WO2005114464A3 - System and method for providing remediation management - Google Patents

System and method for providing remediation management Download PDF

Info

Publication number
WO2005114464A3
WO2005114464A3 PCT/US2005/017915 US2005017915W WO2005114464A3 WO 2005114464 A3 WO2005114464 A3 WO 2005114464A3 US 2005017915 W US2005017915 W US 2005017915W WO 2005114464 A3 WO2005114464 A3 WO 2005114464A3
Authority
WO
WIPO (PCT)
Prior art keywords
asset
vulnerabilities
content
remediation management
identified
Prior art date
Application number
PCT/US2005/017915
Other languages
French (fr)
Other versions
WO2005114464A2 (en
Inventor
Darci O'brien
John Giubileo
David C Rankin
Original Assignee
Computer Ass Think Inc
Darci O'brien
John Giubileo
David C Rankin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Computer Ass Think Inc, Darci O'brien, John Giubileo, David C Rankin filed Critical Computer Ass Think Inc
Priority to EP05753172A priority Critical patent/EP1784741A4/en
Publication of WO2005114464A2 publication Critical patent/WO2005114464A2/en
Publication of WO2005114464A3 publication Critical patent/WO2005114464A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management

Abstract

In one embodiment, software (122,124) for remediation management is operable to automatically identify an asset 106 in an enterprise network 102. One or more vulnerabilities of the identified asset 106 is automatically identified based on comparing the identified asset 106 to content 212 associated with the one or more vulnerabilities. At least a portion of the content 212 is collected from a plurality of third party content providers 204. Other example software (122,124) for remediation management may be operable to identify one or more vulnerabilities of an asset 106 based on comparing the asset 106 to content 212 associated with the one or more vulnerabilities and automatically generate remediations for the asset 106 based on the content 212 associated with the one or more vulnerabilities.
PCT/US2005/017915 2004-05-21 2005-05-23 System and method for providing remediation management WO2005114464A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05753172A EP1784741A4 (en) 2004-05-21 2005-05-23 System and method for providing remediation management

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US57305604P 2004-05-21 2004-05-21
US60/573,056 2004-05-21
US11/133,958 2005-05-20
US11/133,958 US7698275B2 (en) 2004-05-21 2005-05-20 System and method for providing remediation management

Publications (2)

Publication Number Publication Date
WO2005114464A2 WO2005114464A2 (en) 2005-12-01
WO2005114464A3 true WO2005114464A3 (en) 2008-04-10

Family

ID=35429045

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/017915 WO2005114464A2 (en) 2004-05-21 2005-05-23 System and method for providing remediation management

Country Status (3)

Country Link
US (2) US7698275B2 (en)
EP (1) EP1784741A4 (en)
WO (1) WO2005114464A2 (en)

Families Citing this family (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US9118710B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc System, method, and computer program product for reporting an occurrence in different manners
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US8266699B2 (en) * 2003-07-01 2012-09-11 SecurityProfiling Inc. Multiple-path remediation
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US9118711B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9350752B2 (en) 2003-07-01 2016-05-24 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US7698275B2 (en) * 2004-05-21 2010-04-13 Computer Associates Think, Inc. System and method for providing remediation management
US20060018478A1 (en) * 2004-07-23 2006-01-26 Diefenderfer Kristopher G Secure communication protocol
US7761920B2 (en) * 2004-09-03 2010-07-20 Fortinet, Inc. Data structure for policy-based remediation selection
US7774848B2 (en) * 2004-07-23 2010-08-10 Fortinet, Inc. Mapping remediation to plurality of vulnerabilities
US7665119B2 (en) 2004-09-03 2010-02-16 Secure Elements, Inc. Policy-based selection of remediation
US8171555B2 (en) * 2004-07-23 2012-05-01 Fortinet, Inc. Determining technology-appropriate remediation for vulnerability
US10043008B2 (en) * 2004-10-29 2018-08-07 Microsoft Technology Licensing, Llc Efficient white listing of user-modifiable files
US20060179484A1 (en) * 2005-02-09 2006-08-10 Scrimsher John P Remediating effects of an undesired application
US9418040B2 (en) * 2005-07-07 2016-08-16 Sciencelogic, Inc. Dynamically deployable self configuring distributed network management system
US8095984B2 (en) * 2005-09-22 2012-01-10 Alcatel Lucent Systems and methods of associating security vulnerabilities and assets
US8438643B2 (en) * 2005-09-22 2013-05-07 Alcatel Lucent Information system service-level security risk analysis
US8544098B2 (en) * 2005-09-22 2013-09-24 Alcatel Lucent Security vulnerability information aggregation
US20080109396A1 (en) * 2006-03-21 2008-05-08 Martin Kacin IT Automation Appliance And User Portal
US7752274B2 (en) * 2006-04-03 2010-07-06 International Business Machines Corporation Apparatus and method for filtering and selectively inspecting e-mail
US8132260B1 (en) * 2006-06-12 2012-03-06 Redseal Systems, Inc. Methods and apparatus for prioritization of remediation techniques for network security risks
US20080184131A1 (en) * 2007-01-31 2008-07-31 Solar Turbines Inc. Method for providing an asset criticality tool
US20080208957A1 (en) * 2007-02-28 2008-08-28 Microsoft Corporation Quarantine Over Remote Desktop Protocol
EP2148279A1 (en) * 2008-07-24 2010-01-27 Nagravision S.A. Method of updating data in memories using a memory management unit
US8166552B2 (en) * 2008-09-12 2012-04-24 Hytrust, Inc. Adaptive configuration management system
US9367680B2 (en) 2008-10-21 2016-06-14 Lookout, Inc. System and method for mobile communication device application advisement
US9781148B2 (en) 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US9235704B2 (en) * 2008-10-21 2016-01-12 Lookout, Inc. System and method for a scanning API
US8108933B2 (en) 2008-10-21 2012-01-31 Lookout, Inc. System and method for attack and malware prevention
US20100113005A1 (en) * 2008-10-31 2010-05-06 Symbol Technologies, Inc. Methods and apparatus for mobile units with local action and remediation
US8156388B2 (en) * 2008-11-24 2012-04-10 Symbol Technologies, Inc. Analysis leading to automatic action
US8549626B1 (en) * 2009-03-20 2013-10-01 Symantec Corporation Method and apparatus for securing a computer from malicious threats through generic remediation
US8336080B2 (en) * 2009-06-26 2012-12-18 Symbol Technologies, Inc. Methods and apparatus for rating device security and automatically assessing security compliance
US8719942B2 (en) * 2010-02-11 2014-05-06 Microsoft Corporation System and method for prioritizing computers based on anti-malware events
US9639068B2 (en) 2010-07-30 2017-05-02 Leviton Manufacturing Co., Inc. Distributed control system operation and configuration
WO2012015439A1 (en) * 2010-07-30 2012-02-02 Leviton Manufacturing Co., Inc. Distributed control system operation and configuration
US9747187B2 (en) * 2010-10-27 2017-08-29 International Business Machines Corporation Simulating black box test results using information from white box testing
US8479297B1 (en) * 2010-11-23 2013-07-02 Mcafee, Inc. Prioritizing network assets
US8590047B2 (en) * 2011-01-04 2013-11-19 Bank Of America Corporation System and method for management of vulnerability assessment
CN103297287B (en) * 2012-02-28 2016-10-19 北京百度网讯科技有限公司 The network equipment and rack position information detection method, system and platform of making an inventory
CN103312530B (en) * 2012-03-13 2017-02-01 百度在线网络技术(北京)有限公司 Method and system for correspondingly counting on-line server and rack position, and counting platform
CN103310290B (en) * 2012-03-13 2017-02-08 百度在线网络技术(北京)有限公司 Remote inventorying method and system for network equipment, and inventorying platform
CN103475501B (en) * 2012-06-07 2016-12-14 北京百度网讯科技有限公司 Rack position method for remote management, system and platform of making an inventory
CN104079423B (en) * 2013-03-29 2018-05-04 华为技术有限公司 A kind of method of network layout, the network equipment and network management center
CN103428034A (en) * 2013-08-23 2013-12-04 浪潮电子信息产业股份有限公司 Mounting position checking method for servers in batches
US9626176B2 (en) * 2013-09-13 2017-04-18 Microsoft Technology Licensing, Llc Update installer with technical impact analysis
US9483281B2 (en) * 2013-09-16 2016-11-01 VCE IP Holding Company LLC Methods, systems, and computer readable mediums for updating components in a converged infrastructure system
US9632922B2 (en) 2014-02-28 2017-04-25 International Business Machines Corporation Workload mapper for potential problem areas using modules and defect data
WO2016068974A1 (en) * 2014-10-31 2016-05-06 Hewlett Packard Enterprise Development Lp System and method for vulnerability remediation verification
US10275604B2 (en) 2014-10-31 2019-04-30 Hewlett Packard Enterprise Development Lp Security record transfer in a computing system
CN104486432B (en) * 2014-12-19 2018-11-02 北京百度网讯科技有限公司 A kind of server assets information method for automatically inputting and device
WO2016108902A1 (en) 2014-12-31 2016-07-07 Hewlett Packard Enterprise Development Lp Enterprise service bus logging
CN104754044B (en) * 2015-03-20 2018-01-05 国家计算机网络与信息安全管理中心 For the method and apparatus for the public network service for auditing Web server
US9729572B1 (en) * 2015-03-31 2017-08-08 Juniper Networks, Inc. Remote remediation of malicious files
US10361936B2 (en) 2015-08-19 2019-07-23 Google Llc Filtering content based on user mobile network and data-plan
US20170230419A1 (en) 2016-02-08 2017-08-10 Hytrust, Inc. Harmonized governance system for heterogeneous agile information technology environments
US20180068241A1 (en) * 2016-09-07 2018-03-08 Wipro Limited Methods and systems for integrated risk management in enterprise environments
US10402570B2 (en) * 2017-03-08 2019-09-03 Wipro Limited Method and device for software risk management within information technology (IT) infrastructure
US11093617B2 (en) * 2017-10-04 2021-08-17 Servicenow, Inc. Automated vulnerability grouping
US10862915B2 (en) * 2018-02-06 2020-12-08 Bank Of America Corporation Exception remediation logic routing and suppression platform
US11265340B2 (en) 2018-02-06 2022-03-01 Bank Of America Corporation Exception remediation acceptable use logic platform
US11089042B2 (en) 2018-02-06 2021-08-10 Bank Of America Corporation Vulnerability consequence triggering system for application freeze and removal
US10812502B2 (en) 2018-02-06 2020-10-20 Bank Of America Corporation Network device owner identification and communication triggering system
US10819731B2 (en) 2018-02-06 2020-10-27 Bank Of America Corporation Exception remediation logic rolling platform
US11416825B2 (en) 2019-11-01 2022-08-16 Microsoft Technology Licensing, Llc Managed rooms backbone
US20210405992A1 (en) * 2020-06-30 2021-12-30 Microsoft Technology Licensing, Llc Managed Rooms Operational Maintenance
US11516094B2 (en) 2020-12-03 2022-11-29 International Business Machines Corporation Service remediation plan generation
US11757904B2 (en) 2021-01-15 2023-09-12 Bank Of America Corporation Artificial intelligence reverse vendor collation
US11895128B2 (en) 2021-01-15 2024-02-06 Bank Of America Corporation Artificial intelligence vulnerability collation
US11683335B2 (en) 2021-01-15 2023-06-20 Bank Of America Corporation Artificial intelligence vendor similarity collation
US11314585B1 (en) * 2021-03-31 2022-04-26 Dell Products L.P. System for generating enterprise remediation documentation
US11431557B1 (en) 2021-04-13 2022-08-30 Dell Products L.P. System for enterprise event analysis
US11736442B2 (en) * 2021-04-14 2023-08-22 Blackberry Limited Handling security events based on remediation actions and recovery actions
US11606246B2 (en) 2021-04-28 2023-03-14 Dell Products L.P. System for enterprise alert timeline of a system and service

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030233438A1 (en) * 2002-06-18 2003-12-18 Robin Hutchinson Methods and systems for managing assets

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09214493A (en) * 1996-02-08 1997-08-15 Hitachi Ltd Network system
US6279113B1 (en) * 1998-03-16 2001-08-21 Internet Tools, Inc. Dynamic signature inspection-based network intrusion detection
US6298445B1 (en) * 1998-04-30 2001-10-02 Netect, Ltd. Computer security
WO1999066383A2 (en) * 1998-06-15 1999-12-23 Dmw Worldwide, Inc. Method and apparatus for assessing the security of a computer system
US6324656B1 (en) * 1998-06-30 2001-11-27 Cisco Technology, Inc. System and method for rules-driven multi-phase network vulnerability assessment
US6775657B1 (en) * 1999-12-22 2004-08-10 Cisco Technology, Inc. Multilayered intrusion detection system and method
US20020055912A1 (en) * 2000-10-20 2002-05-09 Byron Buck Network and method for facilitating on-line privacy
US20020097419A1 (en) * 2001-01-19 2002-07-25 Chang William Ho Information apparatus for universal data output
US7168093B2 (en) * 2001-01-25 2007-01-23 Solutionary, Inc. Method and apparatus for verifying the integrity and security of computer networks and implementation of counter measures
US7263597B2 (en) * 2001-04-19 2007-08-28 Ciena Corporation Network device including dedicated resources control plane
US6873988B2 (en) * 2001-07-06 2005-03-29 Check Point Software Technologies, Inc. System and methods providing anti-virus cooperative enforcement
US7317699B2 (en) * 2001-10-26 2008-01-08 Research In Motion Limited System and method for controlling configuration settings for mobile communication devices and services
US20030135749A1 (en) * 2001-10-31 2003-07-17 Gales George S. System and method of defining the security vulnerabilities of a computer system
US7159036B2 (en) * 2001-12-10 2007-01-02 Mcafee, Inc. Updating data from a source computer to groups of destination computers
MXPA04006473A (en) * 2001-12-31 2004-10-04 Citadel Security Software Inc Automated computer vulnerability resolution system.
AU2003260071A1 (en) * 2002-08-27 2004-03-19 Td Security, Inc., Dba Trust Digital, Llc Enterprise-wide security system for computer devices
US20040064726A1 (en) * 2002-09-30 2004-04-01 Mario Girouard Vulnerability management and tracking system (VMTS)
US8091117B2 (en) * 2003-02-14 2012-01-03 Preventsys, Inc. System and method for interfacing with heterogeneous network data gathering tools
US20070113265A2 (en) * 2003-07-01 2007-05-17 Securityprofiling, Inc. Automated staged patch and policy management
US20050022021A1 (en) * 2003-07-22 2005-01-27 Bardsley Jeffrey S. Systems, methods and data structures for generating computer-actionable computer security threat management information
US7698275B2 (en) * 2004-05-21 2010-04-13 Computer Associates Think, Inc. System and method for providing remediation management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030233438A1 (en) * 2002-06-18 2003-12-18 Robin Hutchinson Methods and systems for managing assets

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
FUNG ET AL.: "Electronic information security documentation", CONFERENCES IN RESEARCH AND PRACTICE IN INFORMATION TECHNOLOGY SERIES, PROCEEDINGS OF THE AUSTRALIAN INFORMATION SECURITY WORKSHOP CONFERENCE ON ACSW FRONTIERS, vol. 21, 2003, pages 25 - 31, XP008116179 *

Also Published As

Publication number Publication date
WO2005114464A2 (en) 2005-12-01
US7698275B2 (en) 2010-04-13
EP1784741A4 (en) 2009-04-22
US20100100965A1 (en) 2010-04-22
US20060010497A1 (en) 2006-01-12
EP1784741A2 (en) 2007-05-16

Similar Documents

Publication Publication Date Title
WO2005114464A3 (en) System and method for providing remediation management
WO2007019169A3 (en) Method and system for workflow management of electronic documents
MXPA05007150A (en) Policy engine and methods and systems for protecting data.
WO2002037210A3 (en) Processing content for electronic distribution using a digital rights management system
WO2006044858A3 (en) System and method for analyzing analyst recommendations on a single stock basis
WO2006044135A3 (en) Enterprise assessment management
WO2006047205A3 (en) Method and apparatus for associating messages with data elements
WO2004070564A3 (en) System and method for money management in electronic trading environment
WO2004086185A3 (en) Rules-based deployment of computing components
WO2004010258A3 (en) System and method for validating security access across a network layer and a local file layer
WO2001093534A3 (en) Selective routing
WO2004031898A3 (en) Vulnerability management and tracking system (vmts)
WO2007016478A3 (en) Network security systems and methods
WO2005070087A3 (en) Event-driven queuing system and method
WO2006014504A3 (en) Self configuring network management system
WO2008024501A3 (en) System and method for mobile device application management
WO2007129144A3 (en) High level network layer system and method
WO2007044512A3 (en) Service and messaging infrastructure to support creation of distributed, peer to peer applications with a service oriented architecture
WO2009067712A3 (en) Issue-oriented service management and method of operation thereof
ATE389214T1 (en) TECHNIQUE FOR REGISTERING AN ENTITY WITH A RIGHTS ISSUER SYSTEM
WO2006028683A3 (en) System and method for policy enforcement in structured electronic messages and token state monitoring
AU2003224572A1 (en) Monitoring of digital content provided from a content provider over a network
EP1182557A3 (en) Performance of a service on a computing platform
WO2005001599A3 (en) Digital content acquisition and distribution in digital rights management enabled communications devices and methods
WO2008148130A3 (en) Distributed system for monitoring information events

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWE Wipo information: entry into national phase

Ref document number: 2005753172

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005753172

Country of ref document: EP