Vulnerability-based remediation selection
First Claim
1. A host device comprising:
- at least one processor;
at least one memory device;
a network interface device;
a sensor program stored in the at least one memory device and executed by the at least one processor to;
automatically assess a current state of the host device to identify a plurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
automatically send information representative of the current state of the host device to a server via the network interface device including the identified plurality of T_ID fields;
automatically receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;
instructions executable by the processor though the sensor program, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T_ID fields, the at least oneremediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_IDs ANDed second list of R_IDs identified using technology genus (T GEN) as an index wherein the T_GEN is determined from at least one of theT_ID fields, and further ANDed against a third R_IDs identified using the V_ID of the at least one vulnerability as an index; and
for each of the T_ID fields of the subset of the plurality of the identified T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); and
automatically implement the at least one remediation upon the host device through execution of the instructions of the received remediation information to mitigate the at least one vulnerability of the host device.
0 Assignments
0 Petitions
Accused Products
Abstract
A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto.
-
Citations
15 Claims
-
1. A host device comprising:
- at least one processor;
at least one memory device;
a network interface device;a sensor program stored in the at least one memory device and executed by the at least one processor to;
automatically assess a current state of the host device to identify a plurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
automatically send information representative of the current state of the host device to a server via the network interface device including the identified plurality of T_ID fields;
automatically receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;instructions executable by the processor though the sensor program, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T_ID fields, the at least one remediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_IDs ANDed second list of R_IDs identified using technology genus (T GEN) as an index wherein the T_GEN is determined from at least one of the T_ID fields, and further ANDed against a third R_IDs identified using the V_ID of the at least one vulnerability as an index; and for each of the T_ID fields of the subset of the plurality of the identified T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); and automatically implement the at least one remediation upon the host device through execution of the instructions of the received remediation information to mitigate the at least one vulnerability of the host device. - View Dependent Claims (2, 3, 4, 5)
- at least one processor;
-
6. A method comprising:
- automatically assessing a current state of a host device to identify a
plurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
automatically sending information representative of the current state of the host device to a server via a network interface device including the identified plurality of T_ID fields;automatically receiving, via the network interface;
device, vulnerability remediation information from the server, the vulnerability remediation information including;instructions executable by a processor of the host device though a sensor program implementing the method, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T—
ID fields; and
for each of the T ID fields of the subset of the plurality of identified T—
ID fields the at least one remediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_IDs ANDed second list of R_IDs identified using technology genus (T GEN) as an index wherein the T_GEN is determined from at least one of the T_ID fields, and further ANDed against a third R_IDs identified using the V_ID of the at least one vulnerability as an index, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);and automatically implementing the at least one remediation upon the host device through execution of the instruction of the received remediation information to mitigate the at least one vulnerability of the host device. - View Dependent Claims (7, 8, 9, 10)
- automatically assessing a current state of a host device to identify a
-
11. A machine-readable storage device, with instructions stored thereon, which when executed by at least one processor, causes a machine to perform a method comprising:
-
automatically assessing a current state of a host device to identify a plurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
automatically sending information representative of the current state of the host device to a server via a network interface device including the identified plurality of T_D fields;automatically receiving, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including; instructions executable by a processor of the host device though a sensor program implementing the method, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T_ID fields; and
for each of the T ID fields of the subset of the plurality of identified T_ID fields the at least one remediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_Ds ANDed second list of R_Ds identified using technology genus (T GEN) as a index wherein the T_GEN is determined from at least one of the T_D fields, and further ANDed against a third R_IDs identified using the V_D of the at least one vulnerability as an index, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); and
automatically implementing the at least one remediation upon the host device through execution of the instruction of the received remediation information to mitigate the at least one vulnerability of the host device. - View Dependent Claims (12, 13, 14, 15)
-
Specification