| CPC G06F 21/577 (2013.01) [G06F 21/552 (2013.01)] | 31 Claims |
|
1. A system comprising:
a security and vulnerability analysis processor;
a prediction engine configured to select and execute one or more machine learning models and generate a desired prediction;
one or more endpoint devices in communication with the security and vulnerability analysis processor through a communication network, the one or more endpoint devices generating telemetry data used by the one or more machine learning models to generate the desired prediction;
a vulnerability data ingestion processor configured to obtain, from one or more data sources, security data associated with the one or more endpoint devices, wherein the security data includes at least vulnerability data associated with the one or more endpoint devices;
a centralized database including one or more data repositories containing the security data and storing predictions generated by the machine learning models, and wherein the security data is available as an input for training the one or more machine learning models;
a contextualization engine configured to process the security data from the centralized database, correlate new vulnerability data against existing vulnerability data, attribute any newly resulting vulnerability to a particular endpoint device, and update an endpoint vulnerability profile within the centralized database with the newly resulting vulnerability attributed to the particular endpoint device;
a data ingestion module configured to extract telemetry data from the one or more data repositories based on the desired prediction to be generated by the selected machine learning model and transform the extracted telemetry data into a telemetry data structure required by the particular machine learning model selected;
wherein the prediction engine processes the telemetry data structure associated with the particular endpoint device using the selected machine learning model to generate a prediction about risk impact of conducting vulnerability remediation to the particular endpoint device, and wherein the prediction engine generates meta data about the performance of the machine learning model to generate the prediction about the risk impact; and
a data output module configured to receive the prediction about the risk impact of conducting vulnerability remediation to the particular endpoint device, and store the prediction in the centralized database for reference in making remediation decisions about the particular endpoint device.
|