Methods and apparatus for prioritization of remediation techniques for network security risks
First Claim
1. A method for a computer system including a display device comprising:
- receiving, by the computer system, a description of a first network topology for at least a portion of a network, wherein the first network topology includes at least;
a location of a first server device, existence of a threat source device remote from the first server location and a first set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device;
determining, by the computer system, a current security risk value of the first server device based on at least the first network topology, the first set of vulnerabilities and a reachability of the first server from the threat source;
determining, by the computer system, a plurality of remediation actions in response to the current security risk value and first network topology wherein;
each remediation action includes a modification to the network topology and the plurality of remediation actions comprises, at least, a first remediation action and a second remediation action;
for at least two of the plurality of remediation actions;
determining, by the computer system, a description of a network topology based on the first network topology and the at least one of the plurality of remediation actions wherein the new network topology indicates at least;
the location of the first server device, the existence of the threat source device and a new set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device;
determining, by the computer system, an updated security risk value of the first server device based on at least the new network topology the new set of vulnerabilities and the reachability of the first server from the threat source; and
displaying a prioritized list of said remediation actions from the plurality of remediation actions on the display device based on the updated security risk associated with each remediation action.
9 Assignments
0 Petitions
Accused Products
Abstract
A method for a computer system includes receiving a topology of a network including a server location and a threat server at a threat server location, determining a vulnerability security risk for the server location, determining remediation actions including a first action and a second action in response to the vulnerability, determining updated security risks associated with the server location including an first updated security risk for a first action and a second updated security risk for, and displaying a prioritized list of remediation actions on the display, wherein the first remediation action is prioritized over the second remediation action when the first updated security risk value with respect to the security risk value shows a greater improvement in risk than the second updated security risk value with respect to the security risk value.
156 Citations
21 Claims
-
1. A method for a computer system including a display device comprising:
-
receiving, by the computer system, a description of a first network topology for at least a portion of a network, wherein the first network topology includes at least;
a location of a first server device, existence of a threat source device remote from the first server location and a first set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device;determining, by the computer system, a current security risk value of the first server device based on at least the first network topology, the first set of vulnerabilities and a reachability of the first server from the threat source; determining, by the computer system, a plurality of remediation actions in response to the current security risk value and first network topology wherein; each remediation action includes a modification to the network topology and the plurality of remediation actions comprises, at least, a first remediation action and a second remediation action; for at least two of the plurality of remediation actions; determining, by the computer system, a description of a network topology based on the first network topology and the at least one of the plurality of remediation actions wherein the new network topology indicates at least;
the location of the first server device, the existence of the threat source device and a new set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device;determining, by the computer system, an updated security risk value of the first server device based on at least the new network topology the new set of vulnerabilities and the reachability of the first server from the threat source; and displaying a prioritized list of said remediation actions from the plurality of remediation actions on the display device based on the updated security risk associated with each remediation action. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing computer-system executable-code, the code comprising:
-
code that directs a computer system to receive a description of a first network topology for at least a portion of a network, wherein the topology of the network indicates at least; a location of a first server device, existence of a threat source device remote from the first server location and a first set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device; code that directs the computer system to determine a current security risk value of the first server device based on at least the first network topology, the first set of vulnerabilities and a reachability of the first server from the threat source; code that directs the computer system to determine a plurality of remediation actions in response to the current security risk value and first network topology, wherein;
each remediation action includes a modification to the network topology and the plurality of said remediation actions comprises, at least, a first remediation action and a second remediation action;code that directs the computer system to for at least two of the plurality of remediation actions;
determine a description of a new network topology based on the first network topology and the at least one of the plurality of remediation actions wherein the new network topology indicates at least;
the location of the first server device, the existence of the threat source device and a new set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device; and
determine an updated security risk value to the first server device based on at least the new network topology, the new set of vulnerabilities and the reachability of the first server from the threat source; andcode that directs the computer system to display a prioritized list of said remediation actions from the plurality of remediation actions on a display device based on the updated security risk associated with each remediation action. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
a display device configured to output data to a user; a memory configured to store a description of a first network topology for at least a portion of a network, wherein the topology of the network indicates at least; a first server device at a first server location, existence of a threat source remote from the first server location and a first set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device; and a processor coupled to the memory, wherein the processor is configured to determine a current security risk value associated with the first server location based on at least the network topology, the first set of vulnerabilities and a reachability of the first server from the threat source, wherein the processor is configured to determine a plurality of remediation actions in response to the current security risk value and the first network topology, wherein;
each remediation action includes a modification to the network topology and the plurality of remediation actions comprises, at least, a first remediation action and a second remediation action;wherein the processor is configured to for at least two of the plurality of remediation actions, determine a description of a new network topology based on the first network topology and the at least one of the plurality of remediation actions wherein the new network topology indicates at least;
the location of the first server device, the existence of the threat source device, and a new set of vulnerabilities defined by at least vulnerability attributes of the first server device relative to the threat source device; and
determine an updated security risk value associated with the first server location based on at least;
the new network topology, the new set of vulnerabilities and the reachability of the first server from the threat source, andwherein the processor is configured to display a prioritized list of remediation actions from the plurality of said remediation actions on the display device based on the updated security risk associated with each remediation action. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification