Systems and methods of associating security vulnerabilities and assets
First Claim
1. An apparatus comprising:
- a memory storing respective definitions of assets of an information system, relationships between the assets, and definitions of security vulnerabilities;
a comparison module operatively coupled to the memory and configured for comparing the definition of a security vulnerability with the respective definitions of the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the comparison module being further configured for determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; and
an association module, operatively coupled to the comparison module and to the memory, configured for associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform, the association module being further configured for creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.
82 Citations
13 Claims
-
1. An apparatus comprising:
-
a memory storing respective definitions of assets of an information system, relationships between the assets, and definitions of security vulnerabilities; a comparison module operatively coupled to the memory and configured for comparing the definition of a security vulnerability with the respective definitions of the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the comparison module being further configured for determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; and an association module, operatively coupled to the comparison module and to the memory, configured for associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform, the association module being further configured for creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
a comparison module comparing a definition of a security vulnerability with respective definitions of assets of an information system stored in a memory, the memory further storing relationships between the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability; the comparison module determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; an association module associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform; and the association module creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform, wherein at least one of the comparison module and the association module is implemented using hardware. - View Dependent Claims (9, 10, 11)
-
-
12. An apparatus comprising:
-
a memory storing respective definitions of assets of an information system, relationships between the assets, and definitions of security vulnerabilities; a comparison module operatively coupled to the memory and configured for comparing the definition of a security vulnerability with the respective definitions of the assets, the security vulnerability definition identifying an exploited asset platform that may be exploited via the security vulnerability, an affected asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, and a protecting asset platform that protects the exploited asset platform or the affected asset platform against the security vulnerability, the comparison module being further configured for determining whether (i) the definition of a particular asset identifies the exploited asset platform, (ii) the definition of another asset that has a relationship with the particular asset identifies the affected asset platform, (iii) the definition of a further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; an association module, operatively coupled to the comparison module and to the memory, configured for associating the security vulnerability and the particular asset where (i) the definition of the particular asset identifies the exploited asset platform and (ii) the definition of the other asset identifies the affected asset platform, the association module being further configured for creating a further association between the security vulnerability and the further asset where (iii) the definition of the further asset identifies the protecting asset platform, and (iv) the further asset has a relationship with the one of the particular asset and the other asset whose definition identifies the exploited asset platform or the affected asset platform that is protected by the protecting asset platform; and a display, operatively coupled to the comparison module and to the association module, configured for providing; a representation of the security vulnerability; a representation of the particular asset; a representation of the other asset; a first type of representation of the association between the security vulnerability and the particular asset; a second type of representation of the further association between the security vulnerability and the other asset; a representation of the further asset; and a representation of the relationship between the particular asset and the further asset. - View Dependent Claims (13)
-
Specification