Method and system to prioritize vulnerabilities based on contextual correlation
First Claim
1. A method for prioritizing vulnerabilities of a specific asset deployed by an organization in a specific virtual computing environment, performed by a processor-based contextual vulnerabilities prioritization system, comprising:
- determining a vulnerability score for the specific asset, based on a CVSS (common vulnerability scoring system) score or other base vulnerability score or temporal vulnerability score, wherein the specific asset is a virtual machine or virtual application that is implemented using physical computing components in the specific virtual computing environment;
receiving information about a threat;
correlating the information about the threat with information about the specific asset based upon environmental factors of the specific asset to determine a threat score for the specific asset, wherein the environmental factors include characteristics of a customer associated with the specific asset, characteristics of the specific asset relative to the threat, and characteristics of a workload distribution relative to the threat;
determining a contextual score for the specific asset based on at least one tag of the specific asset; and
deriving a prioritization score for the specific asset, the prioritization score a combination of the vulnerability score, the threat score and the contextual score, the prioritization score representing a prioritizing, specific to the specific asset, of a context-dependent vulnerability of the specific asset to the threat.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for prioritizing vulnerabilities of an asset in a virtual computing environment is provided. The method includes determining a vulnerability score for the asset, based on at least one of a base vulnerability score or a temporal vulnerability score and receiving information about a threat. The method includes correlating the information about the threat with information about the open vulnerabilities on the asset and also about the asset to determine a threat score for the asset and determining a contextual score for the asset based on at least one tag of the asset. The method includes deriving a prioritization score for the asset, the prioritization score a combination of the vulnerability score, the threat score and the contextual score, wherein at least one method action is performed by a processor.
70 Citations
20 Claims
-
1. A method for prioritizing vulnerabilities of a specific asset deployed by an organization in a specific virtual computing environment, performed by a processor-based contextual vulnerabilities prioritization system, comprising:
-
determining a vulnerability score for the specific asset, based on a CVSS (common vulnerability scoring system) score or other base vulnerability score or temporal vulnerability score, wherein the specific asset is a virtual machine or virtual application that is implemented using physical computing components in the specific virtual computing environment; receiving information about a threat; correlating the information about the threat with information about the specific asset based upon environmental factors of the specific asset to determine a threat score for the specific asset, wherein the environmental factors include characteristics of a customer associated with the specific asset, characteristics of the specific asset relative to the threat, and characteristics of a workload distribution relative to the threat; determining a contextual score for the specific asset based on at least one tag of the specific asset; and deriving a prioritization score for the specific asset, the prioritization score a combination of the vulnerability score, the threat score and the contextual score, the prioritization score representing a prioritizing, specific to the specific asset, of a context-dependent vulnerability of the specific asset to the threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A tangible, non-transitory, computer-readable media having instructions thereupon which, when executed by a processor, cause the processor to perform a method comprising:
-
obtaining one of a base common vulnerability scoring system (CVSS) score or a temporal common vulnerability scoring system score, concerning a specific asset deployed by an organization in a specific virtual computing environment, wherein the specific asset is a virtual machine or a virtual application that is implemented using physical computing components in the specific virtual computing environment; receiving threat information; generating a threat score for the specific asset, based on applicability of the threat information to the specific asset relative to environmental factors of the specific asset, wherein the environmental factors include characteristics of a customer associated with the specific asset, characteristics of the specific asset relative to the threat, and characteristics of the workload distribution relative to the threat; generating a contextual score for the specific asset, based on information on at least one tag of the specific asset; and generating a prioritization score for the specific asset, based on a multiplication of the contextual score, the threat score and the one of the base common vulnerability scoring system score or the temporal common vulnerability scoring system score, the prioritization score representing a prioritizing, specific to the specific asset, of a context-dependent vulnerability of the specific asset to the threat. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A processor-based contextual vulnerabilities prioritization system for prioritizing vulnerabilities of a specific asset deployed by an organization in a specific virtual computing environment, comprising:
-
a vulnerability module that obtains a vulnerability score for the specific asset, based on a CVSS (common vulnerability scoring system) score or other base or temporal vulnerability score, wherein the specific asset is a virtual machine or a virtual application that is implemented using physical computing components in the specific virtual computing environment; a threat module that generates a threat score assessing vulnerability of the specific asset to a threat, based on environmental factors of the specific asset relative to threat information and based on information about the specific asset from at least one tag of the specific asset, wherein the environmental factors include characteristics of a customer associated with the specific asset, characteristics of the specific asset relative to the threat, and characteristics of a workload distribution relative to the threat; a contextual module that generates a contextual score based on workload context of the specific asset relative to static aspects of the specific asset from the at least one tag and dynamic aspects of the specific asset from the at least one tag; a prioritization module that multiplies together the threat score, the contextual score and the vulnerability score to generate a prioritization score for the specific asset, the prioritization score representing a prioritizing, specific to the specific asset, of a context-dependent vulnerability of the specific asset to the threat; and a processor coupled to the vulnerability module, the threat module, the contextual module and the prioritization module, which are implemented using the processor, hardware, or firmware, or combination thereof. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification