Machine learned model for generating opinionated threat assessments of security vulnerabilities
US-2024411898-A1 · Dec 12, 2024 · US
Dynamic risk management
US9824221B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9824221-B2 |
| Application number | US-201314081095-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 15, 2013 |
| Priority date | Feb 6, 2007 |
| Publication date | Nov 21, 2017 |
| Grant date | Nov 21, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method performed on a computing device that includes a network access protection (“NAP”) agent, the method comprising: determining, by the computing device based on communication over a network between the NAP and a NAP server, whether a level of risk associated with the computing device crosses a threshold; and initiating, by the NAP agent based at least on determining that the level of risk crosses the threshold, a machine-controlled risk-alleviation action that alleviates one or more risks considered in the determining that the level of risk crosses the threshold. 2. The method of claim i where the level of risk corresponds to a reputation of software on the computing device. 3. The method of claim 1 where the determining is further based on an assessment that comprises monitoring components of the computing device. 4. The method of claim 3 where the determining is further in response risk factors identified by the assessment. 5. The method of claim 4 where the assessment identifies risk factors indicated by a host security profile of the computing device. 6. The method of claim 4 where the assessment identifies risk factors indicated by a network security profile of the computing device. 7. The method of claim 4 where the assessment identifies risk factors indicated by a software risk profile of the computing device. 8. At least one computer storage medium storing computer-readable instructions that, based on execution by a computing device that includes a network access protection (“NAP”) agent, configure the computing device to: determine, based on communication over a network between the NAP and a NAP server, whether a level of risk associated with the computing device crosses a threshold; and initiate, by the NAP agent based at least on determining that the level of risk crosses the threshold, a machine-controlled risk-alleviation action that alleviates one or more risks considered in the determining that the level of risk crosses the threshold. 9. The at least one computer storage medium of claim 8 where the level of risk is determined to cross the threshold in response to a change in a security state of the computing device. 10. The at least one computer storage medium of claim 9 where the level of risk is further determined to cross the threshold based on an assessment that comprises monitoring components of the computing device. 11. The at least one computer storage medium of claim 10 where the level of risk is further determined to cross the threshold in response to risk factors identified by the assessment. 12. The at least one computer storage medium of claim 11 where the assessment identifies risk factors indicated by a host security profile of the computing device. 13. The at least one computer storage medium of claim 11 where the assessment identifies risk factors indicated by a network security profile of the computing device. 14. The at least one computer storage medium of claim 11 where the assessment identifies risk factors indicated by a software risk profile of the computing device. 15. A system comprising: a network access protection (“NAP”) agent; and a computing device configured according to computer-executable instructions to: determine, based on communication over a network between the NAP and a NAP server, whether a level of risk associated with the computing device crosses a threshold; and initiate, by the NAP agent based at least on determining that the level of risk crosses the threshold, a machine-controlled risk-alleviation action that alleviates one or more risks considered in the determining that the level of risk crosses the threshold. 16. The system of claim 15 where the level of risk is determined to cross the threshold in response to a change in a security state of the computing device. 17. The system of claim 16 where the level of risk is further determined to cross the threshold based on an assessment that comprises monitoring components of the computing device, or where the level of risk is further determined to cross the threshold in response to risk factors identified by the assessment. 18. The system of claim 17 where the assessment identifies risk factors indicated by a host security profile of the computing device, where the host security profile indicates a security framework on the computing device. 19. The system of claim 17 where the assessment identifies risk factors indicated by a network security profile of the computing device. 20. The system of claim 17 where the assessment identifies risk factors indicated by a software risk profile of the computing device.
Assignees
Inventors
Classifications
Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration · CPC title
Event detection, e.g. attack signature detection · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9824221B2 cover?
- A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is ind…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).