SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING

US 20120144493A1
Filed: 02/10/2012
Published: 06/07/2012
Est. Priority Date: 01/15/2002
Status: Active Grant

First Claim

Patent Images

1-16. -16. (canceled)

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

62 Citations

View as Search Results

36 Claims

1-16. -16. (canceled)

17. A method comprising:
- assigning, utilizing a computer, a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices;
  
  assigning an exposure risk level to each exposure found in the set of computer devices; and
  
  providing a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network;
  
  wherein the security score is derived from a formula of form F=a−
  
  V−
  
  E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 18. The method of Claim 17, further comprising determining a number of computer devices in the set, wherein the security score is further dependent on the number of computer devices in the set.
  - 19. The method of Claim 17, wherein the plurality of vulnerabilities are found on the set of computer devices through a scan of the set of computer devices, wherein the scan assesses each computer device in the set of computer devices against one or more vulnerabilities in a set of vulnerabilities including the plurality of vulnerabilities.
  - 20. The method of Claim 19, further comprising determining attributes of each computer device in the set of computer devices, wherein each computer device in the set of computer devices is scanned for vulnerabilities in the set of vulnerabilities relating to the attributes of the respective computer device.
  - 21. The method of Claim 17, wherein assigning a vulnerability risk level for each of the plurality of vulnerabilities includes calculating the respective vulnerability risk level for each of the plurality of computer devices.
  - 22. The method of Claim 21, wherein vulnerability risk level of a corresponding vulnerability is calculated based at least in part on popularity of the vulnerability, ease of exploitation of the vulnerability, and level of access granted by the vulnerability.
  - 23. The method of Claim 22, wherein the vulnerability risk level is calculated as one of at least three discrete risk levels.
  - 24. The method of Claim 17, further comprising detecting exposures present on the set of computer devices.
  - 25. The method of Claim 17, wherein the set of computer devices is a network of computer devices.
  - 26. The method of Claim 17, wherein vulnerability level V is based at least in part on the number of high level vulnerabilities affecting the set of computer devices, the number of computer devices in the set vulnerable to the high level vulnerabilities, the number of medium level vulnerabilities affecting the set of computer devices, the number of computer devices in the set vulnerable to the medium level vulnerabilities, the number of low level vulnerabilities affecting the set of computer devices, and the number of computer devices in the set vulnerable to the low level vulnerabilities.
  - 27. The method of Claim 17, wherein exposure loss E is based at least in part on the weighted sum of exposures found on computer devices in the set.
  - 28. The method of Claim 17, wherein the security score indicates security of the set of computer devices as viewed from outside the set of computer devices.
  - 29. The method of Claim 28, wherein each exposure is at least one of an open UDP port, an open ICMP port, and a non-essential service detected among the set of computer devices.
  - 30. The method of Claim 28, wherein the plurality of vulnerabilities are from a set of vulnerabilities affecting the external security of the set of computer devices.
  - 31. The method of Claim 17, wherein the security score indicates security of the set of computer devices as viewed from inside the set of computer devices.
  - 32. The method of Claim 31, wherein each exposure is at least one of a rogue application, wireless access point, trojan horse, and backdoor detected among the set of computer devices.
  - 33. The method of Claim 31, wherein the plurality of vulnerabilities are from a set of vulnerabilities affecting the internal security of the set of computer devices.
  - 34. The method of Claim 17, further comprising determining whether each computer device in a plurality of computer devices is active, wherein each active computer device is assigned to the set of computer devices.

35. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
- assigning a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices;
  
  assigning an exposure risk level to each exposure found in the set of computer devices; and
  
  providing a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network;
  
  wherein the security score is derived from a formula of form F=a−
  
  V−
  
  E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels.

36. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a vulnerability scanner, adapted when executed by the at least one processor device to;
  
  assign a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices;
  
  assign an exposure risk level to each exposure found in the set of computer devices; and
  
  provide a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network;
  
  wherein the security score is derived from a formula of form F=a−
  
  V−
  
  E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Cole, David M., Hanzlik, Dennis J., Caso, Erik

Granted Patent

US 8,700,767 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G02B 2006/12097   Ridge, rib or the like

G02B 2006/12116   Polariser; Birefringent

G02B 5/3083   Birefringent or phase retar...

G02B 6/105   having optical polarisation...

G02B 6/12011   characterised by the arraye...

G02B 6/12023   characterised by means for ...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/0218   Distributed architectures, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR NETWORK VULNERABILITY DETECTION AND REPORTING

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links