Prioritizing asset remediations
First Claim
Patent Images
1. A computer-implemented method performed by a data processing apparatus, comprising:
- using at least one processor device to generate a risk metric for an asset and a threat, wherein the risk metric is an estimate of a risk that the threat will affect the asset;
generating a remediation availability metric for the asset and the threat, wherein the remediation availability metric is based, at least in part, on whether a remediation for the threat is available and not applied to the asset, wherein the remediation reduces the risk that the threat will affect the asset when applied to the asset; and
determining a remediation prioritization metric for the asset and the threat according to the risk metric and the remediation availability metric, wherein the remediation prioritization metric specifies a priority of applying the remediation to the asset;
wherein generating the risk metric for the asset and the threat comprises;
receiving threat definition data for the threat and vulnerability detection data and countermeasure detection data for the asset, wherein the threat definition data identifies one or more countermeasures that reduce a risk that the threat will affect an asset, the vulnerability detection data identifies threats to which the asset is vulnerable, and the countermeasure detection data identifies one or more countermeasures protecting the asset;
analyzing the vulnerability detection data to determine whether the asset is vulnerable to the threat;
determining from the threat definition data and the countermeasure detection data whether the asset is protected by one of the countermeasures identified for the threat; and
determining the risk metric for the asset for the threat according to whether the asset is vulnerable to the threat and whether the asset is protected by one of the countermeasures identified for the threat.
10 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on computer storage media, for prioritizing asset remediations. One method includes generating a risk metric for an asset and a threat, generating a remediation availability metric for the asset and the threat, and determining a remediation prioritization metric for the asset and the threat according to the risk metric and the remediation availability metric. The remediation prioritization metric specifies a priority of applying the remediation to the asset.
90 Citations
23 Claims
-
1. A computer-implemented method performed by a data processing apparatus, comprising:
-
using at least one processor device to generate a risk metric for an asset and a threat, wherein the risk metric is an estimate of a risk that the threat will affect the asset; generating a remediation availability metric for the asset and the threat, wherein the remediation availability metric is based, at least in part, on whether a remediation for the threat is available and not applied to the asset, wherein the remediation reduces the risk that the threat will affect the asset when applied to the asset; and determining a remediation prioritization metric for the asset and the threat according to the risk metric and the remediation availability metric, wherein the remediation prioritization metric specifies a priority of applying the remediation to the asset; wherein generating the risk metric for the asset and the threat comprises; receiving threat definition data for the threat and vulnerability detection data and countermeasure detection data for the asset, wherein the threat definition data identifies one or more countermeasures that reduce a risk that the threat will affect an asset, the vulnerability detection data identifies threats to which the asset is vulnerable, and the countermeasure detection data identifies one or more countermeasures protecting the asset; analyzing the vulnerability detection data to determine whether the asset is vulnerable to the threat; determining from the threat definition data and the countermeasure detection data whether the asset is protected by one of the countermeasures identified for the threat; and determining the risk metric for the asset for the threat according to whether the asset is vulnerable to the threat and whether the asset is protected by one of the countermeasures identified for the threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising:
-
a processor; and a computer storage medium coupled to the processor and including instructions, which, when executed by the processor, causes the processor to perform operations comprising; generating a risk metric for an asset and a threat, wherein the risk metric is an estimate of a risk that the threat will affect the asset; generating a remediation availability metric for the asset and the threat, wherein the remediation availability metric is based, at least in part, on whether a remediation for the threat is available and not applied to the asset, wherein the remediation reduces the risk that the threat will affect the asset when applied to the asset; and determining a remediation prioritization metric for the asset and the threat according to the risk metric and the remediation availability metric, wherein the remediation prioritization metric specifies a priority of applying the remediation to the asset; wherein generating the risk metric for the asset and the threat comprises; receiving threat definition data for the threat and vulnerability detection data and countermeasure detection data for the asset, wherein the threat definition data identifies one or more countermeasures that reduce a risk that the threat will affect an asset, the vulnerability detection data identifies threats to which the asset is vulnerable, and the countermeasure detection data identifies one or more countermeasures protecting the asset; analyzing the vulnerability detection data to determine whether the asset is vulnerable to the threat; determining from the threat definition data and the countermeasure detection data whether the asset is protected by one of the countermeasures identified for the threat; and determining the risk metric for the asset for the threat according to whether the asset is vulnerable to the threat and whether the asset is protected by one of the countermeasures identified for the threat. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-storage medium encoded with a computer program including instructions operable to cause data processing apparatus to perform operations comprising:
-
generating a risk metric for an asset and a threat, wherein the risk metric is an estimate of a risk that the threat will affect the asset; generating a remediation availability metric for the asset and the threat, wherein the remediation availability metric is based, at least in part, on whether a remediation for the threat is available and not applied to the asset, wherein the remediation reduces the risk that the threat will affect the asset when applied to the asset; and determining a remediation prioritization metric for the asset and the threat according to the risk metric and the remediation availability metric, wherein the remediation prioritization metric specifies a priority of applying the remediation to the asset; wherein generating the risk metric for the asset and the threat comprises; receiving threat definition data for the threat and vulnerability detection data and countermeasure detection data for the asset, wherein the threat definition data identifies one or more countermeasures that reduce a risk that the threat will affect an asset, the vulnerability detection data identifies threats to which the asset is vulnerable, and the countermeasure detection data identifies one or more countermeasures protecting the asset; analyzing the vulnerability detection data to determine whether the asset is vulnerable to the threat; determining from the threat definition data and the countermeasure detection data whether the asset is protected by one of the countermeasures identified for the threat; and determining the risk metric for the asset for the threat according to whether the asset is vulnerable to the threat and whether the asset is protected by one of the countermeasures identified for the threat. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification