System and method for scanning for computer vulnerabilities in a network environment

US 8,789,190 B2
Filed: 12/23/2011
Issued: 07/22/2014
Est. Priority Date: 12/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, using at least one data processing apparatus, a plurality of assets to scan in a network;

identifying, using at least one data processing apparatus, a plurality of sets of known vulnerabilities in the plurality of assets, wherein identifying the plurality of sets of known vulnerabilities comprises identifying, for two or more of the plurality of assets, a respective set of known vulnerabilities previously detected as being present on the asset;

identifying, using at least one data processing apparatus, a plurality of sets of new vulnerabilities in the plurality of assets, wherein identifying the plurality of sets of new vulnerabilities comprises identifying, for two or more of the plurality of assets, a respective set of new vulnerabilities for which the asset has not yet been scanned;

selecting, using at least one data processing apparatus, a set of scripts comprising checks for particular vulnerabilities included in a union of the plurality of sets of known vulnerabilities and the plurality of sets of new vulnerabilities; and

using the selected scripts to scan the plurality of assets for vulnerabilities.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method in one embodiment includes identifying a set of known vulnerabilities and a set of new vulnerabilities in an asset, selecting one or more scripts that include checks for vulnerabilities in a union of the set of known vulnerabilities and the set of new vulnerabilities, and using the selected scripts to scan the asset. Known vulnerabilities and new vulnerabilities may be identified by accessing results of previous scans on the asset. The method may also include identifying a plurality of assets to scan in a network, identifying a plurality of sets of known vulnerabilities and a plurality of sets of new vulnerabilities in substantially all assets in the plurality of assets, and inserting checks for vulnerabilities included in a union of the plurality of sets of known vulnerabilities and the plurality of sets of new vulnerabilities into the selected scripts.

18 Citations

View as Search Results

18 Claims

1. A method comprising:
- identifying, using at least one data processing apparatus, a plurality of assets to scan in a network;
  
  identifying, using at least one data processing apparatus, a plurality of sets of known vulnerabilities in the plurality of assets, wherein identifying the plurality of sets of known vulnerabilities comprises identifying, for two or more of the plurality of assets, a respective set of known vulnerabilities previously detected as being present on the asset;
  
  identifying, using at least one data processing apparatus, a plurality of sets of new vulnerabilities in the plurality of assets, wherein identifying the plurality of sets of new vulnerabilities comprises identifying, for two or more of the plurality of assets, a respective set of new vulnerabilities for which the asset has not yet been scanned;
  
  selecting, using at least one data processing apparatus, a set of scripts comprising checks for particular vulnerabilities included in a union of the plurality of sets of known vulnerabilities and the plurality of sets of new vulnerabilities; and
  
  using the selected scripts to scan the plurality of assets for vulnerabilities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein vulnerabilities that have been previously tested and known not to exist in the asset are not included in the selected scripts.
  - 3. The method of claim 1, wherein identifying the set of known vulnerabilities comprises:
    - accessing results of previous scans on the asset, wherein the results indicate the known vulnerabilities.
  - 4. The method of claim 1, wherein identifying the set of new vulnerabilities comprises:
    - accessing results of previous scans on the asset, wherein the results indicate a set of scanned vulnerabilities; and
      
      determining vulnerabilities included in a universal set of vulnerabilities in a computer system that are not in the set of scanned vulnerabilities.
  - 5. The method of claim 1, further comprising:
    - storing results of the scan in a results database.
  - 6. The method of claim 1, further comprising:
    - using the selected scripts to scan substantially all assets in the plurality of assets.
  - 7. The method of claim 1, wherein the plurality of assets is identified by a range of Internet Protocol (IP) addresses.
  - 8. The method of claim 1, wherein each vulnerability comprises a respective asset attribute that potentially enables at least one of a security breach and a policy violation.

9. An apparatus comprising:
- a memory element configured to store data; and
  
  a processor operable to execute instructions associated with the data, wherein the apparatus is configured for;
  
  identifying a plurality of assets to scan in a network;
  
  identifying a plurality of sets of known vulnerabilities in the plurality of assets, wherein identifying the plurality of sets of known vulnerabilities comprises identifying, for two or more of the plurality of assets, a respective set of known vulnerabilities previously detected as being present on the asset;
  
  identifying a plurality of sets of new vulnerabilities in the plurality of assets, wherein identifying the plurality of sets of new vulnerabilities comprises identifying, for two or more of the plurality of assets, a respective set of new vulnerabilities for which the asset has not yet been scanned;
  
  selecting a set of scripts comprising checks for particular vulnerabilities included in a union of the plurality of sets of known vulnerabilities and the plurality of sets of new vulnerabilities; and
  
  using the selected scripts to scan the plurality of assets.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The apparatus of claim 9, wherein identifying the set of known vulnerabilities comprises:
    - accessing results of previous scans on the asset, wherein the results indicate the known vulnerabilities.
  - 11. The apparatus of claim 9, wherein identifying the set of new vulnerabilities comprises:
    - accessing results of previous scans on the asset, wherein the results indicate a set of scanned vulnerabilities; and
      
      determining vulnerabilities included in a universal set of vulnerabilities in a computer system that are not in the set of scanned vulnerabilities.
  - 12. The apparatus of claim 9, wherein the apparatus is further configured for:
    - storing results of the scan in a results database.
  - 13. The apparatus of claim 9, further comprising:
    - using the selected scripts to scan substantially all assets in the plurality of assets.

14. At least one non-transitory, machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a plurality of assets to scan in a network;
  
  identify a plurality of sets of known vulnerabilities in the plurality of assets, wherein the instructions when executed, cause the machine to identify, for two or more of the plurality of assets, a respective set of known vulnerabilities previously detected as being present on an asset;
  
  identify a plurality of sets of new vulnerabilities in the plurality of assets, wherein the instructions when executed, cause the machine to identify, for two or more of the plurality of assets, a respective set of new vulnerabilities for which the asset has not yet been scanned;
  
  select a set of scripts comprising checks for vulnerabilities included in a union of the plurality of sets of known vulnerabilities and the plurality of sets of new vulnerabilities; and
  
  use the selected scripts to scan the plurality of assets.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The storage medium of claim 14, wherein identifying the set of known vulnerabilities comprises:
    - accessing results of previous scans on the asset, wherein the results indicate the known vulnerabilities.
  - 16. The storage medium of claim 14, wherein identifying the set of new vulnerabilities comprises:
    - accessing results of previous scans on the asset, wherein the results indicate a set of scanned vulnerabilities; and
      
      determining vulnerabilities included in a universal set of vulnerabilities in a computer system that are not in the set of scanned vulnerabilities.
  - 17. The storage medium of claim 14, wherein the instructions, when executed, further cause the machine to:
    - store results of the scan in a results database.
  - 18. The storage medium of claim 14, wherein the instructions, when executed, further cause the machine to:
    - use the selected scripts to scan substantially all assets in the plurality of assets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Russell, Braden, Mallabarapu, Charles, Hugard, James M. IV
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/336,891
Publication Number

US 20130167238A1
Time in Patent Office

942 Days
Field of Search

726/22, 726/23, 726/24, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

System and method for scanning for computer vulnerabilities in a network environment

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for scanning for computer vulnerabilities in a network environment

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links