Abstract: Mechanisms are provided for computing device attestation. An attestation request is received, from a requestor computing device, for attestation of a target computing device. The attestation request includes a computing device network address of the target computing device. A first lookup operation of the computing device network address is performed in a domain name service (DNS) server to obtain a device name for the target computing device. A second lookup operation of the device name is performed in the DNS server to obtain a text resource record corresponding to the device name. The text resource record stores attestation information for the target computing device corresponding to the device name. Attestation information is extracted from the text resource record and returned to the requestor computing device to perform attestation of the target computing device.

Abstract: Provided are techniques for generating 3-dimensional (3D) models and connections to provide vulnerability context. For a first vulnerability of a first asset, first vulnerability data comprising first vulnerability attributes is retrieved. A second vulnerability of a second asset is identified based on the second vulnerability having second vulnerability data comprising second vulnerability attributes that include one or more common vulnerability attributes with the first vulnerability attributes. Anchor points for the first vulnerability and the second vulnerability are created based on the one or more common vulnerability attributes. A first 3-dimensional (3D) model is generated for the first vulnerability that incorporates the first vulnerability attributes, and a second 3D model is generated for the second vulnerability that incorporates the second vulnerability attributes. The first 3D model and the second 3D model are displayed with one or more connections based on the anchor points.

Abstract: Mechanisms are provided for identifying vulnerability chains in a computing system. Computer system vulnerability characteristics for a plurality of computer system vulnerabilities from a vulnerability registry are retrieved. For each vulnerability, a threat score is calculated indicating a level of risk of the vulnerability to security of the computing system. Based on the vulnerability characteristics and the threat score, a directed acyclic graph (DAG) data structure is generated having a plurality of vulnerability chains, each vulnerability chain having a plurality of vulnerabilities, represented as nodes of the DAG, linked to each other from a root node to a terminating node. Links of the DAG have weights corresponding to a function of the threat scores of the nodes directly connected by the link. A graphical representation of the DAG is generated that depicts the weights of the links to thereby represent relative threat of the vulnerabilities linked by the links.

Abstract: An embodiment includes invoking a search of vulnerability chain data of a local database using a database query to obtain a search result, where the database query is based on a description string associated with a new vulnerability, and where the search result comprises a plurality of linked vulnerabilities that collectively form a vulnerability chain. The embodiment also includes identifying a vulnerability characteristic of a linked vulnerability of the plurality of linked vulnerabilities in the vulnerability chain. The embodiment also includes generating, as a new vulnerability chain, a modified version of the vulnerability chain by appending the new vulnerability to the vulnerability chain. The embodiment also includes assigning an updated vulnerability score to the new vulnerability based at least in part on the identified vulnerability characteristic of the linked vulnerability.

Abstract: Using a system risk evaluation model, system data is evaluated, the evaluating identifying a system risk, the system risk comprising a risk associated with a system of an organization being audited, the system risk evaluation model computing a system risk score using a first plurality of weights assigned to data attributes of the system data. Using a role risk evaluation model, role data is evaluated, the evaluating identifying a role risk, the role risk comprising a risk associated with a role in the organization being audited, the role risk evaluation model comprising computing a role risk score using a second plurality of weights assigned to data attributes of the role data. Using an audit repository, an audit customized to the system risk and the role risk is generated. Using a result of the audit, a configuration of the system is caused to be adjusted.