System and method for vulnerability risk analysis
First Claim
1. A method for analyzing risk, the method comprising:
- accessing, within an electronic system, host configuration information of a host;
querying a vulnerability database based on said host configuration information;
receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host;
accessing a plurality of vulnerability scores for said host and at least one software product of said host, wherein said plurality of vulnerability scores measure access vulnerability and vulnerability impact, and wherein said host and said at least one software product of said host are respectively associated with more than one of said plurality of vulnerability scores;
determining a composite risk score for at least one of said host and said at least one software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and said at least one software product of said host, and wherein said composite risk score is based on a highest vulnerability score among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host;
determining an aggregate risk score for at least one of said host and said at least one software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and said at least one software product of said host, and wherein said aggregate risk score is based on a summation among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host;
generating a graph representing said at least one software product of said host, wherein nodes of said graph represent software states of said at least one software product, wherein edges of said graph represent vulnerabilities detected in said at least one software product, wherein a path through said graph begins at a start node having relatively lower access vulnerability, and wherein said path ends at an end node having relatively higher vulnerability impact; and
determining a risk score based on said path through said graph and at least one of said composite risk score and said aggregate risk score.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention are directed to a method and system for automated risk analysis. The method includes accessing host configuration information of a host and querying a vulnerability database based on the host configuration information. The method further includes receiving a list of vulnerabilities and accessing a plurality of vulnerability scores. The list of vulnerabilities corresponds to vulnerabilities of the host. Vulnerabilities can be removed from the list based on checking for installed fixes corresponding to vulnerability. A composite risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores. An aggregate risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores.
32 Citations
20 Claims
-
1. A method for analyzing risk, the method comprising:
-
accessing, within an electronic system, host configuration information of a host; querying a vulnerability database based on said host configuration information; receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host; accessing a plurality of vulnerability scores for said host and at least one software product of said host, wherein said plurality of vulnerability scores measure access vulnerability and vulnerability impact, and wherein said host and said at least one software product of said host are respectively associated with more than one of said plurality of vulnerability scores; determining a composite risk score for at least one of said host and said at least one software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and said at least one software product of said host, and wherein said composite risk score is based on a highest vulnerability score among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host; determining an aggregate risk score for at least one of said host and said at least one software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and said at least one software product of said host, and wherein said aggregate risk score is based on a summation among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host; generating a graph representing said at least one software product of said host, wherein nodes of said graph represent software states of said at least one software product, wherein edges of said graph represent vulnerabilities detected in said at least one software product, wherein a path through said graph begins at a start node having relatively lower access vulnerability, and wherein said path ends at an end node having relatively higher vulnerability impact; and determining a risk score based on said path through said graph and at least one of said composite risk score and said aggregate risk score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable storage medium having stored thereon, computer executable instructions that, if executed by a computer system cause the computer system to perform a method of risk analysis comprising:
-
accessing, within an electronic system, host configuration information of a host; querying a vulnerability database based on said host configuration information; receiving a list of vulnerabilities, wherein said list of vulnerabilities corresponds to vulnerabilities of said host; accessing a plurality of vulnerability scores for said host and at least one software product of said host, wherein said plurality of vulnerability scores measure access vulnerability and vulnerability impact, and wherein said host and said at least one software product of said host are respectively associated with more than one of said plurality of vulnerability scores; determining a composite risk score for at least one of said host and said at least one software product of said host based on said plurality of vulnerability scores, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and said at least one software product of said host, and wherein said composite risk score is based on a highest vulnerability score among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host; determining an aggregate risk score for said host and said at least one software product of said host based on said plurality of vulnerability scores, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and said at least one software product of said host, and wherein said aggregate risk score is based on a summation among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host; generating a graph representing said at least one software product of said host, wherein nodes of said graph represent software states of said at least one software product, wherein edges of said graph represent vulnerabilities detected in said at least one software product, wherein a path through said graph begins at a start node having relatively lower access vulnerability, and wherein said path ends at an end node having relatively higher vulnerability impact; and determining a risk score based on said path through said graph and at least one of said composite risk score and said aggregate risk score. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a host configuration access module for accessing host configuration information; a vulnerability database query module for querying a vulnerability database, wherein a host and at least one software product of said host are respectively associated with more than one of a plurality of vulnerability scores; a fix database query module for querying a fix database; a composite risk determination module for determining a composite risk score based on data from said vulnerability database and based on data from said fix database, wherein said composite risk score measures at least in part a severity reflecting that an exploited vulnerability is needed by an attacker to compromise at least one of said host and said at least one software product of said host, and wherein said composite risk score is based on a highest vulnerability score among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host; an aggregate risk determination module for determining an aggregate risk score based on data from said vulnerability database and based on data from said fix database, wherein said aggregate risk score measures at least in part a number of options available to said attacker for compromising at least one of said host and said at least one software product of said host, and wherein said aggregate risk score is based on a summation among the more than one of said plurality of vulnerability scores respectively associated with at least one of said host and said at least one software product of said host; and a risk determination module for determining and reporting a risk score based on at least one of said composite risk score and said aggregate risk score, and based on a graph representing said at least one software product of said host, wherein nodes of said graph represent software states of said at least one software product, wherein edges of said graph represent vulnerabilities detected in said at least one software product, wherein a path through said graph begins from a start node having relatively lower access vulnerability based on data from said vulnerability database, and wherein said path ends at an end node having relatively higher vulnerability impact. - View Dependent Claims (18, 19, 20)
-
Specification