Systems and methods for managing network vulnerability scanning to avoid disruption of operations
Abstract
There are provided systems and methods for managing network vulnerability scanning to avoid interference and disruption of network operations. In one form, the system includes: a network of computing devices; a network vulnerability scanner for evaluating insecurity and vulnerability of the network; a network traffic monitor for measuring the volume of network traffic at a certain time; and a scanning scheduler that includes scanning blackout events limiting operation of the scanner. Each blackout event includes an event name, a country or region for the blackout, a blackout start time and end time, and a blackout type that may include a level of the blackout and an authorization required for the network scan to proceed. In the system, a control circuit controls operation of the scanner; interrupts, delays, or cancels a network scan when the network traffic exceeds a certain threshold; and enforces blackout events according to the scanning scheduler.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system for managing network vulnerability scanning to avoid interference and disruption of network operations, the system comprising:
a network comprising a plurality of communicatively coupled computing devices with applications running thereon; a network vulnerability scanner configured to evaluate insecurity and vulnerability of the network to disruption by outside actors; a network traffic monitor configured to measure the volume of traffic being transferred across the network at a certain point in time; a scanning scheduler comprising a plurality of scanning blackout events limiting operation of the network vulnerability scanner, each scanning blackout event including an event name, an applicable country or region for the blackout, a blackout start time, a blackout end time, and a blackout type indicating at least one of: a predetermined level of the blackout in the country or region and a predetermined authorization required for the network scan to proceed; and a control circuit operatively coupled to the network vulnerability scanner, network traffic monitor, and the scanning scheduler, the control circuit configured to:
control operation of the network vulnerability scanner;
interrupt, delay, or cancel a network scan by the network vulnerability scanner when the network traffic measured by the network traffic monitor exceeds a predetermined threshold; and
enforce scanning blackout events according to the scanning scheduler.
2 . The system of claim 1 , wherein:
the network traffic monitor measures daily traffic in one or more countries or regions; the control circuit determines whether the measured daily traffic in the one or more countries or regions exceeds predetermined thresholds for those one or more countries or regions; and the control circuit creates a scanning blackout event for those one or more countries or regions on anniversaries of the dates where the measured daily traffic exceeded the predetermined thresholds.
3 . The system of claim 1 , wherein:
the control circuit receives input that a network scan disrupted network operations on a certain date in a country or region; and the control circuit creates a scanning blackout event in that country or region on anniversaries of that certain date.
4 . The system of claim 1 , wherein the predetermined level of a blackout comprises one or more of: all network scans allowed, only manually inputted and non-recurring network scans allowed, network scans only permitted for certain departments or portions of the network being scanned, and all network scans blocked.
5 . The system of claim 1 , wherein:
the predetermined level of a blackout is one selected from a group of levels; each blackout type indicates the predetermined level of the blackout for each country or region; and each blackout type further requires a predetermined authorization for the network scan to proceed, the predetermined authorization corresponding to the predetermined level in each country or region.
6 . The system of claim 1 , wherein, following interruption, delay, or cancellation of a network scan when measured network traffic exceeds a predetermined threshold:
the network traffic monitor is configured to continue measuring the volume of traffic being transferred across the network at predetermined time intervals; and the control circuit is configured to initiate a network scan when both the volume of traffic no longer exceeds the predetermined threshold and the scanning scheduler does not indicate a blackout event.
7 . The system of claim 1 , wherein:
the network traffic monitor is configured to measure the volume of traffic being transferred across a network at predetermined time intervals for a predetermined country or region; the control circuit is configured to determine a rate in the change of the volume of traffic; and the control circuit is configured to interrupt, delay, or cancel a network scan when the rate in the change of the volume of traffic exceeds a predetermined threshold rate.
8 . The system of claim 1 , wherein the network vulnerability scanner performs at least one of the operations of accessing files, querying network ports, and performing login actions.
9 . The system of claim 1 , wherein the network vulnerability scanner is further configured to evaluate insecurity and vulnerability by:
scanning nodes using login credentials on the network; performing a plurality of measurements indicating usage capacity on a node or on the network; and determining one or more of conflicting application operations, misconfigurations of the applications, and internal application vulnerabilities.
10 . The system of claim 1 , wherein the scanning blackout events comprise one or more of peak business hours, predetermined holidays, and historical times of peak network transactions.
11 . A method for managing network vulnerability scanning to avoid interference and disruption of network operations, the method comprising:
providing a network comprising a plurality of communicatively coupled computing devices with applications running thereon; providing a network vulnerability scanner configured to evaluate insecurity and vulnerability of the network to disruption by outside actors; providing a network traffic monitor configured to measure the volume of traffic being transferred across the network at a certain point in time; creating a scanning scheduler comprising a plurality of scanning blackout events limiting operation of the network vulnerability scanner, each scanning blackout event including an event name, an applicable country or region for the blackout, a blackout start time, a blackout end time, and a blackout type indicating at least one of: a predetermined level of the blackout in the country or region and a predetermined authorization required for the network scan to proceed; and by a control circuit:
controlling operation of the network vulnerability scanner;
interrupting, delaying, or canceling a network scan by the network vulnerability scanner when the network traffic measured by the network traffic monitor exceeds a predetermined threshold; and
enforcing scanning blackout events according to the scanning scheduler.
12 . The method of claim 11 , further comprising:
by the network traffic monitor, measuring daily traffic in one or more countries or regions; by the control circuit, determining whether the measured daily traffic in the one or more countries or regions exceeds predetermined thresholds for those one or more countries or regions; and by the control circuit, creating a scanning blackout event for those one or more countries or regions on anniversaries of the dates where the measured daily traffic exceeded the predetermined thresholds.
13 . The method of claim 11 , further comprising:
by the control circuit, receiving input that a network scan disrupted network operations on a certain date in a country or region; and by the control circuit, creating a scanning blackout event in that country or region on anniversaries of that certain date.
14 . The method of claim 11 , wherein the predetermined level of a blackout comprises one or more of: all network scans allowed, only manually inputted and non-recurring network scans allowed, network scans only permitted for certain departments or portions of the network being scanned, and all network scans blocked.
15 . The method of claim 11 , wherein:
the predetermined level of a blackout is one selected from a group of levels; each blackout type indicates the predetermined level of the blackout for each country or region; and each blackout type further requires a predetermined authorization for the network scan to proceed, the predetermined authorization corresponding to the predetermined level in each country or region.
16 . The method of claim 11 , further comprising, following interruption, delay, or cancellation of a network scan when measured network traffic exceeds a predetermined threshold:
by the network traffic monitor, continuing to measure the volume of traffic being transferred across the network at predetermined time intervals; and by the control circuit, initiating a network scan when both the volume of traffic no longer exceeds the predetermined threshold and the scanning scheduler does not indicate a blackout event.
17 . The method of claim 11 , further comprising:
by the network traffic monitor, measuring the volume of traffic being transferred across a network at predetermined time intervals for a predetermined country or region; by the control circuit, determining a rate in the change of the volume of traffic; and by the control circuit, interrupting, delaying, or canceling a network scan when the rate in the change of the volume of traffic exceeds a predetermined threshold rate.
18 . The method of claim 11 , wherein the network vulnerability scanner performs at least one of the operations of accessing files, querying network ports, and performing login actions.
19 . The method of claim 11 , wherein, by the network vulnerability scanner, evaluating insecurity and vulnerability by:
scanning nodes using login credentials on the network; performing a plurality of measurements indicating usage capacity on a node or on the network; and determining one or more of conflicting application operations, misconfigurations of the applications, and internal application vulnerabilities.
20 . The method of claim 11 , wherein the scanning blackout events comprise one or more of peak business hours, predetermined holidays, and historical times of peak network transactions.Join the waitlist — get patent alerts
Track US2019342325A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.