Lisa L Henderson

US Patent:

20210344701, Nov 4, 2021

Filed:

Apr 29, 2020

Appl. No.:

16/862182

Inventors:

- Santa Clara CA, US
Lisa Sherilyn Henderson - Temecula CA, US

International Classification:

H04L 29/06
G06F 16/2455
G06F 16/22

Abstract:

A modified configuration management database (CMDB) system is disclosed in which detected configuration item (CI) vulnerabilities are stored as less-resource-intensive detection objects, rather than as more-resource-intensive vulnerable item (VI) objects. The system includes a vulnerability response (VR) server that enables promotion rules to be created and periodically applied to the stored detections. When the conditions of a detection promotion rule are satisfied by information relating to a stored detection, a new VI may be created and related to the stored detection within the CMDB. The disclosed promotion rules can be configured to ensure that VIs are only automatically created for high-risk or relevant detections, substantially reducing the number of VIs to be created, stored, and managed. As such, the disclosed system substantially reduces resource consumption and improves the efficiency and operation of the CMDB.

US Patent:

20210144168, May 13, 2021

Filed:

Nov 13, 2019

Appl. No.:

16/682878

Inventors:

- Santa Clara CA, US
Lisa Sherilyn Henderson - Temecula CA, US
Antonio Challita - Carlsbad CA, US
Betsy Cherian - Poway CA, US
John Anthony Rissone - San Diego CA, US
Hnin Haymar - San Diego CA, US
James Gavin Erbes - San Jose CA, US

International Classification:

H04L 29/06
H04L 12/24
G06F 8/65

Abstract:

A computational instance may contain a plurality of vulnerable items and a plurality of change requests, wherein at least some of the vulnerable items are assigned to a vulnerability group, the vulnerable items represent hardware or software components that exhibit known vulnerabilities, and the change requests represent additions, removals, or modifications of the hardware or software components. The computational instance may further include one or more computing devices configured to: generate a representation of a first graphical user interface containing data related to the vulnerability group, generate a representation of a second graphical user interface that allows specification of change request options, generate a representation of a third graphical user interface with data entry fields for a corresponding change request that are auto-populated based on the data related to the vulnerability group, and add a corresponding change request to the plurality of change requests.

US Patent:

20200382546, Dec 3, 2020

Filed:

Jun 24, 2019

Appl. No.:

16/450601

Inventors:

- Santa Clara CA, US
Lisa Sherilyn Henderson - San Diego CA, US

International Classification:

H04L 29/06
G06F 17/24

Abstract:

A system may include a server device configured to: receive selected factors and respective weights for each of the selected factors; obtain combinations of selected primary factors that total less than a maximum number of rows; determine a duplication count for the combinations of selected primary factors; and generate, for display on a graphical user interface, data representing a table, where each column of the table represents one of the selected factors, where for columns of the table representing selected primary factors, rows represent each of the combinations of selected primary factors duplicated according to the duplication count, where for columns of the table representing selected secondary factors from the selected factors, rows represent repeated iteration through possible values of the selected secondary factors, and where each row includes a respective risk score based on a weighted average of the respective weights applied to the selected factors represented therein.

US Patent:

20200120128, Apr 16, 2020

Filed:

Oct 8, 2019

Appl. No.:

16/596478

Inventors:

- Santa Clara CA, US
Lisa Henderson - Temecula CA, US
Jose Bernal - San Diego CA, US
Bryan Boyle - San Diego CA, US

International Classification:

H04L 29/06
G06F 21/57

Abstract:

An apparatus and associated method are provided for reducing a security risk in a networked computer system architecture. The method comprises receiving at a security computer external vulnerability data from an external source regarding vulnerabilities associated with an attack vector for configuration item (CI) data related to a (CI) device, of the networked computer system. The security computer accesses a configuration management database (CMDB) and the CI data related to the physical device is read. Trust zone data associated with the CI device is determined utilizing the CMDB, and the security computer performs a vulnerability calculation for the CI device utilizing the external vulnerability data and associated trust zone data. This is also done for a second CI device. The vulnerability calculations for both are compared and this comparison serves as a basis for prioritizing an action to be taken on the CI device or associated other network components.

US Patent:

20190220469, Jul 18, 2019

Filed:

Jan 10, 2019

Appl. No.:

16/244895

Inventors:

- Santa Clara CA, US
Lisa Henderson - Temecula CA, US

International Classification:

G06F 16/28
G06F 16/21
G06F 16/25

Abstract:

A computer-driven system manages databases of flexible storage hierarchy. Computer servers include machine-readable storage containing at least one database, the database comprising multiple data records represented by multiple nodes. Each node has a node type and represents records of a corresponding record type. The nodes are embodied by machine-readable data stored in one or more tables. Multiple client-originated direct links are embodied by data stored in the one or more tables, where each one of the direct links directly connecting a different pair of the nodes. Multiple system-originated calculated links are embodied by data stored in the one or more tables. Each calculated link acts in observance with a rules framework to connect pairs of the nodes that would otherwise be connected only indirectly through one or more intermediate nodes and direct links between said intermediate nodes.

US Patent:

20180219908, Aug 2, 2018

Filed:

Mar 29, 2018

Appl. No.:

15/939645

Inventors:

- Santa Clara CA, US
Lisa Henderson - Temecula CA, US
Jose Bernal - San Diego CA, US
Bryan Boyle - San Diego CA, US

International Classification:

H04L 29/06

Abstract:

An apparatus and associated method are provided for reducing a security risk in a networked computer system architecture. The method comprises receiving at a security computer external vulnerability data from an external source regarding vulnerabilities associated with an attack vector for configuration item (CI) data related to a (CI) device, of the networked computer system. The security computer accesses a configuration management database (CMDB) and the CI data related to the physical device is read. Trust zone data associated with the CI device is determined utilizing the CMDB, and the security computer performs a vulnerability calculation for the CI device utilizing the external vulnerability data and associated trust zone data. This is also done for a second CI device. The vulnerability calculations for both are compared and this comparison serves as a basis for prioritizing an action to be taken on the CI device or associated other network components.