What technology area does this patent fall under?

Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Oct 29 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Method and apparatus for reducing security risk in a networked computer system architecture

US10462176B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10462176-B2
Application number	US-201815939645-A
Country	US
Kind code	B2
Filing date	Mar 29, 2018
Priority date	Apr 12, 2016
Publication date	Oct 29, 2019
Grant date	Oct 29, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An apparatus and associated method are provided for reducing a security risk in a networked computer system architecture. The method comprises receiving at a security computer external vulnerability data from an external source regarding vulnerabilities associated with an attack vector for configuration item (CI) data related to a (CI) device, of the networked computer system. The security computer accesses a configuration management database (CMDB) and the CI data related to the physical device is read. Trust zone data associated with the CI device is determined utilizing the CMDB, and the security computer performs a vulnerability calculation for the CI device utilizing the external vulnerability data and associated trust zone data. This is also done for a second CI device. The vulnerability calculations for both are compared and this comparison serves as a basis for prioritizing an action to be taken on the CI device or associated other network components.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving, at a computing system monitoring a network, vulnerability data from an external source; identifying, by the computing system using configuration item data stored in a configuration management database (CMDB) and the vulnerability data, configuration items in the network impacted by a vulnerability; identifying, using the CMDB, a network topology based upon relationships between the identified configuration items and one or more perimeter defense components, a physical location of the configuration items, or both; calculating, by the computing system, an original risk for each configuration item in the network impacted by the vulnerability based on the configuration item data stored in the CMDB and the vulnerability data; calculating, by the computing system, a context dependent risk for each configuration item in the network impacted by the vulnerability based on the original risk, the network topology, the one or more perimeter defense components, and the configuration item data stored in the CMDB; and initiating, by the computing system, a remediation process for the identified configuration items based on the calculated context dependent risks. 2. The method of claim 1 , wherein the network topology represents trust zone data for configuration items in the network. 3. The method of claim 2 , wherein the trust zone data indicates a delineation of a given configuration based on risk in light of attack vectors. 4. The method of claim 2 , wherein the trust zone data further includes data representing routers and other perimeter defense components in the network. 5. The method of claim 2 , wherein the trust zone data is defined by other network components associated with a given configuration item. 6. The method of claim 1 , wherein receiving vulnerability data from the external source comprises: receiving vulnerability data that includes National Institute of Standards and Technology National Vulnerability Database data. 7. The method of claim 1 , wherein calculating the context dependent risk for each configuration item of the identified configuration items based on network topology and the configuration item data stored in the CMDB comprises: calculating the context dependent risk for a given configuration item based on a user of the given configuration item. 8. The method of claim 1 , wherein calculating the context dependent risk for each configuration item of the identified configuration items based on network topology and the configuration item data stored in the CMDB comprises: calculating the context dependent risk for a given configuration item based on access to the physical location of the given configuration item. 9. The method of claim 1 , wherein calculating the context dependent risk for each configuration item of the identified configuration items based on network topology and the configuration item data stored in the CMDB comprises: calculating the context dependent risk for a given configuration item based on connections between the given configuration item and other configuration items in the network. 10. A system, comprising: a processor; a non-transitory memory, configured to store instructions, that when executed by the processor, cause the system to perform functions comprising: receiving vulnerability data from an external source; identifying, using configuration item data stored in a configuration management database (CMDB) and the vulnerability data, configuration items in a network impacted by a vulnerability; identifying, using the CMDB, a network topology based upon relationships between the identified configuration items and one or more perimeter defense components, a physical location of the configuration items, or both; calculating an original risk for each configuration item in the network impacted by the vulnerability based on the configuration item data stored in the CMDB and the vulnerability data; calculating a context dependent risk for each configuration item in the network impacted by the vulnerability based on the original risk, the network topology, the one or more perimeter defense components, and the configuration item data stored in the CMDB; and initiating a remediation process for the identified configuration items based on the calculated context dependent risks. 11. The system of claim 10 , wherein the network topology represents trust zone data for configuration items in the network. 12. The system of claim 11 , wherein the trust zone data indicates a delineation of a given configuration based on risk in light of attack vectors. 13. The system of claim 11 , wherein the trust zone data further includes data representing routers and other perimeter defense components in the network. 14. The system of claim 11 , wherein the trust zone data is defined by other network components associated with a given configuration item. 15. The system of claim 10 , wherein calculating the context dependent risk for each configuration item of the identified configuration items based on network topology and the configuration item data stored in the CMDB comprises: calculating the context dependent risk for a given configuration item based on data contained within a security incident record. 16. The system of claim 10 , wherein calculating the context dependent risk for each configuration item of the identified configuration items based on network topology and the configuration item data stored in the CMDB comprises: calculating the context dependent risk for a given configuration item based on access to the physical location of the given configuration item. 17. The system of claim 10 , wherein the functions further comprise: storing the context dependent risk and an inherent risk for a given configuration item in memory, wherein the inherent risk for the given configuration item is indicated in the vulnerability data from the external source. 18. A non-transitory computer-readable storage medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations comprising: receiving vulnerability data from an external source; identifying, using configuration item data stored in a configuration management database (CMDB) and the vulnerability data, configuration items in a network impacted by a vulnerability; identifying, using the CMDB, a network topology based upon relationships between the identified configuration items and one or more perimeter defense components, a physical location of the configuration items, or both; calculating an original risk for each configuration item in the network impacted by the vulnerability based on the configuration item data stored in the CMDB and the vulnerability data; calculating a context dependent risk for each configuration item in the network impacted by the vulnerability based on the original risk, the network topology, the one or more perimeter defense components, and the configuration item data stored in the CMDB; and initiating a remediation process for the identified configuration items based on the calculated context dependent risks. 19. The non-transitory computer-readable storage medium of claim 18 , wherein the network topology represents trust zone data for configuration items in the network. 20. The non-transitory computer-readable storage medium of claim 19 , wherein the trust zone data indicates a delineation of a given configuration based on risk in light of attack vectors.

Assignees

Servicenow Inc

Inventors

Classifications

G06F21/577
Assessing vulnerabilities and evaluating computer system security · CPC title
H04L63/1433Primary
Vulnerability analysis · CPC title
H04L63/1441
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title

Patent family

Related publications grouped by family.

View patent family 58645402

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10462176B2 cover?: An apparatus and associated method are provided for reducing a security risk in a networked computer system architecture. The method comprises receiving at a security computer external vulnerability data from an external source regarding vulnerabilities associated with an attack vector for configuration item (CI) data related to a (CI) device, of the networked computer system. The security comp…
Who is the assignee on this patent?: Servicenow Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Oct 29 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).