Method and system for dynamic and comprehensive vulnerability management
First Claim
1. A system for dynamic and comprehensive vulnerability management comprising:
- at least one processor; and
at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including;
obtaining vulnerability management data, the vulnerability management data including one or more levels of security that must be associated with one or more accounts or assets;
amending, following receiving modifications specified by one or more parties associated with an asset being managed by the vulnerability management data, the vulnerability management data;
obtaining scanner data representing one or more scanners configured to detect and monitor vulnerabilities and vulnerability characteristics reflected in the vulnerability management data, at least one scanner of the scanner data including a plurality of scanner tests configured to detect a plurality of vulnerabilities;
obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the scanners, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time;
correlating the remedy data with vulnerabilities discoverable by the scanner tests;
obtaining asset data associated with an asset;
analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner data to be applied to the asset;
determining an ideal time to deploy the relevant scanner test on the asset;
automatically deploying the relevant scanner test on the asset at, or before, the ideal time;
identifying, by the relevant scanner test, a vulnerability of the asset;
identifying a remedy in the remedy data, the identified remedy being associated with the identified vulnerability;
automatically applying the identified remedy to the asset;
automatically re-deploying the relevant scanner on the asset to determine whether the identified vulnerability is still present; and
upon a determination that the identified vulnerability is present after the identified remedy has been applied, taking protective action to mitigate the vulnerability.
0 Assignments
0 Petitions
Accused Products
Abstract
One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.
233 Citations
30 Claims
-
1. A system for dynamic and comprehensive vulnerability management comprising:
-
at least one processor; and at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data, the vulnerability management data including one or more levels of security that must be associated with one or more accounts or assets; amending, following receiving modifications specified by one or more parties associated with an asset being managed by the vulnerability management data, the vulnerability management data; obtaining scanner data representing one or more scanners configured to detect and monitor vulnerabilities and vulnerability characteristics reflected in the vulnerability management data, at least one scanner of the scanner data including a plurality of scanner tests configured to detect a plurality of vulnerabilities; obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the scanners, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time; correlating the remedy data with vulnerabilities discoverable by the scanner tests; obtaining asset data associated with an asset; analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner data to be applied to the asset; determining an ideal time to deploy the relevant scanner test on the asset; automatically deploying the relevant scanner test on the asset at, or before, the ideal time; identifying, by the relevant scanner test, a vulnerability of the asset; identifying a remedy in the remedy data, the identified remedy being associated with the identified vulnerability; automatically applying the identified remedy to the asset; automatically re-deploying the relevant scanner on the asset to determine whether the identified vulnerability is still present; and upon a determination that the identified vulnerability is present after the identified remedy has been applied, taking protective action to mitigate the vulnerability. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for dynamic and comprehensive vulnerability management comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored, the vulnerability management data including one or more levels of security that must be associated with one or more accounts or assets; amending, following receiving modifications specified by one or more parties associated with an asset being managed by the vulnerability management data, the vulnerability management data; obtaining scanner data representing one or more scanners configured to detect and monitor vulnerabilities and vulnerability characteristics reflected in the vulnerability management data, at least one scanner of the scanner data including a plurality of scanner tests configured to detect a plurality of vulnerabilities; classifying the one or more scanners and identifying duplicate scanner tests; storing the scanner data and scanner classification data in a scanner database; obtaining remedy data representing two or more remedies or remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time; correlating the remedy data with the scanner data and the vulnerabilities scanned for by the one or more scanner tests; obtaining asset data associated with an asset indicating an asset type and operational characteristics associated with the asset; analyzing the asset data to identify asset vulnerability characteristics data associated with the asset; analyzing the vulnerability management data and the vulnerability characteristics data associated with the asset to automatically select one or more relevant scanner tests represented in the scanner data to be applied to the asset; generating scanner deployment procedure data indicating when the one or more relevant scanner tests are to be applied to the asset; automatically applying the one or more relevant scanner tests to the asset in accordance with the scanner deployment procedure data; de-duplicating results data received from the one or more relevant scanner tests; determining whether a vulnerability is indicated in the de-duplicated results data from the one or more relevant scanner tests; upon a determination that a vulnerability is indicated in the de-duplicated results data from the one or more relevant scanner tests, automatically identifying the remedy or remedy procedure associated with the identified vulnerability in the remedy data; automatically implementing the identified remedy or remedy procedure; automatically re-deploying at least the scanner tests associated with the identified vulnerability to the asset to determine whether the identified vulnerability has been corrected; and upon a determination that the identified vulnerability is present after the remedy or remedy procedure associated with the identified vulnerability has been applied, or after a defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for dynamic and comprehensive application development process vulnerability management comprising:
-
at least one processor; and at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability management, the process for dynamic and comprehensive vulnerability management including; obtaining vulnerability management data representing one or more vulnerability management policies, vulnerabilities, and vulnerability characteristics to be monitored, the vulnerability management data including one or more levels of security that must be associated with one or more accounts or assets; amending, following receiving modifications specified by one or more parties associated with an asset being managed by the vulnerability management data, the vulnerability management data; obtaining scanner data representing one or more scanners, each of the scanners including one or more scanner tests for detecting a vulnerability in an asset associated with an application development process, at least one scanner of the scanner data including a plurality of scanner tests configured to detect a plurality of vulnerabilities; classifying the one or more scanners and identifying duplicate scanner tests; storing the scanner data and scanner classification data in a scanner database; obtaining remedy data representing two or more remedies or remedy procedures associated with vulnerabilities scanned for by the one or more scanner tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic re-setting or changing a response time; correlating the remedy data with the scanner data and the vulnerabilities scanned for by the one or more scanner tests; obtaining asset data associated with one or more assets used by the application development process indicating asset types and operational characteristics associated with the assets; analyzing the asset data to identify asset vulnerability characteristics data associated with the assets indicating potential vulnerabilities associated with application development process; analyzing the vulnerability management data and the vulnerability characteristics data associated with the assets to select one or more relevant scanner tests in the scanner data to be applied to the application development process; generating scanner deployment procedure data indicating what stage in the application development process the one or more relevant scanner tests are to be applied; automatically applying the one or more relevant scanner tests to the assets associated with the application development process in accordance with the scanner deployment procedure data; de-duplicating results data received from the one or more relevant scanner tests; identifying, by the relevant scanner test, a vulnerability of the asset; identifying a remedy in the remedy data, the identified remedy being associated with the identified vulnerability; automatically implementing the identified remedy or remedy procedure; automatically re-deploying at least one scanner test associated with the identified vulnerability to determine whether the identified vulnerability has been corrected; and upon a determination that the identified vulnerability is present after the remedy or remedy procedure associated with the identified vulnerability has been applied, or after a defined vulnerability correction time period has elapsed, automatically taking protective action to mitigate the vulnerability. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification