SG11201900752PA - Cybersecurity vulnerability management system and method - Google Patents

Cybersecurity vulnerability management system and method

Info

Publication number
SG11201900752PA
SG11201900752PA SG11201900752PA SG11201900752PA SG11201900752PA SG 11201900752P A SG11201900752P A SG 11201900752PA SG 11201900752P A SG11201900752P A SG 11201900752PA SG 11201900752P A SG11201900752P A SG 11201900752PA SG 11201900752P A SG11201900752P A SG 11201900752PA
Authority
SG
Singapore
Prior art keywords
international
score
road
engine
july
Prior art date
Application number
SG11201900752PA
Inventor
Bryan Inagaki
Martin Dawson
Andrew Dorset
Ramiro Murgueytio
David Robinson
Ajay Vachhani
Travis Washburn
Original Assignee
Jpmorgan Chase Bank Na
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jpmorgan Chase Bank Na filed Critical Jpmorgan Chase Bank Na
Publication of SG11201900752PA publication Critical patent/SG11201900752PA/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/04817Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Computing Systems (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

PrioritizationImplementation Engine Remediation Engine 150 Cybersecurity Vulnerability Management System 100 Score Calculators 120 Input Processing Engine 110 Score Integration Engine 130 N O cc O C (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 01 February 2018 (01.02.2018) W I PO I PCT omit VIII °nolo III oloilino 110 Immo oimIE (10) International Publication Number WO 2018/023074 Al (51) International Patent Classification: GOOF 11/00 (2006.01) (21) International Application Number: PCT/US2017/044521 (22) International Filing Date: 28 July 2017 (28.07.2017) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 62/368,230 29 July 2016 (29.07.2016) US 15/659,744 26 July 2017 (26.07.2017) US (71) Applicant: JPMORGAN CHASE BANK, N.A. [US/US]; 270 Park Avenue, New York, NY 10036 (US). (72) Inventors: INAGAKI, Bryan, S.; 233 Sunnyside Road, West Grove, PA 19390 (US). DAWSON, Martin; 28 Ross- lyn Road, Billericay, Essex CM12 9JN (GB). DORSET, Andrew; 22 Chapel Road, Poole, Dorset BH14 OJU (GB). MURGUEYTIO, Ramiro, R.; 9 Skylar Circle, Media, PA 19063 (US). ROBINSON, David, J.; 84 Countryside Drive, Summit, NJ 07901 (US). VACHHANI, Ajay, D.; 132 Marmora Road, Parsippany, NJ 07054 (US). WASH- BURN, Travis; 7156 Gardenview Court, Chestnut Hill Cove, MD 21226 (US). (74) Agent: OWENS, Kerry et al.; Goodwin Procter LLP, 901 New York Avenue, NW, Washington, DC 20001 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (54) Title: CYBERSECURITY VULNERABILITY MANAGEMENT SYSTEM AND METHOD FIG 2 (57) : A method and system are provided for managing cybersecurity vulnerabilities of resources within at least one network. The method includes collecting data including application risk rank and network location. The method further includes determining a vulnerability score for vulnerabilities of the resources and determining a severity score based on the application risk rank and network location. The method additionally includes integrating the vulnerability score and the severity score to create a two-dimensional risk ranking and prioritizing remediation of the vulnerabilities based on the two-dimensional risk ranking. [Continued on next page] WO 2018/023074 Al MUNRO DOI HONER I 0 10 1101 011110011HINVOIS (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Published: — with international search report (Art. 21(3))
SG11201900752PA 2016-07-29 2017-07-28 Cybersecurity vulnerability management system and method SG11201900752PA (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201662368230P 2016-07-29 2016-07-29
US15/659,744 US10372915B2 (en) 2016-07-29 2017-07-26 Cybersecurity vulnerability management systems and method
PCT/US2017/044521 WO2018023074A1 (en) 2016-07-29 2017-07-28 Cybersecurity vulnerability management system and method

Publications (1)

Publication Number Publication Date
SG11201900752PA true SG11201900752PA (en) 2019-02-27

Family

ID=61009719

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201900752PA SG11201900752PA (en) 2016-07-29 2017-07-28 Cybersecurity vulnerability management system and method

Country Status (5)

Country Link
US (3) US10372915B2 (en)
EP (1) EP3491524A4 (en)
CN (1) CN109690492B (en)
SG (1) SG11201900752PA (en)
WO (1) WO2018023074A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11163889B2 (en) 2019-06-14 2021-11-02 Bank Of America Corporation System and method for analyzing and remediating computer application vulnerabilities via multidimensional correlation and prioritization

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10372915B2 (en) * 2016-07-29 2019-08-06 Jpmorgan Chase Bank, N.A. Cybersecurity vulnerability management systems and method
US10956467B1 (en) * 2016-08-22 2021-03-23 Jpmorgan Chase Bank, N.A. Method and system for implementing a query tool for unstructured data files
US20180121658A1 (en) * 2016-10-27 2018-05-03 Gemini Cyber, Inc. Cyber risk assessment and management system and method
US10848515B1 (en) * 2016-12-02 2020-11-24 University Of South Florida Predictive model for overall network security risk
US10803186B2 (en) * 2017-12-12 2020-10-13 Fmr Llc Systems and methods for dynamic application management
US10771493B2 (en) 2018-09-18 2020-09-08 International Business Machines Corporation Cognitive security exposure analysis and resolution based on security trends
US11093618B2 (en) * 2018-10-23 2021-08-17 Jpmorgan Chase Bank, N.A. Systems and methods for using an application control prioritization index
US11741196B2 (en) 2018-11-15 2023-08-29 The Research Foundation For The State University Of New York Detecting and preventing exploits of software vulnerability using instruction tags
US11277429B2 (en) * 2018-11-20 2022-03-15 Saudi Arabian Oil Company Cybersecurity vulnerability classification and remediation based on network utilization
US11477226B2 (en) * 2019-04-24 2022-10-18 Saudi Arabian Oil Company Online system identification for data reliability enhancement
US11368470B2 (en) * 2019-06-13 2022-06-21 International Business Machines Corporation Real-time alert reasoning and priority-based campaign discovery
US11218503B2 (en) 2019-07-19 2022-01-04 Jpmorgan Chase Bank, N.A. System and method for implementing a vulnerability management module
US11196762B2 (en) * 2019-07-31 2021-12-07 International Business Machines Corporation Vulnerability scanner based on network profile
JP7311354B2 (en) * 2019-08-21 2023-07-19 株式会社日立製作所 NETWORK MONITORING DEVICE, NETWORK MONITORING METHOD, AND NETWORK MONITORING PROGRAM
US11683332B2 (en) * 2019-08-22 2023-06-20 Six Engines, LLC Method and apparatus for measuring information system device integrity and evaluating endpoint posture
JP7396371B2 (en) * 2019-12-25 2023-12-12 日本電気株式会社 Analytical equipment, analytical methods and analytical programs
CN111147491B (en) * 2019-12-26 2022-11-22 深信服科技股份有限公司 Vulnerability repairing method, device, equipment and storage medium
US11438362B2 (en) * 2020-01-02 2022-09-06 Saudi Arabian Oil Company Method and system for prioritizing and remediating security vulnerabilities based on adaptive scoring
US11768945B2 (en) 2020-04-07 2023-09-26 Allstate Insurance Company Machine learning system for determining a security vulnerability in computer software
US11888887B2 (en) * 2020-04-27 2024-01-30 Kenna Security Llc Risk-based vulnerability remediation timeframe recommendations
CN112131574A (en) * 2020-09-16 2020-12-25 上海中通吉网络技术有限公司 Method, system and equipment for determining information security vulnerability level
WO2022153412A1 (en) * 2021-01-13 2022-07-21 日本電信電話株式会社 Score integration device, score integration method, and score integration program
US12001276B2 (en) 2021-03-22 2024-06-04 Dell Products L.P. System for efficient enterprise dispatching
US11314585B1 (en) * 2021-03-31 2022-04-26 Dell Products L.P. System for generating enterprise remediation documentation
US11431557B1 (en) 2021-04-13 2022-08-30 Dell Products L.P. System for enterprise event analysis
US11996996B2 (en) 2021-04-16 2024-05-28 Dell Products L.P. System for view-only command center mode
US11606246B2 (en) 2021-04-28 2023-03-14 Dell Products L.P. System for enterprise alert timeline of a system and service
US11997127B2 (en) 2021-05-07 2024-05-28 Netskope, Inc. Policy based vulnerability identification, correlation, remediation, and mitigation
US11956254B1 (en) 2021-06-08 2024-04-09 Arceo Labs Inc. Generating a cybersecurity risk model using sparse data
CN113596061B (en) * 2021-08-31 2022-07-26 广州卓远虚拟现实科技有限公司 Network security vulnerability response method based on block chain technology
CN116881923A (en) * 2023-07-12 2023-10-13 北京门石信息技术有限公司 IoT device security management method, system, medium and device

Family Cites Families (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8136163B2 (en) * 2004-01-16 2012-03-13 International Business Machines Corporation Method, apparatus and program storage device for providing automated tracking of security vulnerabilities
US8201257B1 (en) 2004-03-31 2012-06-12 Mcafee, Inc. System and method of managing network security risks
US7487545B2 (en) * 2004-06-17 2009-02-03 International Business Machines Corporation Probabilistic mechanism to determine level of security for a software package
US7962960B2 (en) * 2005-02-25 2011-06-14 Verizon Business Global Llc Systems and methods for performing risk analysis
US8918883B1 (en) * 2005-06-15 2014-12-23 Tripwire, Inc. Prioritizing network security vulnerabilities using accessibility
US8392997B2 (en) * 2007-03-12 2013-03-05 University Of Southern California Value-adaptive security threat modeling and vulnerability ranking
US9118706B2 (en) * 2007-06-29 2015-08-25 Verizon Patent And Licensing Inc. Using imported data from security tools
US8112304B2 (en) * 2008-08-15 2012-02-07 Raytheon Company Method of risk management across a mission support network
JP5559306B2 (en) * 2009-04-24 2014-07-23 アルグレス・インコーポレイテッド Enterprise information security management software for predictive modeling using interactive graphs
US9317692B2 (en) * 2009-12-21 2016-04-19 Symantec Corporation System and method for vulnerability risk analysis
US8495747B1 (en) * 2010-03-31 2013-07-23 Mcafee, Inc. Prioritizing asset remediations
US20130247205A1 (en) * 2010-07-14 2013-09-19 Mcafee, Inc. Calculating quantitative asset risk
US9141805B2 (en) * 2011-09-16 2015-09-22 Rapid7 LLC Methods and systems for improved risk scoring of vulnerabilities
US8595845B2 (en) * 2012-01-19 2013-11-26 Mcafee, Inc. Calculating quantitative asset risk
US20140007244A1 (en) * 2012-06-28 2014-01-02 Integrated Solutions Consulting, Inc. Systems and methods for generating risk assessments
US20140137257A1 (en) * 2012-11-12 2014-05-15 Board Of Regents, The University Of Texas System System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure
US8893283B2 (en) * 2013-01-31 2014-11-18 Hewlett-Packard Development Company, L.P. Performing an automated compliance audit by vulnerabilities
AU2014233006B2 (en) * 2013-03-15 2017-06-15 Socure Inc. Risk assessment using social networking data
US9912683B2 (en) * 2013-04-10 2018-03-06 The United States Of America As Represented By The Secretary Of The Army Method and apparatus for determining a criticality surface of assets to enhance cyber defense
US9246934B2 (en) * 2013-05-15 2016-01-26 Jason Allen Sabin Method and system of attack surface detection
WO2015006698A1 (en) * 2013-07-11 2015-01-15 Rofori Corporation Communication streams
US9992230B1 (en) * 2013-09-27 2018-06-05 Tripwire, Inc. Assessing security control quality and state in an information technology infrastructure
US20150237062A1 (en) * 2014-02-14 2015-08-20 Risk I/O, Inc. Risk Meter For Vulnerable Computing Devices
US8984643B1 (en) * 2014-02-14 2015-03-17 Risk I/O, Inc. Ordered computer vulnerability remediation reporting
US10657262B1 (en) * 2014-09-28 2020-05-19 Red Balloon Security, Inc. Method and apparatus for securing embedded device firmware
US9501647B2 (en) * 2014-12-13 2016-11-22 Security Scorecard, Inc. Calculating and benchmarking an entity's cybersecurity risk score
US9648036B2 (en) * 2014-12-29 2017-05-09 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
EP3241135A4 (en) * 2015-01-01 2018-05-02 Checkmarx Ltd. Code instrumentation for runtime application self-protection
US20180027006A1 (en) * 2015-02-24 2018-01-25 Cloudlock, Inc. System and method for securing an enterprise computing environment
US9507946B2 (en) * 2015-04-07 2016-11-29 Bank Of America Corporation Program vulnerability identification
US9800604B2 (en) * 2015-05-06 2017-10-24 Honeywell International Inc. Apparatus and method for assigning cyber-security risk consequences in industrial process control environments
US10536357B2 (en) * 2015-06-05 2020-01-14 Cisco Technology, Inc. Late data detection in data center
US20160379326A1 (en) * 2015-06-25 2016-12-29 Marie N. Chan-Gove Risk modeling system
US10516567B2 (en) * 2015-07-10 2019-12-24 Zerofox, Inc. Identification of vulnerability to social phishing
US10185832B2 (en) * 2015-08-12 2019-01-22 The United States Of America As Represented By The Secretary Of The Army Methods and systems for defending cyber attack in real-time
US9767291B2 (en) * 2015-10-06 2017-09-19 Netflix, Inc. Systems and methods for security and risk assessment and testing of applications
US10264008B2 (en) * 2015-10-08 2019-04-16 Bank Of America Corporation Vulnerability exposing application characteristic variation identification engine
CN105635121A (en) * 2015-12-23 2016-06-01 赛尔网络有限公司 Vulnerability severity level distribution statistical method based on manufacturers, device and system
US10313382B2 (en) * 2016-03-29 2019-06-04 The Mitre Corporation System and method for visualizing and analyzing cyber-attacks using a graph model
US20170346824A1 (en) * 2016-05-31 2017-11-30 Tracker Networks Inc. Methods and systems for mobile device risk management
US10313383B2 (en) * 2016-06-01 2019-06-04 Mastercard International Incorporated Systems and methods for use in evaluating vulnerability risks associated with payment applications
US10372915B2 (en) * 2016-07-29 2019-08-06 Jpmorgan Chase Bank, N.A. Cybersecurity vulnerability management systems and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11163889B2 (en) 2019-06-14 2021-11-02 Bank Of America Corporation System and method for analyzing and remediating computer application vulnerabilities via multidimensional correlation and prioritization

Also Published As

Publication number Publication date
EP3491524A4 (en) 2020-03-18
WO2018023074A1 (en) 2018-02-01
EP3491524A1 (en) 2019-06-05
US20190362078A1 (en) 2019-11-28
US20210374250A1 (en) 2021-12-02
US11645396B2 (en) 2023-05-09
CN109690492A (en) 2019-04-26
US11120139B2 (en) 2021-09-14
US20180032736A1 (en) 2018-02-01
CN109690492B (en) 2023-09-29
US10372915B2 (en) 2019-08-06

Similar Documents

Publication Publication Date Title
SG11201900752PA (en) Cybersecurity vulnerability management system and method
SG11201809963XA (en) Application framework using blockchain-based asset ownership
SG11201907770YA (en) Systems and methods for determining a parking region of vehicles
SG11201904942YA (en) Blockchain-based service execution method and apparatus, and electronic device
SG11201811405QA (en) Improved differentiation method
SG11201811025VA (en) Systems and methods for automated annotation and screening of biological sequences
SG11201805532XA (en) Multivalent and multispecific 41bb-binding fusion proteins
SG11202000495YA (en) Methods and systems for environmental credit scoring
SG11201901006RA (en) Systems and methods for enhanced organizational transparency using a credit chain
SG11201910212WA (en) Integrated system for rule editing, simulation, version control, and business process management
SG11201907381UA (en) Building management system with declarative views of timeseries data
SG11201906372PA (en) Computer-implemented system and method for generating and extracting user related data stored on a blockchain
SG11201903738QA (en) Offshore gnss reference station apparatus, offshore gnss positioning system, and method of generating positioning reference data offshore
SG11201804771WA (en) Systems and methods for providing financial data to financial instruments in a distributed ledger system
SG11201900979VA (en) Network-based automated prediction modeling
SG11201805422WA (en) Multivalent and multispecific ox40-binding fusion proteins
SG11201805919PA (en) Virtual network, hot swapping, hot scaling, and disaster recovery for containers
SG11201907383QA (en) Systems and methods for vehicle sharing service
SG11201900246TA (en) Determining drivability of objects for autonomous vehicles
SG11201805986TA (en) Automated honeypot provisioning system
SG11201803666WA (en) Single image detection
SG11201804375WA (en) Compositions and methods for internalizing enzymes
SG11201805794XA (en) Webinterface generation and testing using artificial neural networks
SG11201805390WA (en) System and methods for auditing a virtual machine
SG11201909561RA (en) Octree-based convolutional neural network