| CPC G06F 21/577 (2013.01) [H04L 63/1433 (2013.01); G06F 21/552 (2013.01); G06F 2221/033 (2013.01); G06F 2221/034 (2013.01); H04L 67/53 (2022.05)] | 17 Claims |
|
1. A system for automated communications and remediation for security vulnerabilities, the system comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, configured to:
receive, from a database that stores information regarding security vulnerabilities, security vulnerability indicators associated with one or more cloud-based applications;
cluster the security vulnerability indicators into classes, each associated with a particular hardware server, based on whether the security vulnerabilities are on a same hardware server, and further determine that at least one of the security vulnerability indicators is associated with a dependency chain corresponding to a forthcoming update of another application,
wherein a vulnerability, corresponding to the at least one of the security vulnerability indicators, is associated with being resolved by the forthcoming update to the other application; and
exclude the at least one of the security vulnerability indicators from classification based on the determination;
determine, for each class of the classes and based on applying a machine learning model to at least a portion of historical information associated with the security vulnerability indicators, a corresponding remediation recommendation,
wherein the machine learning model is trained to determine the corresponding remediation recommendation based on other security vulnerabilities, of the security vulnerabilities, that are associated with the same cloud environment or the same hardware server;
determine, based on stored settings associated with users of the one or more cloud-based applications, one or more communication interfaces,
wherein a stored setting associated with a user of the users indicates a communication interface for communications related to the security vulnerability indicators;
transmit, via the one or more communication interfaces, a corresponding message for each class of the classes;
receive input associated with at least one of the corresponding messages;
trigger, for at least one of the classes of security vulnerability indicators and based on the input, an automated remediation script based on a corresponding one of the remediation recommendations,
wherein the automated remediation script causes a cloud environment to perform an action for one of the cloud-based applications associated with the security vulnerability indicators in the at least one of the classes;
validate that the automated remediation script has resolved the security vulnerabilities associated with the security vulnerability indicators in the at least one of the classes; and
transmit an indication, based on the validation and via the one or more communication interfaces, that the security vulnerabilities, associated with the security vulnerability indicators in the at least one of the classes, have been resolved.
|
|
6. A method of applying machine learning to automated communications and remediation for security vulnerabilities, comprising: receiving, from a database that stores information regarding security vulnerabilities, security vulnerability indicators associated with one or more cloud-based applications;
clustering, using at least one machine learning model, the security vulnerability indicators into classes, each associated with a particular hardware server, based on whether the security vulnerabilities are on a same hardware server, and further determining that at least one of the security vulnerability indicators is associated with a dependency chain corresponding to a forthcoming update of another application,
wherein a vulnerability, corresponding to the at least one of the security vulnerability indicators, is associated with being resolved by the forthcoming update to the other application; and
excluding the at least one of the security vulnerability indicators from classification based on the determination;
determining, for each class of the classes and based on applying the at least one machine learning model to at least a portion of historical information, a corresponding remediation recommendation,
wherein the at least one machine learning model is trained to determine the corresponding remediation recommendation based on other security vulnerabilities that are associated with a same hardware server;
determining, based on stored settings associated with users of the one or more cloud-based applications, one or more communication interfaces,
wherein a stored setting associated with a user of the users indicates a communication interface for communications related to the security vulnerability indicators;
transmitting, via the one or more communication interfaces, a corresponding message for each class of the classes;
receiving input associated with at least one of the corresponding messages; and
triggering, for at least one of the classes of security vulnerability indicators and based on the input, an automated remediation script based on a corresponding one of the remediation recommendations,
wherein the automated remediation script causes a cloud environment to perform an action for a cloud-based application associated with the security vulnerability indicators in the at least one of the classes.
|
|
12. A non-transitory computer-readable medium storing a set of instructions for applying machine learning to automated communications and remediation for security vulnerabilities, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the device to:
receive, from a database that stores information regarding security vulnerabilities, security vulnerability indicators associated with one or more cloud-based applications,
wherein the security vulnerability indicators are clustered into classes, each associated with a particular hardware server, based on whether the security vulnerabilities are on a same hardware server, and and further determine that at least one of the security vulnerability indicators is associated with a dependency chain corresponding to a forthcoming update of another application,
wherein a vulnerability, corresponding to the at least one of the security vulnerability indicators, is associated with being resolved by the forthcoming update to the other application; and
exclude the at least one of the security vulnerability indicators from classification based on the determination;
receive historical information associated with the security vulnerability indicators, the historical information including at least environmental information, user information, and remediation information associated with the security vulnerability indicators;
train, based on observations related to quantities of affected users, a machine learning model to identify at least one of the security vulnerabilities as high priority,
wherein the machine learning model is trained based on other security vulnerabilities, of the security vulnerabilities, that are associated with a same hardware server;
identify, using the machine learning model and the historical information, and based on determining that a quantity of affected users associated with the at least one of the security vulnerabilities satisfies a user quantity threshold, the at least one of the security vulnerabilities as high priority,
wherein the quantity of affected users is provided as input to the machine learning model;
determine, for the at least one of the security vulnerabilities, a corresponding remediation recommendation based on the remediation information associated with the at least one of the security vulnerabilities; and
generate an automated remediation script based on the corresponding remediation recommendation.
|