Self-replicating distributed vulnerability management agent apparatuses, methods, and systems

US 9,800,603 B1
Filed: 03/31/2015
Issued: 10/24/2017
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method for propagating a self-propelling distributed vulnerability management bot through a target network without user input, the method comprising:

scanning at least a portion of the target network to identify at least one node on the target network with at least one vulnerability;

exploiting the at least one vulnerability to install an implant of the self-propelling bot in memory on the at least one node;

instantiating a stager on the at least one node using the implant;

downloading a module from a vulnerability resource management server outside the target network using the stager;

installing the module in the memory on the at least one node to provide additional functionality to the implant;

detecting additional vulnerabilities on the at least one node using the downloaded module;

transmitting the additional vulnerabilities to the vulnerability resource management server;

downloading a patching module from the vulnerability resource management server;

installing the patching module in the memory on the at least one node; and

applying patches, using the patching module, to the at least one node to correct the at least one vulnerability and the additional vulnerabilities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A controlled vulnerability management agent programmable to arm itself and attempt to propagate and extract vulnerabilities from a target network, without input from a user. The agent may also send status and vulnerability information to a unified vulnerability resource management (unified VRM) platform, and may also have the ability to fix vulnerabilities through a real-time control center associated with the unified vulnerability resource management platform.

Citations

22 Claims

1. A processor-implemented method for propagating a self-propelling distributed vulnerability management bot through a target network without user input, the method comprising:
- scanning at least a portion of the target network to identify at least one node on the target network with at least one vulnerability;
  
  exploiting the at least one vulnerability to install an implant of the self-propelling bot in memory on the at least one node;
  
  instantiating a stager on the at least one node using the implant;
  
  downloading a module from a vulnerability resource management server outside the target network using the stager;
  
  installing the module in the memory on the at least one node to provide additional functionality to the implant;
  
  detecting additional vulnerabilities on the at least one node using the downloaded module;
  
  transmitting the additional vulnerabilities to the vulnerability resource management server;
  
  downloading a patching module from the vulnerability resource management server;
  
  installing the patching module in the memory on the at least one node; and
  
  applying patches, using the patching module, to the at least one node to correct the at least one vulnerability and the additional vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising erasing all traces of the implant from the at least one node.
  - 3. The method of claim 1, further comprising providing a user interface in communication with the vulnerability resource management server, the user interface being configured to allow a user to monitor the propagation of the self-propelling bot.
  - 4. The method of claim 3, wherein the user interface is further configured to allow a user to define a spreading boundary that limits the propagation of the self-propelling bot through the target network.
  - 5. The method of claim 3, wherein the user interface is further configured to allow a user to initiate a kill operation to instantaneously delete all implants of the self-propelling bot present in memory on the nodes in the target network.
  - 6. The method of claim 1, further comprising providing at least one control post configured to provide redundancy and load balancing between the vulnerability resource management server and a plurality of implants on the target network.
  - 7. The method of claim 6, further comprising providing at least one listening post configured to receive and send data between the at least one control post and the implants on the target network.
  - 8. The method of claim 7, wherein the listening post is further configured to store data in a database and send stored data between the at least one control post and the implants at a predetermined interval.
  - 9. The method of claim 8, wherein the implants comprise edge implants in communication with the at least one listening post through the internet and depth implants that are only in communication with other implants on the target network.

10. A system for propagating a self-propelling distributed vulnerability management bot through a target network without user input, the system comprising:
- a plurality of electronic devices configured to act as nodes on a target network, with at least a portion of the nodes being exploitable nodes;
  
  a vulnerability resource management server in communication with the target network;
  
  a plurality of implants of the self-propelled bot installed in memory on each of the exploitable nodes;
  
  at least one control post in communication with the vulnerability resource management server;
  
  at least one listening post communicatively disposed between the control post and the implants to form part of a communication channel between the implants and the vulnerability resource management server.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The system of claim 10, wherein the plurality of implants are each configured to instantiate a stager on at least one of the exploitable nodes, the stager being configured to download one or more modules from the vulnerability resource management server, wherein the modules are configured to provide additional functionality to the implant.
  - 12. The system of claim 11, wherein the one or more modules includes a detection engine configured to detect vulnerabilities in the node where an implant is installed.
  - 13. The system of claim 11, wherein the one or more modules includes a patching module configured to correct vulnerabilities present in the node.
  - 14. The system of claim 10, wherein the implants comprise edge implants and depth implants, wherein the edge implants communicate directly with the listening post and other implants, and wherein the depth implants communicate only with other implants.
  - 15. The system of claim 10, further comprising a user interface in communication with the vulnerability resource management server, the user interface being configured to allow a user to monitor the propagation of the self-propelling bot.
  - 16. The system of claim 15, wherein the user interface is further configured to allow a user to define a spreading boundary that limits the extent to which the self-propelling bot can propagate through the target network.
  - 17. The system of claim 15, wherein the user interface is further configured to allow a user to initiate a kill operation to instantaneously delete all implants of the self-propelling bot present in memory on the nodes in the target network.
  - 18. The system of claim 10, wherein the control post is configured to provide redundancy and load balancing between the vulnerability resource management server and a plurality of implants on the target network.
  - 19. The system of claim 10, wherein the listening post is further configured to store data in a database and send stored data between the at least one control post and the implants at a predetermined interval.
  - 20. The system of claim 10, wherein the implants comprise edge implants in communication with the at least one listening post through the internet and depth implants that are only in communication with other implants on the target network.
  - 21. The system of claim 10, wherein the implants are configured to communicate with each other through a peer-to-peer protocol.

22. A non-transitory computer-readable medium for propagating a self-propelling distributed vulnerability management bot through a target network without user input, the medium storing processor-issuable-and-generated instructions to:
- scan at least a portion of the target network to identify at least one node on the network with at least one vulnerability;
  
  exploit the at least one vulnerability to install an implant of the self-propelling bot in memory on the at least one node;
  
  instantiate a stager on the at least one node using the implant;
  
  download a module from a vulnerability resource management server outside the target network using the stager;
  
  install the module in the memory on the at least one node to provide additional functionality to the implant;
  
  detect additional vulnerabilities on the at least one node using the downloaded module;
  
  transmit the additional vulnerabilities to the vulnerability resource management server;
  
  download a patching module from the vulnerability resource management server, the patching module being configured to correct the at least one vulnerability and the additional vulnerabilities;
  
  install the patching module in the memory on the at least one node; and
  
  apply patches, using the patching module, to the at least one node to correct the at least one vulnerability and additional vulnerabilities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NopSec, Inc.
Original Assignee
NopSec, Inc.
Inventors
Sidagni, Michelangelo
Primary Examiner(s)
To, Baotran N

Application Number

US14/675,380
Time in Patent Office

938 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 8/36   Software reuse

G06F 8/65   Updates security arrangemen...

H04L 63/1433   Vulnerability analysis

Self-replicating distributed vulnerability management agent apparatuses, methods, and systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Self-replicating distributed vulnerability management agent apparatuses, methods, and systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links