Vulnerability-based remediation selection

US 9,349,013 B2
Filed: 08/16/2013
Issued: 05/24/2016
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A host device comprising:

at least one processor;

at least one memory device;

a network interface device;

a sensor program stored in the at least one memory device and executed by the at least one processor to;

automatically assess a current state of the host device to identify a plurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;

automatically send information representative of the current state of the host device to a server via the network interface device including the identified plurality of T_ID fields;

automatically receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;

instructions executable by the processor though the sensor program, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T_ID fields, the at least oneremediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_IDs ANDed second list of R_IDs identified using technology genus (T GEN) as an index wherein the T_GEN is determined from at least one of theT_ID fields, and further ANDed against a third R_IDs identified using the V_ID of the at least one vulnerability as an index; and

for each of the T_ID fields of the subset of the plurality of the identified T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); and

automatically implement the at least one remediation upon the host device through execution of the instructions of the received remediation information to mitigate the at least one vulnerability of the host device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between a remediation, at least one action, and at least two vulnerabilities. A method of selecting a remediation, that is appropriate to a vulnerability which is present on a machine to be remediated, may include: providing a machine-actionable memory as mentioned above; and indexing into the memory using: a given vulnerability identifier to determine (A) at least one of a remediation mapped thereto and (B) at least one action mapped to the given vulnerability identifier; and/or a given remediation to determine at least two vulnerabilities mapped thereto.

Citations

15 Claims

1. A host device comprising:
- at least one processor;
  
  at least one memory device;
  
  a network interface device;
  
  a sensor program stored in the at least one memory device and executed by the at least one processor to;
  
  automatically assess a current state of the host device to identify a plurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
  
  automatically send information representative of the current state of the host device to a server via the network interface device including the identified plurality of T_ID fields;
  
  automatically receive, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;
  
  instructions executable by the processor though the sensor program, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T_ID fields, the at least oneremediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_IDs ANDed second list of R_IDs identified using technology genus (T GEN) as an index wherein the T_GEN is determined from at least one of theT_ID fields, and further ANDed against a third R_IDs identified using the V_ID of the at least one vulnerability as an index; and
  
  for each of the T_ID fields of the subset of the plurality of the identified T_ID fields, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); and
  
  automatically implement the at least one remediation upon the host device through execution of the instructions of the received remediation information to mitigate the at least one vulnerability of the host device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The host device of claim 1, wherein the sensor program is further executable by the at least one processor to:
    - reassess the current state of the host device following implementation of the at least one remediation on the host device; and
      
      send information representative of the reassessed current state of the host device to the server via the network interface device.
  - 3. The host device of claim 1, wherein the host device is a printer.
  - 4. The host device of claim 1, wherein the vulnerability remediation information includes a R_ID denoting an identification (ID) of the at least one remediation (R).
  - 5. The host device of claim 1, where the sensor program is further executable by the at least one processor to:
    - receive, via the network interface device, information to be processed during the assessing of the current state of the host device, the received information identifying a particular vulnerability.

6. A method comprising:
- automatically assessing a current state of a host device to identify aplurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
  
  automatically sending information representative of the current state of the host device to a server via a network interface device including the identified plurality of T_ID fields;
  
  automatically receiving, via the network interface;
  
  device, vulnerability remediation information from the server, the vulnerability remediation information including;
  
  instructions executable by a processor of the host device though a sensor program implementing the method, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T^—ID fields; and
  
  for each of the T ID fields of the subset of the plurality of identified T^—ID fields the at least one remediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_IDs ANDed second list of R_IDs identified using technology genus (T GEN) as an index wherein the T_GEN is determined from at least one of the T_ID fields, and further ANDed against a third R_IDs identified using the V_ID of the at least one vulnerability as an index, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT);
  
  and automatically implementing the at least one remediation upon the host device through execution of the instruction of the received remediation information to mitigate the at least one vulnerability of the host device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - reassessing the current state of the host device following implementation of the at least one remediation on the host device; and
      
      sending information representative of the reassessed current state of the host device to the server via the network interface device.
  - 8. The method of claim 6, wherein the host device is a printer.
  - 9. The method of claim 6, wherein the vulnerability remediation information includes a R_ID denoting an identification (ID) of the at least one remediation (R).
  - 10. The method of claim 6, further comprising:
    - receiving, via the network interface device, information to be processed during the assessing of the current state of the host device, the received information identifying a particular vulnerability.

11. A machine-readable storage device, with instructions stored thereon, which when executed by at least one processor, causes a machine to perform a method comprising:
- automatically assessing a current state of a host device to identify aplurality of T_ID fields that each denote an identification (ID) of a technology species (T) present in the host device;
  
  automatically sending information representative of the current state of the host device to a server via a network interface device including the identified plurality of T_D fields;
  
  automatically receiving, via the network interface device, vulnerability remediation information from the server, the vulnerability remediation information including;
  
  instructions executable by a processor of the host device though a sensor program implementing the method, the instructions including at least one remediation for at least one vulnerability of the host device and at least a subset of the plurality of identified T_ID fields; and
  
  for each of the T ID fields of the subset of the plurality of identified T_ID fields the at least one remediation determined by the server at least in part by AND operations comprising a first list of remediation identifications (R IDs) identified using a vulnerability identification (V ID) of the at least one vulnerability as a database index for a list of R_Ds ANDed second list of R_Ds identified using technology genus (T GEN) as a index wherein the T_GEN is determined from at least one of the T_D fields, and further ANDed against a third R_IDs identified using the V_D of the at least one vulnerability as an index, a plurality of ACT_ID fields, wherein the content of an ACT_ID field denotes an ID of an action (ACT); and
  
  automatically implementing the at least one remediation upon the host device through execution of the instruction of the received remediation information to mitigate the at least one vulnerability of the host device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The machine-readable storage device of claim 11, the method further comprising:
    - reassessing the current state of the host device following implementation of the at least one remediation on the host device; and
      
      sending information representative of the reassessed current state of the host device to the server via the network interface device.
  - 13. The machine-readable storage device of claim 11, wherein the host device is a printer.
  - 14. The machine-readable storage device of claim 11, wherein the vulnerability remediation information includes a R ID denoting an identification (ID) of the at least one remediation (R).
  - 15. The machine-readable storage device of claim 11, the method further comprising:
    - receiving, via the network interface device, information to be processed during the assessing of the current state of the host device, the received information identifying a particular vulnerability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
D'Mello, Kurt, Tyree, David Spencer, Gandhe, Sudhir
Primary Examiner(s)
Wang, Harris C

Application Number

US13/969,014
Publication Number

US 20130333044A1
Time in Patent Office

1,012 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/577 Assessing vulnerabilities a...

Vulnerability-based remediation selection

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Vulnerability-based remediation selection

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links