Patent · US Active

Prioritizing network security vulnerabilities using accessibility

US8918883B1 · kind B1 · utility

54Cited by

1References

21Claims

0Family size

Assignee

TRIPWIRE, INC. · US

Inventors

Joe Boyle · Portland, US
Mark Wittenberg · Anaheim, US
Yves Perrenoud · San Francisco, US
Timothy D. Keanini · Novato, US

Key dates

Filing date	Jun 14, 2006
Grant date	Dec 23, 2014
Priority date	—
Expiry date	Aug 2, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2149
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

An enterprise network includes hosts running services. Some of the services have security vulnerabilities. There are one or more threat zones associated with the network. For example, a firewall may create two threat zones, one internal to the firewall and one external to it. A device profiler in the first threat zone profiles the hosts on the network and identifies the vulnerabilities that are present. A device profiler in the second threat zone determines which of the identified vulnerabilities are accessible from its zone. A risk module calculates the risk associated with a vulnerability based on the vulnerability's severity, threat level metrics for the threat zones, and an asset value of the host with the vulnerability. A reporting module prioritizes the vulnerabilities based on their risks.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.