公开(公告)号：US20230214495A1

公开(公告)日：2023-07-06

申请号：US17567925

申请日：2022-01-04

申请人： International Business Machines Corporation

发明人： Johnny Al Shaieb ,  Michael Redford ,  Jason A. Nikolai ,  Jason Bornheimer ,  Steven Ocepek ,  Robert Maier ,  Christopher Bedell ,  Seth Grey Glasgow

IPC分类号： G06F21/57

CPC分类号： G06F21/577 ,  G06F2221/034

摘要： A computer-implemented method for prioritizing exclusion renewal records is disclosed. The computer-implemented method includes determining vulnerability factors associated with a vulnerability exclusion record. The computer-implemented method further includes generating a vulnerability factor score for each vulnerability factor associated with the vulnerability exclusion record based, at least in part, on a level of risk associated with the vulnerability factor. The computer-implemented method further includes generating a vulnerability score for the vulnerability exclusion record based, at least in part, on the vulnerability factor score for each vulnerability factor. The computer-implemented method further includes updating a previous vulnerability score of the vulnerability exclusion record.

公开(公告)号：US11048803B2

公开(公告)日：2021-06-29

申请号：US16406493

申请日：2019-05-08

申请人： International Business Machines Corporation

发明人： Jason A. Nikolai ,  Steven Ocepek ,  Johnny Al Shaieb

IPC分类号： G06F21/57 ,  G06F8/61

摘要： A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.

公开(公告)号：US20240114046A1

公开(公告)日：2024-04-04

申请号：US17937854

申请日：2022-10-04

申请人： International Business Machines Corporation

发明人： Constantin Mircea Adam ,  Muhammed Fatih Bulut ,  Steven Ocepek

IPC分类号： H04L9/40

CPC分类号： H04L63/1433

摘要： One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.

公开(公告)号：US11924239B2

公开(公告)日：2024-03-05

申请号：US17078455

申请日：2020-10-23

申请人： International Business Machines Corporation

发明人： Lilian Mathias Ngweta ,  Steven Ocepek ,  Constantin Mircea Adam ,  Sai Zeng ,  Muhammed Fatih Bulut ,  Milton H. Hernandez

IPC分类号： H04L9/40 ,  G06N20/00

CPC分类号： H04L63/1433 ,  G06N20/00 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/1466

摘要： Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.

公开(公告)号：US11057418B2

公开(公告)日：2021-07-06

申请号：US16160328

申请日：2018-10-15

申请人： International Business Machines Corporation

发明人： Steven Ocepek ,  Nevenko Zunic ,  Tamer Aboualy ,  Johnny A. Shaieb

IPC分类号： H04L29/06

摘要： Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.

公开(公告)号：US12032702B2

公开(公告)日：2024-07-09

申请号：US17078563

申请日：2020-10-23

申请人： International Business Machines Corporation

发明人： Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Robert Filepp ,  Sai Zeng ,  Steven Ocepek ,  Srinivas Babu Tummalapenta ,  Daniel S. Riley

IPC分类号： G06F21/57 ,  G06N20/00 ,  G06Q10/0635 ,  G06Q10/0637 ,  G06Q10/0639 ,  G06Q10/10 ,  G06Q40/02 ,  G06Q40/04

CPC分类号： G06F21/577 ,  G06N20/00 ,  G06F2221/034 ,  G06Q10/0635 ,  G06Q10/0637 ,  G06Q10/06393 ,  G06Q10/10 ,  G06Q40/02 ,  G06Q40/04

摘要： Systems and techniques that facilitate automated health-check risk assessment of computing assets are provided that can generate a baseline health-check risk score that corresponds to non-compliance of a computing asset with a stipulated control, and can adjust the baseline health-check risk score based on a weakness factor of the stipulated control, an environmental factor of the computing asset, a criticality factor of the computing asset, and a maturity factor of the computing asset.

公开(公告)号：US20230177169A1

公开(公告)日：2023-06-08

申请号：US17643205

申请日：2021-12-08

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Muhammed Fatih Bulut ,  Abdulhamid Adebowale Adebayo ,  Lilian Mathias Ngweta ,  Ting Dai ,  Constantin Mircea Adam ,  Daby Mousse Sow ,  Steven Ocepek

IPC分类号： G06F21/57 ,  G06F21/56 ,  G06N5/04

CPC分类号： G06F21/577 ,  G06F21/566 ,  G06N5/04 ,  G06F2221/034

摘要： An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.

公开(公告)号：US11621975B2

公开(公告)日：2023-04-04

申请号：US17302211

申请日：2021-04-27

申请人： International Business Machines Corporation

发明人： Steven Ocepek ,  Nevenko Zunic ,  Tamer Aboualy ,  Johnny A. Shaieb

IPC分类号： H04L29/06 ,  H04L9/40

摘要： Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.

公开(公告)号：US20220129560A1

公开(公告)日：2022-04-28

申请号：US17078563

申请日：2020-10-23

申请人： International Business Machines Corporation

发明人： Muhammed Fatih Bulut ,  Milton H. Hernandez ,  Robert Filepp ,  Sai Zeng ,  Steven Ocepek ,  Srinivas Babu Tummalapenta ,  Daniel S. Riley

IPC分类号： G06F21/57 ,  G06N20/00

摘要： Systems and techniques that facilitate automated health-check risk assessment of computing assets are provided. In various embodiments, a system can comprise a baseline component that can generate a baseline health-check risk score that corresponds to non-compliance of a computing asset with a stipulated control. In various aspects, the system can further comprise an adjustment component that can adjust the baseline health-check risk score based on a weakness factor of the stipulated control. In some cases, the weakness factor can be based on a magnitude by which a state of the computing asset deviates from the stipulated control. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on an environmental factor of the computing asset. In various cases, the environmental factor can be based on security mechanisms or security protocols associated with the computing asset. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on a criticality factor. In some instances, the critical factor can be based on a level of importance of the computing asset. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on a maturity factor. In some aspects, the maturity factor can be based on a difference between the stipulated control and a recommended control.

公开(公告)号：US12058161B2

公开(公告)日：2024-08-06

申请号：US16802644

申请日：2020-02-27

申请人： International Business Machines Corporation

发明人： Johnny Al Shaieb ,  Jason A. Nikolai ,  Michael Redford ,  Steven Ocepek ,  Jason Bornheimer ,  Robert Maier

IPC分类号： H04L9/40 ,  G06F8/65

CPC分类号： H04L63/1433 ,  G06F8/65

摘要： The subject matter herein provides an automated system and method for software patch management that ranks patches at least in part according to a score indicative of a complexity (e.g., cost) of remediating a vulnerability. This score is sometimes referred to herein as a vulnerability remediation complexity (VRC) score. A VRC score provides an objective measure by which an organization can determine which patches are most likely to be successfully applied, thus enabling implementation of a patching strategy that preferentially applies most critical, but less impact (in terms of remediation cost) patches first to remediate as must risk as possible as quickly as possible. Thus, for example, the approach herein enables the patching to focus on vulnerabilities of highest severity and small remediation cost over those, for example, representing lower severity and higher remediation cost.