by the scanner tests;
  
  obtaining asset data associated with an asset;
  
  analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner data to be applied to the asset;
  
  determining an ideal time to deploy the relevant scanner test on the asset;
  
  automatically deploying the relevant scanner test on the asset at, or before, the ideal time;
  
  if a vulnerability is identified by the relevant scanner test, identifying the remedy in the remedy data associated with the identified vulnerability;
  
  automatically applying the identified remedy to the asset;
  
  automatically re-deploying the relevant scanner on the asset to determine if the identified vulnerability has been corrected; and
  
  if the identified vulnerability is present after the remedy associated with the identified vulnerability has been applied taking protective action to mitigate the vulnerability.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system for dynamic and comprehensive vulnerability management of claim 1 wherein the vulnerability management data is open-ended to allow for the addition, deletion, and modification of vulnerabilities and vulnerability characteristics represented by the vulnerability management data.
  - 3. The system for dynamic and comprehensive vulnerability management of claim 1 wherein the scanner data is open-ended to allow for the addition, deletion, and modification of scanner tests represented by the scanner data.
  - 4. The system for dynamic and comprehensive vulnerability management of claim 1 wherein the remedy data is open-ended to allow for the addition, deletion, and modification of remedies represented by the remedy data.
  - 5. The system for dynamic and comprehensive vulnerability management of claim 1 wherein at least one of the vulnerabilities discoverable by the one or more scanner tests are vulnerabilities included in the group of vulnerabilities consisting of:
    - the existence of a known weakness pattern in the asset;
      
      an incorrect buffer length;
      
      the inability of the asset to patch correctly;
      
      a lack of security requirements, or insufficient security requirements associated with the asset;
      
      the existence of a known vulnerable version of software or code;
      
      code written in a language, or version of a language, known to be vulnerable to attack;
      
      lack of encryption, or the proper level of encryption;
      
      no checks of buffer lengths;
      
      no checks of the integrity of arguments; and
      
      any combination thereof.
  - 6. The system for dynamic and comprehensive vulnerability management of claim 1 wherein at least one of the remedies associated with vulnerabilities discoverable by the scanner tests is selected from the group of remedies consisting of:
    - automatic application of a software patch;
      
      automatic installation of a software version update;
      
      automatic deletion of an asset component;
      
      automatic replacement of an asset component;
      
      automatic notification of a contact entity associated with the asset of the vulnerability and the need to correct the vulnerability;
      
      an automatic change to a configuration; and
      
      any combination thereof.
  - 7. The system for dynamic and comprehensive vulnerability management of claim 1 wherein at least one of the one or more assets is selected from the group of assets consisting of:
    - a file;
      
      an application development process;
      
      an application;
      
      a virtual machine;
      
      an instance in a cloud infrastructure;
      
      storage capability allocated to an instance in a cloud infrastructure;
      
      processing capability allocated to an instance in a cloud infrastructure;
      
      hardware allocated to an instance in a cloud infrastructure;
      
      software allocated to an instance in a cloud infrastructure;
      
      a cloud infrastructure access system; and
      
      any combination thereof.
  - 8. The system for dynamic and comprehensive vulnerability management of claim 1 wherein the ideal time to deploy the relevant scanner test on the asset is determined based on deploying the relevant scanner test at a time where minimum resources are required to correct the vulnerability being scanned for.
  - 9. The system for dynamic and comprehensive vulnerability management of claim 1 wherein the protective action taken is selected from the group of protective actions consisting of:
    - closing one or more accounts associated with the asset;
      
      closing down a service that is the asset or is associated with the asset;
      
      closing down an instance that is the asset or is associated with the asset;
      
      destroying a data store that is the asset or is associated with the asset;
      
      blocking Internet access to the asset;
      
      closing down any communication channels that are the asset or are associated with the asset;
      
      upgrading the asset;
      
      replacing the asset; and
      
      any combination thereof.

10. A system for dynamic and comprehensive vulnerability management comprising:
- at least one processor; and
  
  at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
  
  obtaining vulnerability management data;
  
  obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset;
  
  obtaining remedy data representing one or more remedy procedures associated with vulnerabilities discoverable by the one or more scanner tests, the one or more remedy procedures indicating an associated vulnerability correction time period within which the vulnerability must be corrected, the remedy data further including two remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time;
  
  correlating the remedy data with vulnerabilities discoverable by the scanner tests;
  
  obtaining asset data associated with an asset;
  
  analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner in the scanner data to be applied to the asset;
  
  determining an ideal time to deploy the relevant scanner test on the asset;
  
  automatically deploying the relevant scanner test on the asset at, or before, the determined ideal time;
  
  if a vulnerability is identified by the relevant scanner test, identifying the remedy procedure in the remedy data associated with the identified vulnerability;
  
  automatically implementing the identified remedy procedure;
  
  automatically re-deploying the relevant scanner test on the asset to determine if the identified vulnerability has been corrected; and
  
  if the identified vulnerability is present after the defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system for dynamic and comprehensive vulnerability management of claim 10 wherein the vulnerability management data is open-ended to allow for the addition, deletion, and modification of vulnerabilities and vulnerability characteristics represented by the vulnerability management data.
  - 12. The system for dynamic and comprehensive vulnerability management of claim 10 wherein the scanner data is open-ended to allow for the addition, deletion, and modification of scanner tests represented by the scanner data.
  - 13. The system for dynamic and comprehensive vulnerability management of claim 10 wherein the remedy data is open-ended to allow for the addition, deletion, and modification of remedy procedures represented by the remedy data.
  - 14. The system for dynamic and comprehensive vulnerability management of claim 10 wherein at least one of the vulnerabilities discoverable by the one or more scanner tests are vulnerabilities included in the group of vulnerabilities consisting of:
    - the existence of a known weakness pattern in the asset;
      
      a non-existent or incorrect buffer length;
      
      the inability of the asset to patch correctly;
      
      a lack of security requirements, or insufficient security requirements associated with the asset;
      
      the existence of a known vulnerable version of software or code;
      
      code written in a language, or version of a language, known to be vulnerable to attack;
      
      lack of encryption, or the proper level of encryption;
      
      no checks of buffer lengths;
      
      no checks of the integrity of arguments; and
      
      any combination thereof.
  - 15. The system for dynamic and comprehensive vulnerability management of claim 10 wherein at least one of the one or more remedy procedures associated with vulnerabilities discoverable by the scanner tests includes providing a contact entity associated with the asset information indicating the identified vulnerability, the vulnerability correction time period, and that once the vulnerability correction time period has elapsed, protective action will automatically be taken.
  - 16. The system for dynamic and comprehensive vulnerability management of claim 10 wherein at least one of the one or more assets is selected from the group of assets consisting of:
    - an application development system;
      
      an application;
      
      a virtual machine;
      
      an instance in a cloud infrastructure;
      
      storage capability allocated to an instance in a cloud infrastructure;
      
      processing capability allocated to an instance in a cloud infrastructure;
      
      hardware allocated to an instance in a cloud infrastructure;
      
      software allocated to an instance in a cloud infrastructure;
      
      a cloud infrastructure access system; and
      
      any combination thereof.
  - 17. The system for dynamic and comprehensive vulnerability management of claim 10 wherein the ideal time to deploy the relevant scanner test on the asset is determined based on deploying the relevant scanner test at a time where minimum resources are required to correct the vulnerability being scanned for.
  - 18. The system for dynamic and comprehensive vulnerability management of claim 10 wherein the protective action taken is selected from the group of protective actions consisting of:
    - closing one or more accounts associated with the asset;
      
      closing down a service that is the asset or is associated with the asset;
      
      closing down an instance that is the asset or is associated with the asset;
      
      destroying a data store that is the asset or is associated with the asset;
      
      blocking access to or otherwise isolating the asset;
      
      closing down any communication channels that are the asset or are associated with the asset;
      
      upgrading the asset;
      
      replacing the asset; and
      
      any combination thereof.

19. A system for dynamic and comprehensive vulnerability management comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
  
  obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored;
  
  obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset;
  
  classifying the one or more scanners and identifying duplicate scanner tests;
  
  storing the scanner data and scanner classification data in a scanner database;
  
  obtaining remedy data representing two or more remedies or remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies or remedy procedures including automatic re-sizing of buffers and buffer pools and automatic re-setting or changing a response time;
  
  correlating the remedy data with the scanner data and the vulnerabilities scanned for by the one or more scanner tests;
  
  obtaining asset data associated with an asset indicating an asset type and operational characteristics associated with the asset;
  
  analyzing the asset data to identify asset vulnerability characteristics data associated with the asset;
  
  analyzing the vulnerability management data and the vulnerability characteristics data associated with the asset to automatically select one or more relevant scanner tests represented in the scanner data to be applied to the asset;
  
  generating scanner deployment procedure data indicating when the one or more relevant scanner tests are to be applied to the asset;
  
  automatically applying the one or more relevant scanner tests to the asset in accordance with the scanner deployment procedure data;
  
  de-duplicating results data received from the one or more relevant scanner tests;
  
  if a vulnerability is indicated in the de-duplicated results data from the one or more relevant scanner tests, automatically identifying the remedy or remedy procedure associated with the identified vulnerability in the remedy data;
  
  automatically implementing the identified remedy or remedy procedure;
  
  automatically re-deploying at least the scanner tests associated with the identified vulnerability to the asset to determine if the identified vulnerability has been corrected; and
  
  if the identified vulnerability is present after the remedy or remedy procedure associated with the identified vulnerability has been applied, or after a defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 20. The system for dynamic and comprehensive vulnerability management of claim 19 wherein the vulnerability management data is open-ended to allow for the addition, deletion, and modification of the vulnerability management policies, vulnerabilities, and vulnerability characteristics represented by the vulnerability management data.
  - 21. The system for dynamic and comprehensive vulnerability management of claim 19 wherein the scanner data is open-ended to allow for the addition, deletion, and modification of scanners and scanner tests represented by the scanner data.
  - 22. The system for dynamic and comprehensive vulnerability management of claim 19 wherein the remedy data is open-ended to allow for the addition, deletion, and modification of remedies and remedy procedures represented by the remedy data.
  - 23. The system for dynamic and comprehensive vulnerability management of claim 19 wherein the one or more scanners are classified according to at least one scanner classification parameter selected from the group of scanner classification parameters consisting of:
    - the scanner type;
      
      the vulnerabilities scanned for by the scanner tests included by the scanner;
      
      the desired scanning test(s) included in the scanner;
      
      the deployment profile/time for the scanner;
      
      whether the scanner is a continuously deployed scanner or another type of scanner;
      
      whether the scanner is synchronous or asynchronous; and
      
      any combination thereof.
  - 24. The system for dynamic and comprehensive vulnerability management of claim 19 wherein at least one of the vulnerabilities discoverable by the one or more scanner tests are vulnerabilities included in the group of vulnerabilities consisting of:
    - the existence of a known weakness pattern in the asset;
      
      a incorrect buffer length;
      
      the inability of the asset to patch correctly;
      
      a lack of security requirements, or insufficient security requirements associated with the asset;
      
      the existence of a known vulnerable version of software or code;
      
      code written in a language, or version of a language, known to be vulnerable to attack;
      
      lack of encryption, or the proper level of encryption;
      
      no checks of buffer lengths;
      
      no checks of the integrity of arguments; and
      
      any combination thereof.
  - 25. The system for dynamic and comprehensive vulnerability management of claim 19 wherein at least one of the two or more remedies associated with vulnerabilities scanned for by the one or more scanner tests is selected from the group of remedies consisting of:
    - automatic application of a software patch;
      
      automatic installation of a software version update;
      
      automatic deletion of an asset component;
      
      automatic replacement of an asset component;
      
      an automatic change to a configuration; and
      
      any combination thereof.
  - 26. The system for dynamic and comprehensive vulnerability management of claim 19 wherein at least one of the one or more remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests includes providing a contact entity associated with the asset information indicating the identified vulnerability, a vulnerability correction time period, and that once the vulnerability correction time period has elapsed, protective action will automatically be taken.
  - 27. The system for dynamic and comprehensive vulnerability management of claim 19 wherein at least one of the one or more assets is selected from the group of assets consisting of:
    - an application development process;
      
      a file;
      
      an application;
      
      a virtual machine;
      
      an instance in a cloud infrastructure;
      
      storage capability allocated to an instance in a cloud infrastructure;
      
      processing capability allocated to an instance in a cloud infrastructure;
      
      hardware allocated to an instance in a cloud infrastructure;
      
      software allocated to an instance in a cloud infrastructure;
      
      a cloud infrastructure access system; and
      
      any combination thereof.
  - 28. The system for dynamic and comprehensive vulnerability management of claim 19 wherein the asset data is obtained from an asset management system associated with the asset.
  - 29. The system for dynamic and comprehensive vulnerability management of claim 19 wherein generating scanner deployment procedure data includes generating scanner deployment pipeline data indicating the ideal stage or time to deploy each of the relevant scanner tests on the asset to minimize the resources required to correct the vulnerability being scanned for, and/or to minimize the chance of the vulnerability becoming a chained vulnerability.
  - 30. The system for dynamic and comprehensive vulnerability management of claim 19 wherein the protective action taken is selected from the group of protective actions consisting of:
    - closing one or more accounts associated with the asset;
      
      closing down a service that is the asset or is associated with the asset;
      
      closing down an instance that is the asset or is associated with the asset;
      
      destroying a data store that is the asset or is associated with the asset;
      
      blocking Internet access to the asset;
      
      closing down any communication channels that are the asset or are associated with the asset;
      
      upgrading the asset;
      
      replacing the asset; and
      
      any combination thereof.

31. A system for dynamic and comprehensive application development process vulnerability management comprising:
- at least one processor; and
  
  at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
  
  obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored;
  
  obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset associated with an application development process;
  
  classifying the one or more scanners and identifying duplicate scanner tests;
  
  storing the scanner data and scanner classification data in a scanner database;
  
  obtaining remedy data representing two or more remedies or remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies or remedy procedures including automatic re-sizing of buffers and buffer pools and automatic re-setting or changing a response time;
  
  correlating the remedy data with the scanner data and the vulnerabilities scanned for by the one or more scanner tests;
  
  obtaining asset data associated with one or more assets used by the application development process indicating asset types and operational characteristics associated with the assets;
  
  analyzing the asset data to identify asset vulnerability characteristics data associated with the assets indicating potential vulnerabilities associated with application development process;
  
  analyzing the vulnerability management data and the vulnerability characteristics data associated with the assets to select one or more relevant scanner tests in the scanner data to be applied to the application development process;
  
  generating scanner deployment procedure data indicating what stage in the application development process the one or more relevant scanner tests are to be applied;
  
  automatically applying the one or more relevant scanner tests to the assets associated with the application development process in accordance with the scanner deployment procedure data;
  
  de-duplicating results data received from the one or more relevant scanner tests;
  
  if a vulnerability is indicated in the de-duplicated results data from the one or more relevant scanner tests, automatically identifying the remedy or remedy procedure associated with the identified vulnerability in the remedy data;
  
  automatically implementing the identified remedy or remedy procedure;
  
  automatically re-deploying at least the scanner tests associated with the identified vulnerability to determine if the identified vulnerability has been corrected; and
  
  if the identified vulnerability is present after the remedy or remedy procedure associated with the identified vulnerability has been applied, or after a defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 32. The system for dynamic and comprehensive vulnerability management of claim 31 wherein the vulnerability management data is open-ended to allow for the addition, deletion, and modification of the vulnerability management policies, vulnerabilities, and vulnerability characteristics represented by the vulnerability management data.
  - 33. The system for dynamic and comprehensive vulnerability management of claim 31 wherein the scanner data is open-ended to allow for the addition, deletion, and modification of scanners and scanner tests represented by the scanner data.
  - 34. The system for dynamic and comprehensive vulnerability management of claim 31 wherein the remedy data is open-ended to allow for the addition, deletion, and modification of remedies and remedy procedures represented by the remedy data.
  - 35. The system for dynamic and comprehensive vulnerability management of claim 31 wherein the one or more scanners are classified according to at least one scanner classification parameter selected from the group of scanner classification parameters consisting of:
    - the scanner type;
      
      the vulnerabilities scanned for by the scanner tests included in the scanner;
      
      the desired scanning test included in the scanner;
      
      the deployment profile/time for the scanner;
      
      whether the scanner is a continuously deployed scanner or another type of scanner;
      
      whether the scanner is synchronous or asynchronous; and
      
      any combination thereof.
  - 36. The system for dynamic and comprehensive vulnerability management of claim 31 wherein at least one of the vulnerabilities discoverable by the one or more scanner tests are vulnerabilities included in the group of vulnerabilities consisting of:
    - the existence of a known weakness pattern in the asset;
      
      a non-existent or incorrect buffer length;
      
      the inability of the asset to patch correctly;
      
      a lack of security requirements, or insufficient security requirements associated with the asset;
      
      the existence of a known vulnerable version of software or code;
      
      code written in a language, or version of a language, known to be vulnerable to attack;
      
      lack of encryption, or the proper level of encryption;
      
      no checks of buffer lengths;
      
      no checks of the integrity of arguments; and
      
      any combination thereof.
  - 37. The system for dynamic and comprehensive vulnerability management of claim 31 wherein at least one of the one or more remedies associated with vulnerabilities scanned for by the one or more scanner tests is selected from the group of remedies consisting of:
    - automatic application of a software patch;
      
      automatic installation of a software version update;
      
      automatic deletion of an asset component;
      
      automatic replacement of an asset component;
      
      an automatic change to a configuration; and
      
      any combination thereof.
  - 38. The system for dynamic and comprehensive vulnerability management of claim 31 wherein at least one of the one or more remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests includes providing a contact entity associated with the application development process information indicating the identified vulnerability, a vulnerability correction time period, and that once the vulnerability correction time period has elapsed, protective action to mitigate the vulnerability will automatically be taken.
  - 39. The system for dynamic and comprehensive vulnerability management of claim 31 wherein at least one of the one or more assets associated with the application development process is selected from the group of assets consisting of:
    - a virtual machine;
      
      an instance in a cloud infrastructure;
      
      storage capability allocated to an instance in a cloud infrastructure;
      
      processing capability allocated to an instance in a cloud infrastructure;
      
      hardware allocated to an instance in a cloud infrastructure;
      
      software allocated to an instance in a cloud infrastructure;
      
      a cloud infrastructure access system; and
      
      any combination thereof.
  - 40. The system for dynamic and comprehensive vulnerability management of claim 31 wherein the asset data is obtained from an asset management system associated with the application development process.
  - 41. The system for dynamic and comprehensive vulnerability management of claim 31 wherein generating scanner deployment procedure data includes generating scanner deployment pipeline data indicating the ideal stage in the application development process to deploy each of the relevant scanner tests in order to minimize the resources required to correct the vulnerability being scanned for, and/or to minimize the chance of the vulnerability becoming a chained vulnerability.
  - 42. The system for dynamic and comprehensive vulnerability management of claim 31 wherein the protective action is selected from the group of protective actions consisting of:
    - closing one or more accounts associated with the asset and/or the application development process;
      
      closing down a service that is the asset or is associated with the application development process;
      
      closing down an instance that is the asset or is associated with the application development process;
      
      destroying a data store that is the asset or is associated with the application development process;
      
      blocking Internet access to an asset associated with the application development process;
      
      closing down any communication channels that are the asset or are associated with the application development process;
      
      upgrading an asset associated with the application development process;
      
      replacing an asset associated with the application development process; and
      
      any combination thereof.

43. A system for dynamic and comprehensive vulnerability management comprising:
- at least one processor; and
  
  at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
  
  obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored;
  
  obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset;
  
  obtaining asset data associated with an asset indicating an asset type and operational characteristics associated with the asset;
  
  analyzing the asset data to identify asset vulnerability characteristics data associated with the asset;
  
  analyzing the vulnerability management data and the vulnerability characteristics data associated with the asset to identify one or more relevant scanner tests in the scanner data;
  
  transforming data representing the identified one or more relevant scanner tests into scanner test profile set data representing a scanner test profile set for identifying the vulnerabilities and vulnerability characteristics indicated in the vulnerability management data and the vulnerability characteristics data associated with the asset;
  
  generating scanner deployment procedure data indicating when the one or more relevant scanner tests of scanner test profile set for the asset are to be applied to the asset;
  
  automatically applying the one or more relevant scanner tests of scanner test profile set to the asset in accordance with the scanner deployment procedure data;
  
  if a vulnerability is indicated in results data from any of the one or more relevant scanner tests of scanner test profile set, taking remedial action to close the vulnerability, wherein available remedial actions include a first remedial action of automatic re-sizing of buffers and buffer pools and a second remedial action of automatic re-setting or changing a response time.
- View Dependent Claims (44, 45)
- - 44. The system for dynamic and comprehensive vulnerability management of claim 43 wherein the vulnerability management data is open-ended to allow for the addition, deletion, and modification of the vulnerability management policies, vulnerabilities, and vulnerability characteristics represented by the vulnerability management data.
  - 45. The system for dynamic and comprehensive vulnerability management of claim 43 wherein the scanner data is open-ended to allow for the addition, deletion, and modification of scanners and scanner tests represented by the scanner data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Lietz, M. Shannon, Cabrera, Luis Felipe, Nisly, Barry J., Neher, Ted R. III, Godinez, Javier, Jain, Ankur
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US14/052,971
Publication Number

US 20150106939A1
Time in Patent Office

834 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/563   by source code analysis

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2115   Third party

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/34   involving the movement of s...

Method and system for dynamic and comprehensive vulnerability management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

134 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for dynamic and comprehensive vulnerability management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links