Patents by Inventor Steven Ocepek
Steven Ocepek has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240114046Abstract: One or more systems, devices, computer program products and/or computer-implemented methods provided herein relate to prioritization of attack techniques and cyber security events. According to an embodiment, an attack prioritization engine can receive security events, train an artificial intelligence model to rank respective cyber security events as a function of risk, and output a prioritization of security events to address. A mapping component can map asset vulnerabilities to attack techniques. A calculation component can calculate and aggregate scores for respective attack techniques. An attack surface component can extract features from the aggregation of scores to rank attack techniques and determine an attack surface. The mapping component can further map security events to the attack techniques.Type: ApplicationFiled: October 4, 2022Publication date: April 4, 2024Inventors: Constantin Mircea Adam, Muhammed Fatih Bulut, Steven Ocepek
-
Patent number: 11924239Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.Type: GrantFiled: October 23, 2020Date of Patent: March 5, 2024Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Lilian Mathias Ngweta, Steven Ocepek, Constantin Mircea Adam, Sai Zeng, Muhammed Fatih Bulut, Milton H. Hernandez
-
Publication number: 20230214495Abstract: A computer-implemented method for prioritizing exclusion renewal records is disclosed. The computer-implemented method includes determining vulnerability factors associated with a vulnerability exclusion record. The computer-implemented method further includes generating a vulnerability factor score for each vulnerability factor associated with the vulnerability exclusion record based, at least in part, on a level of risk associated with the vulnerability factor. The computer-implemented method further includes generating a vulnerability score for the vulnerability exclusion record based, at least in part, on the vulnerability factor score for each vulnerability factor. The computer-implemented method further includes updating a previous vulnerability score of the vulnerability exclusion record.Type: ApplicationFiled: January 4, 2022Publication date: July 6, 2023Inventors: Johnny Al Shaieb, Michael Redford, Jason A. Nikolai, Jason Bornheimer, Steven Ocepek, Robert Maier, Christopher Bedell, Seth Grey Glasgow
-
Publication number: 20230177169Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.Type: ApplicationFiled: December 8, 2021Publication date: June 8, 2023Inventors: Muhammed Fatih Bulut, Abdulhamid Adebowale Adebayo, Lilian Mathias Ngweta, Ting Dai, Constantin Mircea Adam, Daby Mousse Sow, Steven Ocepek
-
Patent number: 11621975Abstract: Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.Type: GrantFiled: April 27, 2021Date of Patent: April 4, 2023Assignee: International Business Machines CorporationInventors: Steven Ocepek, Nevenko Zunic, Tamer Aboualy, Johnny A. Shaieb
-
Publication number: 20220129560Abstract: Systems and techniques that facilitate automated health-check risk assessment of computing assets are provided. In various embodiments, a system can comprise a baseline component that can generate a baseline health-check risk score that corresponds to non-compliance of a computing asset with a stipulated control. In various aspects, the system can further comprise an adjustment component that can adjust the baseline health-check risk score based on a weakness factor of the stipulated control. In some cases, the weakness factor can be based on a magnitude by which a state of the computing asset deviates from the stipulated control. In various embodiments, the adjustment component can further adjust the baseline health-check risk score based on an environmental factor of the computing asset. In various cases, the environmental factor can be based on security mechanisms or security protocols associated with the computing asset.Type: ApplicationFiled: October 23, 2020Publication date: April 28, 2022Inventors: Muhammed Fatih Bulut, Milton H. Hernandez, Robert Filepp, Sai Zeng, Steven Ocepek, Srinivas Babu Tummalapenta, Daniel S. Riley
-
Publication number: 20220131887Abstract: Systems, computer-implemented methods, and computer program products that facilitate vulnerability and attack technique association are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique. The computer executable components can further comprise an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource.Type: ApplicationFiled: October 23, 2020Publication date: April 28, 2022Inventors: Lilian Mathias Ngweta, Steven Ocepek, Constantin Mircea Adam, Sai Zeng, Muhammed Fatih Bulut, Milton H. Hernandez
-
Publication number: 20210273968Abstract: The subject matter herein provides an automated system and method for software patch management that ranks patches at least in part according to a score indicative of a complexity (e.g., cost) of remediating a vulnerability. This score is sometimes referred to herein as a vulnerability remediation complexity (VRC) score. A VRC score provides an objective measure by which an organization can determine which patches are most likely to be successfully applied, thus enabling implementation of a patching strategy that preferentially applies most critical, but less impact (in terms of remediation cost) patches first to remediate as must risk as possible as quickly as possible. Thus, for example, the approach herein enables the patching to focus on vulnerabilities of highest severity and small remediation cost over those, for example, representing lower severity and higher remediation cost.Type: ApplicationFiled: February 27, 2020Publication date: September 2, 2021Applicant: International Business Machines CorporationInventors: Johnny Al Shaieb, Jason A. Nikolai, Michael Redford, Steven Ocepek, Jason Bornheimer, Robert Maier
-
Publication number: 20210250371Abstract: Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.Type: ApplicationFiled: April 27, 2021Publication date: August 12, 2021Inventors: Steven Ocepek, Nevenko Zunic, Tamer Aboualy, Johnny A. Shaieb
-
Patent number: 11057418Abstract: Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.Type: GrantFiled: October 15, 2018Date of Patent: July 6, 2021Assignee: International Business Machines CorporationInventors: Steven Ocepek, Nevenko Zunic, Tamer Aboualy, Johnny A. Shaieb
-
Patent number: 11048803Abstract: A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.Type: GrantFiled: May 8, 2019Date of Patent: June 29, 2021Assignee: International Business Machines CorporationInventors: Jason A. Nikolai, Steven Ocepek, Johnny Al Shaieb
-
Publication number: 20200356674Abstract: A method, apparatus, system, and computer program product for operating a portable security testing device. The portable security testing device is configured by computer system with an operating system and a starting set of security testing tools. A selected set of the security testing tools is determined by the computer system for the portable security testing device based on information collected about a target by the portable security testing device. The starting set of the security testing tools in the portable security testing device is changed by the computer system to form a current set of the security testing tools in response to the starting set of the security testing tools being different from the selected set of the security testing tools, wherein the current set of the security testing tools operate to perform security tests on the target.Type: ApplicationFiled: May 8, 2019Publication date: November 12, 2020Inventors: Jason A. Nikolai, Steven Ocepek, Johnny Al Shaieb
-
Publication number: 20200120126Abstract: Prioritizing vulnerability scan results is provided. Vulnerability scan results data corresponding to a network of data processing systems are received from a vulnerability scanner. The vulnerability scan results data are parsed to group the vulnerability scan results data by vulnerability identifiers. A corresponding security threat information identifier is associated with each vulnerability identifier. A correlation of each associated security threat information identifier is performed with a set of current vulnerability exploit data that corresponds to that particular security threat information identifier. Current security threat information that affects host data processing systems in the network is determined based on the correlation between each associated security threat information identifier and its corresponding set of current vulnerability exploit data. The current security threat information is prioritized based on a number of corresponding current vulnerability exploit attacks.Type: ApplicationFiled: October 15, 2018Publication date: April 16, 2020Inventors: Steven Ocepek, Nevenko Zunic, Tamer Aboualy, Johnny A. Shaieb
-
Publication number: 20070008942Abstract: The present invention includes a method and apparatus for controlling data link layer access to protected servers on a computer network by a client device. Address resolution requests broadcast on the network by the client device seeking access to any network device are received and then processed to determine whether the client device is unknown. If the client device is unknown, restriction address resolution replies are transmitted to the protected devices to restrict access by the client device to the protected devices and allow access to an authentication server. The authentication server is monitored to determine if the client device is authorized or unauthorized by the authentication server. If the client device is authorized, access is allowed to the protected devices. If the client device is unauthorized, blocking address resolution replies are transmitted on the computer network to block access by the client device to all other network devices.Type: ApplicationFiled: May 31, 2006Publication date: January 11, 2007Inventors: Steven Ocepek, Brian Lauer, David Dziadziola