Prioritized remediation of information security vulnerabilities based on service model aware multi-dimensional security risk scoring
US-2020162497-A1 · May 21, 2020 · US
Cybersecurity vulnerability classification and remediation based on network utilization
US11277429B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11277429-B2 |
| Application number | US-201816196544-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 20, 2018 |
| Priority date | Nov 20, 2018 |
| Publication date | Mar 15, 2022 |
| Grant date | Mar 15, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A technology solution for remediating a cyberattack risk in a computing resource asset in a network system. The technology solution includes monitoring data traffic directed to the computing resource asset in the network system along with data traffic to one or more additional computing resource assets in the network system, generating network utilization data based on the monitored data traffic to the computing resource asset and the monitored data traffic to the one or more additional computing resource assets in the network system, receiving a common vulnerability score (CVSS) for a vulnerability in the computing resource asset, determining a network traffic adjustment (NTA) value for the common vulnerability score (CVSS) based on the network utilization data, adjusting the common vulnerability score (CVSS) by the network traffic adjustment (NTA) value to generate a prioritized common vulnerability score (PCVSS) for the computing resource asset, and remediating the computing resource asset to resolve the vulnerability based on the prioritized common vulnerability (PCVSS) score.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for remediating a cyberattack risk in a computing resource asset in a network system, the method comprising: monitoring data traffic directed to a computing resource asset in a network system along with data traffic to one or more additional computing resource assets in the network system; generating network utilization data based on the monitored data traffic to the computing resource asset and the monitored data traffic to the one or more additional computing resource assets in the network system; receiving a Common Vulnerability Scoring System score for a vulnerability in the computing resource asset; determining a network traffic adjustment value for the Common Vulnerability Scoring System score based on the network utilization data; calculating a sum of the Common Vulnerability Scoring System score and the network traffic adjustment value by numerically adding the network traffic adjustment value to the Common Vulnerability Scoring System score to generate a prioritized common vulnerability score for the computing resource asset; and remediating the computing resource asset to resolve the vulnerability based on the prioritized common vulnerability score, wherein the network traffic adjustment value comprises a 0.0, a 1.0, or a 2.0, wherein the data traffic is monitored based on a server log, wherein the network utilization data comprises a ranking threshold based on a predetermined percentile range of network traffic directed to the computing resource asset during a predetermined period of time, wherein the network utilization data is selected from an amount of traffic value and a pro rata traffic value, wherein the amount of traffic value represents an amount of data traffic passing through or received by the computing resource asset, and wherein the pro rata traffic value is associated with the computing resource asset. 2. The method in claim 1 , wherein the data traffic is monitored by a Security Information and Event Management system. 3. The method in claim 1 , wherein the Common Vulnerability Scoring System score comprises a base score. 4. The method in claim 3 , wherein the Common Vulnerability Scoring System score comprises at least one of a temporal score and an environment score that fine tunes the base score. 5. A non-transitory computer readable medium having stored thereon instructions for remediating a vulnerability in a computing resource asset in a network system comprising machine executable code which, when executed by at least one computing device, causes the at least one computing device to perform steps comprising: monitoring data traffic directed to a computing resource asset in a network system along with data traffic to one or more additional computing resource assets in the network system; generating network utilization data based on the monitored data traffic to the computing resource asset and the monitored data traffic to the one or more additional computing resource assets in the network system; receiving a Common Vulnerability Scoring System score for a vulnerability in the computing resource asset; determining a network traffic adjustment value for the Common Vulnerability Scoring System score based on the network utilization data; calculating a sum of the Common Vulnerability Scoring System score and the network traffic adjustment value by numerically adding the network traffic adjustment value to the Common Vulnerability Scoring System score to generate a prioritized common vulnerability score for the computing resource asset; and remediating the computing resource asset to resolve the vulnerability based on the prioritized common vulnerability score, wherein the network traffic adjustment value comprises a 0.0, a 1.0, or a 2.0, wherein the data traffic is monitored based on a server log, wherein the network utilization data comprises a ranking threshold, and based on a predetermined percentile range of network traffic directed to the computing resource asset during a predetermined period of time, wherein the network utilization data is selected from an amount of traffic value and a pro rata traffic value, wherein the amount of traffic value represents an amount of data traffic passing through or received by the computing resource asset, and wherein the pro rata traffic value is associated with the computing resource asset. 6. The non-transitory computer readable medium in claim 5 , wherein the network utilization data is based on traffic data received from a Security Information and Event Management system. 7. A cyberattack risk remediation system for remediating a vulnerability in a computing resource asset in a network, the system comprising: a network traffic adjustment unit that receives a Common Vulnerability Scoring System score for a vulnerability on a computing resource asset in a network, generates network utilization data for the computing resource asset based on data traffic to the computing resource asset compared to one or more other computing resource assets in the network, determines a network traffic adjustment value for the Common Vulnerability Scoring System score based on the network utilization data, and calculates a sum of the Common Vulnerability Scoring System score and the network traffic adjustment value by numerically adding the network traffic adjustment value to the Common Vulnerability Scoring System score to generate a prioritized common vulnerability score for the computing resource asset; and a client device that remediates the vulnerability, wherein the network traffic adjustment value comprises a 0.0, a 1.0, or a 2.0, wherein the data traffic is monitored based on a server log, wherein the network utilization data comprises a ranking threshold based on a predetermined percentile range of network traffic directed to the computing resource asset during a predetermined period of time, wherein the network utilization data is selected from an amount of traffic value and a pro rata traffic value, wherein the amount of traffic value represents an amount of data traffic passing through or received by the computing resource asset, and wherein the pro rata traffic value is associated with the computing resource asset.
Assignees
Inventors
Classifications
Threshold monitoring · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
related to network traffic · CPC title
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11277429B2 cover?
- A technology solution for remediating a cyberattack risk in a computing resource asset in a network system. The technology solution includes monitoring data traffic directed to the computing resource asset in the network system along with data traffic to one or more additional computing resource assets in the network system, generating network utilization data based on the monitored data traffi…
- Who is the assignee on this patent?
- Saudi Arabian Oil Co
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 15 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).