US2019342325A1PendingUtilityA1

Systems and methods for managing network vulnerability scanning to avoid disruption of operations

Assignee: WALMART APOLLO LLCPriority: May 7, 2018Filed: May 6, 2019Published: Nov 7, 2019
Est. expiryMay 7, 2038(~11.8 yrs left)· nominal 20-yr term from priority
H04L 43/062H04L 43/16H04L 63/1425H04L 63/1433H04L 63/20
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

There are provided systems and methods for managing network vulnerability scanning to avoid interference and disruption of network operations. In one form, the system includes: a network of computing devices; a network vulnerability scanner for evaluating insecurity and vulnerability of the network; a network traffic monitor for measuring the volume of network traffic at a certain time; and a scanning scheduler that includes scanning blackout events limiting operation of the scanner. Each blackout event includes an event name, a country or region for the blackout, a blackout start time and end time, and a blackout type that may include a level of the blackout and an authorization required for the network scan to proceed. In the system, a control circuit controls operation of the scanner; interrupts, delays, or cancels a network scan when the network traffic exceeds a certain threshold; and enforces blackout events according to the scanning scheduler.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for managing network vulnerability scanning to avoid interference and disruption of network operations, the system comprising:
 a network comprising a plurality of communicatively coupled computing devices with applications running thereon;   a network vulnerability scanner configured to evaluate insecurity and vulnerability of the network to disruption by outside actors;   a network traffic monitor configured to measure the volume of traffic being transferred across the network at a certain point in time;   a scanning scheduler comprising a plurality of scanning blackout events limiting operation of the network vulnerability scanner, each scanning blackout event including an event name, an applicable country or region for the blackout, a blackout start time, a blackout end time, and a blackout type indicating at least one of: a predetermined level of the blackout in the country or region and a predetermined authorization required for the network scan to proceed; and   a control circuit operatively coupled to the network vulnerability scanner, network traffic monitor, and the scanning scheduler, the control circuit configured to:
 control operation of the network vulnerability scanner; 
 interrupt, delay, or cancel a network scan by the network vulnerability scanner when the network traffic measured by the network traffic monitor exceeds a predetermined threshold; and 
 enforce scanning blackout events according to the scanning scheduler. 
   
     
     
         2 . The system of  claim 1 , wherein:
 the network traffic monitor measures daily traffic in one or more countries or regions;   the control circuit determines whether the measured daily traffic in the one or more countries or regions exceeds predetermined thresholds for those one or more countries or regions; and   the control circuit creates a scanning blackout event for those one or more countries or regions on anniversaries of the dates where the measured daily traffic exceeded the predetermined thresholds.   
     
     
         3 . The system of  claim 1 , wherein:
 the control circuit receives input that a network scan disrupted network operations on a certain date in a country or region; and   the control circuit creates a scanning blackout event in that country or region on anniversaries of that certain date.   
     
     
         4 . The system of  claim 1 , wherein the predetermined level of a blackout comprises one or more of: all network scans allowed, only manually inputted and non-recurring network scans allowed, network scans only permitted for certain departments or portions of the network being scanned, and all network scans blocked. 
     
     
         5 . The system of  claim 1 , wherein:
 the predetermined level of a blackout is one selected from a group of levels;   each blackout type indicates the predetermined level of the blackout for each country or region; and   each blackout type further requires a predetermined authorization for the network scan to proceed, the predetermined authorization corresponding to the predetermined level in each country or region.   
     
     
         6 . The system of  claim 1 , wherein, following interruption, delay, or cancellation of a network scan when measured network traffic exceeds a predetermined threshold:
 the network traffic monitor is configured to continue measuring the volume of traffic being transferred across the network at predetermined time intervals; and   the control circuit is configured to initiate a network scan when both the volume of traffic no longer exceeds the predetermined threshold and the scanning scheduler does not indicate a blackout event.   
     
     
         7 . The system of  claim 1 , wherein:
 the network traffic monitor is configured to measure the volume of traffic being transferred across a network at predetermined time intervals for a predetermined country or region;   the control circuit is configured to determine a rate in the change of the volume of traffic; and   the control circuit is configured to interrupt, delay, or cancel a network scan when the rate in the change of the volume of traffic exceeds a predetermined threshold rate.   
     
     
         8 . The system of  claim 1 , wherein the network vulnerability scanner performs at least one of the operations of accessing files, querying network ports, and performing login actions. 
     
     
         9 . The system of  claim 1 , wherein the network vulnerability scanner is further configured to evaluate insecurity and vulnerability by:
 scanning nodes using login credentials on the network;   performing a plurality of measurements indicating usage capacity on a node or on the network; and   determining one or more of conflicting application operations, misconfigurations of the applications, and internal application vulnerabilities.   
     
     
         10 . The system of  claim 1 , wherein the scanning blackout events comprise one or more of peak business hours, predetermined holidays, and historical times of peak network transactions. 
     
     
         11 . A method for managing network vulnerability scanning to avoid interference and disruption of network operations, the method comprising:
 providing a network comprising a plurality of communicatively coupled computing devices with applications running thereon;   providing a network vulnerability scanner configured to evaluate insecurity and vulnerability of the network to disruption by outside actors;   providing a network traffic monitor configured to measure the volume of traffic being transferred across the network at a certain point in time;   creating a scanning scheduler comprising a plurality of scanning blackout events limiting operation of the network vulnerability scanner, each scanning blackout event including an event name, an applicable country or region for the blackout, a blackout start time, a blackout end time, and a blackout type indicating at least one of: a predetermined level of the blackout in the country or region and a predetermined authorization required for the network scan to proceed; and   by a control circuit:
 controlling operation of the network vulnerability scanner; 
 interrupting, delaying, or canceling a network scan by the network vulnerability scanner when the network traffic measured by the network traffic monitor exceeds a predetermined threshold; and 
 enforcing scanning blackout events according to the scanning scheduler. 
   
     
     
         12 . The method of  claim 11 , further comprising:
 by the network traffic monitor, measuring daily traffic in one or more countries or regions;   by the control circuit, determining whether the measured daily traffic in the one or more countries or regions exceeds predetermined thresholds for those one or more countries or regions; and   by the control circuit, creating a scanning blackout event for those one or more countries or regions on anniversaries of the dates where the measured daily traffic exceeded the predetermined thresholds.   
     
     
         13 . The method of  claim 11 , further comprising:
 by the control circuit, receiving input that a network scan disrupted network operations on a certain date in a country or region; and   by the control circuit, creating a scanning blackout event in that country or region on anniversaries of that certain date.   
     
     
         14 . The method of  claim 11 , wherein the predetermined level of a blackout comprises one or more of: all network scans allowed, only manually inputted and non-recurring network scans allowed, network scans only permitted for certain departments or portions of the network being scanned, and all network scans blocked. 
     
     
         15 . The method of  claim 11 , wherein:
 the predetermined level of a blackout is one selected from a group of levels;   each blackout type indicates the predetermined level of the blackout for each country or region; and   each blackout type further requires a predetermined authorization for the network scan to proceed, the predetermined authorization corresponding to the predetermined level in each country or region.   
     
     
         16 . The method of  claim 11 , further comprising, following interruption, delay, or cancellation of a network scan when measured network traffic exceeds a predetermined threshold:
 by the network traffic monitor, continuing to measure the volume of traffic being transferred across the network at predetermined time intervals; and   by the control circuit, initiating a network scan when both the volume of traffic no longer exceeds the predetermined threshold and the scanning scheduler does not indicate a blackout event.   
     
     
         17 . The method of  claim 11 , further comprising:
 by the network traffic monitor, measuring the volume of traffic being transferred across a network at predetermined time intervals for a predetermined country or region;   by the control circuit, determining a rate in the change of the volume of traffic; and   by the control circuit, interrupting, delaying, or canceling a network scan when the rate in the change of the volume of traffic exceeds a predetermined threshold rate.   
     
     
         18 . The method of  claim 11 , wherein the network vulnerability scanner performs at least one of the operations of accessing files, querying network ports, and performing login actions. 
     
     
         19 . The method of  claim 11 , wherein, by the network vulnerability scanner, evaluating insecurity and vulnerability by:
 scanning nodes using login credentials on the network;   performing a plurality of measurements indicating usage capacity on a node or on the network; and   determining one or more of conflicting application operations, misconfigurations of the applications, and internal application vulnerabilities.   
     
     
         20 . The method of  claim 11 , wherein the scanning blackout events comprise one or more of peak business hours, predetermined holidays, and historical times of peak network transactions.

Join the waitlist — get patent alerts

Track US2019342325A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.