System and method for network vulnerability detection and reporting
First Claim
1. A method comprising:
- assigning, utilizing a computer, a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices;
assigning an exposure risk level to each exposure found in the set of computer devices; and
providing a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network;
wherein the security score is derived from a formula of form F=a-V-E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels.
9 Assignments
0 Petitions
Accused Products
Abstract
A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
266 Citations
20 Claims
-
1. A method comprising:
-
assigning, utilizing a computer, a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices; assigning an exposure risk level to each exposure found in the set of computer devices; and providing a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network; wherein the security score is derived from a formula of form F=a-V-E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
assign a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices; assign an exposure risk level to each exposure found in the set of computer devices; and provide a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network; wherein the security score is to be derived from a formula of form F=a-V-E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels.
-
-
20. A system comprising:
-
at least one processor device; at least one memory element; and a vulnerability scanner, adapted when executed by the at least one processor device to; assign a vulnerability risk level to each of a plurality of vulnerabilities found on a set of computer devices; assign an exposure risk level to each exposure found in the set of computer devices; and provide a security score for the set of computer devices that is dependent on at least the vulnerability risk levels of the vulnerabilities and the exposure risk level of the exposures found on the network; wherein the security score is derived from a formula of form F=a-V-E, wherein F is the security score, a is a constant, V is a vulnerability loss, and E is an exposure loss and vulnerability loss V is dependent on at least two of the assigned vulnerability risk levels and exposure loss E is dependent on at least two of the assigned exposure risk levels.
-
Specification