US 11,882,145 B2
Detection of vulnerabilities in a computer network
Elliot Colquhoun, Sydney (AU); Abhishek Agarwal, Jaipur (IN); Andrew Eggleton, Doha (QA); Brandon Helms, Arnold, MD (US); Carl Ambroselli, Potsdam (DE); Cem Zorlular, New York, NY (US); Daniel Kelly, New York, NY (US); Gautam Punukollu, New York, NY (US); Jeffrey Tsui, Palo Alto, CA (US); Morten Kromann, Copenhagen (DK); Nikhil Seetharaman, Palo Alto, CA (US); Raj Krishnan, Mumbai (IN); Samuel Jones, Chelmsford, MA (US); Tareq Alkhatib, Richmond (CA); and Dayang Shi, New York, NY (US)
Assigned to Palantir Technologies Inc., Denver, CO (US)
Filed by Palantir Technologies Inc., Denver, CO (US)
Filed on Jun. 21, 2022, as Appl. No. 17/845,514.
Application 17/845,514 is a continuation of application No. 16/293,690, filed on Mar. 6, 2019, granted, now 11,418,529.
Claims priority of application No. 1820853 (GB), filed on Dec. 20, 2018.
Prior Publication US 2022/0321595 A1, Oct. 6, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 8/65 (2018.01); H04L 67/75 (2022.01)
CPC H04L 63/1433 (2013.01) [G06F 8/65 (2013.01); H04L 63/1441 (2013.01); H04L 67/75 (2022.05)] 20 Claims
OG exemplary drawing
1. A method, performed by one or more processors, the method comprising:
receiving first data representing an infrastructure of a computer network, the first data comprising an indication of a plurality of hosts which form at least part of the computer network and one or more software resources on respective hosts;
receiving second data from a vulnerability scanning software, the second data comprising an indication of one or more vulnerabilities detected in the one or more software resources provided on at least some of the plurality of hosts of the computer network;
generating, using a combination of the first data and the second data, output data representing a risk profile of the computer network infrastructure; and
determining a patch deployment strategy based on one or more prioritization rules and the output data, the one or more prioritization rules determining an order of one or more patches to deploy to remedy the detected vulnerabilities, wherein the deployment strategy determines a least number of patches required to remedy the detected vulnerabilities.