Method and system for dynamic and comprehensive vulnerability management
First Claim
1. A system for dynamic and comprehensive vulnerability management comprising:
- at least one processor; and
at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
obtaining vulnerability management data;
obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset;
obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time;
correlating the remedy data with vulnerabilities discoverable by the scanner tests;
obtaining asset data associated with an asset;
analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner data to be applied to the asset;
determining an ideal time to deploy the relevant scanner test on the asset;
automatically deploying the relevant scanner test on the asset at, or before, the ideal time;
if a vulnerability is identified by the relevant scanner test, identifying the remedy in the remedy data associated with the identified vulnerability;
automatically applying the identified remedy to the asset;
automatically re-deploying the relevant scanner on the asset to determine if the identified vulnerability has been corrected; and
if the identified vulnerability is present after the remedy associated with the identified vulnerability has been applied taking protective action to mitigate the vulnerability.
1 Assignment
0 Petitions
Accused Products
Abstract
One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.
134 Citations
45 Claims
-
1. A system for dynamic and comprehensive vulnerability management comprising:
-
at least one processor; and at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data; obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset; obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time; correlating the remedy data with vulnerabilities discoverable by the scanner tests; obtaining asset data associated with an asset; analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner data to be applied to the asset; determining an ideal time to deploy the relevant scanner test on the asset; automatically deploying the relevant scanner test on the asset at, or before, the ideal time; if a vulnerability is identified by the relevant scanner test, identifying the remedy in the remedy data associated with the identified vulnerability; automatically applying the identified remedy to the asset; automatically re-deploying the relevant scanner on the asset to determine if the identified vulnerability has been corrected; and if the identified vulnerability is present after the remedy associated with the identified vulnerability has been applied taking protective action to mitigate the vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for dynamic and comprehensive vulnerability management comprising:
-
at least one processor; and at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data; obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset; obtaining remedy data representing one or more remedy procedures associated with vulnerabilities discoverable by the one or more scanner tests, the one or more remedy procedures indicating an associated vulnerability correction time period within which the vulnerability must be corrected, the remedy data further including two remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time; correlating the remedy data with vulnerabilities discoverable by the scanner tests; obtaining asset data associated with an asset; analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner in the scanner data to be applied to the asset; determining an ideal time to deploy the relevant scanner test on the asset; automatically deploying the relevant scanner test on the asset at, or before, the determined ideal time; if a vulnerability is identified by the relevant scanner test, identifying the remedy procedure in the remedy data associated with the identified vulnerability; automatically implementing the identified remedy procedure; automatically re-deploying the relevant scanner test on the asset to determine if the identified vulnerability has been corrected; and if the identified vulnerability is present after the defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for dynamic and comprehensive vulnerability management comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored; obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset; classifying the one or more scanners and identifying duplicate scanner tests; storing the scanner data and scanner classification data in a scanner database; obtaining remedy data representing two or more remedies or remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies or remedy procedures including automatic re-sizing of buffers and buffer pools and automatic re-setting or changing a response time; correlating the remedy data with the scanner data and the vulnerabilities scanned for by the one or more scanner tests; obtaining asset data associated with an asset indicating an asset type and operational characteristics associated with the asset; analyzing the asset data to identify asset vulnerability characteristics data associated with the asset; analyzing the vulnerability management data and the vulnerability characteristics data associated with the asset to automatically select one or more relevant scanner tests represented in the scanner data to be applied to the asset; generating scanner deployment procedure data indicating when the one or more relevant scanner tests are to be applied to the asset; automatically applying the one or more relevant scanner tests to the asset in accordance with the scanner deployment procedure data; de-duplicating results data received from the one or more relevant scanner tests; if a vulnerability is indicated in the de-duplicated results data from the one or more relevant scanner tests, automatically identifying the remedy or remedy procedure associated with the identified vulnerability in the remedy data; automatically implementing the identified remedy or remedy procedure; automatically re-deploying at least the scanner tests associated with the identified vulnerability to the asset to determine if the identified vulnerability has been corrected; and if the identified vulnerability is present after the remedy or remedy procedure associated with the identified vulnerability has been applied, or after a defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for dynamic and comprehensive application development process vulnerability management comprising:
-
at least one processor; and at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored; obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset associated with an application development process; classifying the one or more scanners and identifying duplicate scanner tests; storing the scanner data and scanner classification data in a scanner database; obtaining remedy data representing two or more remedies or remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies or remedy procedures including automatic re-sizing of buffers and buffer pools and automatic re-setting or changing a response time; correlating the remedy data with the scanner data and the vulnerabilities scanned for by the one or more scanner tests; obtaining asset data associated with one or more assets used by the application development process indicating asset types and operational characteristics associated with the assets; analyzing the asset data to identify asset vulnerability characteristics data associated with the assets indicating potential vulnerabilities associated with application development process; analyzing the vulnerability management data and the vulnerability characteristics data associated with the assets to select one or more relevant scanner tests in the scanner data to be applied to the application development process; generating scanner deployment procedure data indicating what stage in the application development process the one or more relevant scanner tests are to be applied; automatically applying the one or more relevant scanner tests to the assets associated with the application development process in accordance with the scanner deployment procedure data; de-duplicating results data received from the one or more relevant scanner tests; if a vulnerability is indicated in the de-duplicated results data from the one or more relevant scanner tests, automatically identifying the remedy or remedy procedure associated with the identified vulnerability in the remedy data; automatically implementing the identified remedy or remedy procedure; automatically re-deploying at least the scanner tests associated with the identified vulnerability to determine if the identified vulnerability has been corrected; and if the identified vulnerability is present after the remedy or remedy procedure associated with the identified vulnerability has been applied, or after a defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A system for dynamic and comprehensive vulnerability management comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored; obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset; obtaining asset data associated with an asset indicating an asset type and operational characteristics associated with the asset; analyzing the asset data to identify asset vulnerability characteristics data associated with the asset; analyzing the vulnerability management data and the vulnerability characteristics data associated with the asset to identify one or more relevant scanner tests in the scanner data; transforming data representing the identified one or more relevant scanner tests into scanner test profile set data representing a scanner test profile set for identifying the vulnerabilities and vulnerability characteristics indicated in the vulnerability management data and the vulnerability characteristics data associated with the asset; generating scanner deployment procedure data indicating when the one or more relevant scanner tests of scanner test profile set for the asset are to be applied to the asset; automatically applying the one or more relevant scanner tests of scanner test profile set to the asset in accordance with the scanner deployment procedure data; if a vulnerability is indicated in results data from any of the one or more relevant scanner tests of scanner test profile set, taking remedial action to close the vulnerability, wherein available remedial actions include a first remedial action of automatic re-sizing of buffers and buffer pools and a second remedial action of automatic re-setting or changing a response time. - View Dependent Claims (44, 45)
-
Specification