| 发明名称 |
ORDERED COMPUTER VULNERABILITY REMEDIATION REPORTING |
| 摘要 |
Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities. |
| 申请公布号 |
US2016072835(A1) |
申请公布日期 |
2016.03.10 |
| 申请号 |
US201514941927 |
申请日期 |
2015.11.16 |
| 申请人 |
Risk I/O, Inc. |
发明人 |
Roytman Michael;Bellis Edward T.;Heuer Jeffrey |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
determining a first plurality of vulnerabilities of a first computing asset; generating a first risk score for the first computing asset based on the first plurality of vulnerabilities and on one or more contextual factors that a number of available exploits for each vulnerability of the first plurality of vulnerabilities, wherein the number of available exploits includes a first number of available exploits for a first vulnerability and a second number of available exploits for a second vulnerability, wherein the first number of available exploits is different than the second number of available exploits; wherein the method is performed by one or more computing devices. |
| 地址 |
Chicago IL US |
