Browse Prior Art Database

A cognitive system to assess as soon as possible security exposures in a customer environment Disclosure Number: IPCOM000249244D
Publication Date: 2017-Feb-14
Document File: 5 page(s) / 123K

Publishing Venue

The Prior Art Database


The present article relates to the field of the vulnerability assessment of computational devices, and presents a system to automatically extract vulnerability information from the news and check a computing environment for exposure.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 25% of the total text.


A cognitive system to assess as soon as possible security exposures in a customer environment

Every day new exploits are discovered and published by hackers or research experts. Once an

exploit has been published, the most important activity for a system administrator is to assess

the impact of this exploit on his environment, i.e. understand how many machines are

vulnerable. But the information available as soon as an exploit becomes public are usually

very fragmented, and the administer must read many news or blog posts to:

• Understand which ones of them are reliable and provide valuable information to help

identify affected computer;

• Extract the proper checks to execute to assess the status of his environment

Given the large number of information sources and the vast number of articles published, it is

sometimes even difficult to recognize a potentially dangerous exploit.

As an example, think about the so called “heartbleed” exploit. After the disclosure of the

initial news, it anyhow took two or three days for the news to start appearing mainstream.

Once the news started appearing mainstream, it become difficult to find, between the many

published articles, relevant news. Many articles and blog posts mentioned the issue as

potentially dangerous, but without providing technical details about it.

So a system administrator basically had few challenges:

1. Gain immediate awareness of the issue, i.e. as soon as descriptions of it started

appearing, without letting potential attackers the 2 or 3 days’ advantage before the

news become mainstream;

2. Obtain a clear technical understanding of the problem from the many news that

appeared on the internet, for example obtain a clear reference of the vulnerable

OpenSSL versions or a list of the products vulnerable because they included that

version of OpenSSL;

3. Obtain reliable information: given the hype around some problems and the articles

written in a hurry, the available data are sometimes contrasting;

4. Follow the news as far as new elements emerge about the exploit and use them to

refine the environment assessment.

The current solution to this issue is, for system administrators, to subscribe to services that

provide reliable information about security exploits. These services are either managed by

large security corporations, or based on a collaborative effort of many system administrators

or both. These services provide security checks coded in a specific format (like Indicators of

Compromise – IOC). The main disadvantage is the amount of time required for these services

to provide reliable information; they basically have internally the same challenges that every

single administrator should tackle. What we propose a method to automate the steps that a

system administrator has to perform in order to assess the vulnerability of his environment to

new security exploits. The system leverages some cognitive services in order to provide

continuous monitoring and information extraction for n...