Computer program product and apparatus for multi-path remediation
DCFirst Claim
1. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
- receive first vulnerability information from at least one first data storage that is generated utilizing second vulnerability information from at least one second data storage that is used to identify a plurality of potential vulnerabilities;
said first vulnerability information generated utilizing the second vulnerability information, by;
identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, anddetermining that the plurality of devices is vulnerable to at least one accurately identified vulnerability based on the identified at least one configuration, utilizing the second vulnerability information that is used to identify the plurality of potential vulnerabilities;
identify an occurrence in connection with at least one of the plurality of devices, utilizing one or more network monitors;
based on a packet analysis, determine that the at least one accurately identified vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence identified in connection with the at least one of the plurality of devices, utilizing the first vulnerability information; and
allow selective utilization of different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and an intrusion prevention system-based occurrence mitigation type, across the plurality of devices for occurrence mitigation by preventing advantage being taken of accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices;
wherein the at least one configuration involves at least one operating system.
0 Assignments
Litigations
3 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.
19 Citations
70 Claims
-
1. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
-
receive first vulnerability information from at least one first data storage that is generated utilizing second vulnerability information from at least one second data storage that is used to identify a plurality of potential vulnerabilities; said first vulnerability information generated utilizing the second vulnerability information, by; identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, and determining that the plurality of devices is vulnerable to at least one accurately identified vulnerability based on the identified at least one configuration, utilizing the second vulnerability information that is used to identify the plurality of potential vulnerabilities; identify an occurrence in connection with at least one of the plurality of devices, utilizing one or more network monitors; based on a packet analysis, determine that the at least one accurately identified vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence identified in connection with the at least one of the plurality of devices, utilizing the first vulnerability information; and allow selective utilization of different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and an intrusion prevention system-based occurrence mitigation type, across the plurality of devices for occurrence mitigation by preventing advantage being taken of accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices; wherein the at least one configuration involves at least one operating system. - View Dependent Claims (2, 3, 4, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
2. The non-transitory computer-readable media of claim 1, wherein the instructions are configured for providing at least two options via a user interface including a firewall-type option for preventing at least one occurrence packet, and an intrusion prevention-type option for preventing a connection request;
- the instructions are configured such that, in response to user input received prior to receipt of the at least one occurrence packet, the firewall-type option is applied to the plurality of devices by sending a first signal over at least one network to at least one first component with firewall-type functionality such that the at least one occurrence packet is prevented across the plurality of devices; and
the instructions are configured such that, in response to additional user input after the receipt of the at least one occurrence packet in connection with a particular single device of the plurality of devices, the intrusion prevention-type option is applied to the particular single device by sending a second signal over the at least one network to at least one second component with intrusion prevention-type functionality such that the connection request is prevented at the particular single device.
- the instructions are configured such that, in response to user input received prior to receipt of the at least one occurrence packet, the firewall-type option is applied to the plurality of devices by sending a first signal over at least one network to at least one first component with firewall-type functionality such that the at least one occurrence packet is prevented across the plurality of devices; and
-
3. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that at least two options are provided including a firewall-type option, and an intrusion prevention-type option for preventing a connection request;
- the instructions are configured such that, in response to user input prior to receipt of at least one occurrence packet, the intrusion prevention-type option is applied to the plurality of devices for preventing the connection request across the plurality of devices after the receipt of the at least one occurrence packet; and
the instructions are configured such that, in response to user input after the receipt of the at least one occurrence packet in connection with a particular single device of the plurality of devices, the firewall-type option is applied to the particular single device.
- the instructions are configured such that, in response to user input prior to receipt of at least one occurrence packet, the intrusion prevention-type option is applied to the plurality of devices for preventing the connection request across the plurality of devices after the receipt of the at least one occurrence packet; and
-
4. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that the at least one accurately identified vulnerability is determined as a function of the at least one operating system, so that, in order to avoid false positives, only relevant vulnerabilities prompt user selection among the different occurrence mitigation actions of the diverse occurrence mitigation types in connection therewith.
-
18. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that which of the different occurrence mitigation actions for which one or more options are provided to a user, is based on one or more of the actual vulnerabilities to which the plurality of devices is actually vulnerable so that only relevant occurrence mitigation actions are available for selection by the user.
-
19. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that the at least one accurately identified vulnerability is determined as a function of the at least one operating system and at least one some of the different occurrence mitigation actions are specific to the at least one accurately identified vulnerability.
-
20. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that different user input is allowed to be received prior to the occurrence for different devices, for allowing completion of the different occurrence mitigation actions, in a manner that the different user input results in:
- only a first occurrence mitigation action of the firewall-based occurrence mitigation type being user-selectively completed at the first device in response to the occurrence, only a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being user-selectively completed at the second device in response to the occurrence, and both the first occurrence mitigation action and the second occurrence mitigation action being user-selectively completed at the third device in response to the occurrence.
-
21. The non-transitory computer-readable media of claim 20, wherein the instructions are configured such that additional user input is permitted to be received after a reporting of the occurrence, for causing completion of the different occurrence mitigation actions, in a manner that the additional user input results in:
- the first occurrence mitigation action of the firewall-based occurrence mitigation type being supplemented by the second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type at the first device.
-
22. The non-transitory computer-readable media of claim 20, wherein the instructions are configured such that additional user input is permitted to be received after a reporting of the occurrence, for prompting a rollback of one or more of the different occurrence mitigation actions, in a manner that the additional user input results in:
- the second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being rolled back at the third device.
-
23. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that one or more options are provided to a user so that the user is permitted to select each of the different occurrence mitigation actions of the diverse occurrence mitigation types in connection with the at least one accurately identified vulnerability which includes a single actual vulnerability, such that both of the different occurrence mitigation actions are associated with the single actual vulnerability.
-
24. The non-transitory computer-readable media of claim 1, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
determine the occurrence to have a first severity if it is determined that the at least one accurately identified vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence; determine the occurrence to have a second severity if it determined that the at least one accurately identified vulnerability of the at least one of the plurality of devices is not susceptible to being taken advantage of by the occurrence; and report the occurrence differently based on whether the occurrence is determined to have the first severity or the second severity.
-
-
25. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that the different occurrence mitigation actions of the diverse occurrence mitigation types include:
- a first occurrence mitigation action of the firewall-based occurrence mitigation type including at least one of setting a configuration option, setting of a policy, or an installation of a patch; and
a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type including at least one of setting the configuration option, the setting of the policy, or the installation of the patch that is different than that included in connection with the first occurrence mitigation action.
- a first occurrence mitigation action of the firewall-based occurrence mitigation type including at least one of setting a configuration option, setting of a policy, or an installation of a patch; and
-
26. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that multiple options for selecting the different occurrence mitigation actions are displayed via an intrusion prevention system interface of an intrusion prevention system that is supported by a single client agent that supports at least one aspect of the identifying the occurrence, at least one aspect of automatically completing a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type in response to a selection of a first one of the multiple options, and at least one aspect of automatically completing a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type in response to a selection of a second one of the multiple options.
-
27. The non-transitory computer-readable media of claim 1, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
display at least two options for selecting the different occurrence mitigation actions, utilizing at least one user interface; receive a first user input selecting a first one of the options, utilizing the at least one user interface; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input selecting a second one of the options, utilizing the at least one user interface; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type.
-
-
28. The non-transitory computer-readable media of claim 27, wherein the instructions are configured such that the automatic application of the first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type includes sending a first signal to at least one component with firewall functionality;
- and the automatic application of the second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type includes sending a second signal to at least one component with intrusion prevention system functionality.
-
29. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that the different occurrence mitigation actions of the diverse occurrence mitigation types are automatically applied to different occurrences with different severities in real-time in response to the identification of the different occurrences based on a user selection of one or more options for selecting among the different occurrence mitigation actions before the identification of the different occurrences.
-
30. The non-transitory computer-readable media of claim 1, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
based on user input, automatically block the occurrence, to prevent an attack from taking advantage of the at least one accurately identified vulnerability while there is no installation of a patch that removes the at least one accurately identified vulnerability.
-
31. The non-transitory computer-readable media of claim 1, wherein the identifying the occurrence is accomplished by:
- identifying at least one first occurrence packet of a first occurrence directed to the first device, and identifying at least one second occurrence packet of a second occurrence directed to the second device;
the determining that the at least one accurately identified vulnerability of the at least one of the plurality of devices is susceptible is accomplished by;
identifying at least one aspect of the at least one first occurrence packet and utilizing the at least one aspect of the at least one first occurrence packet to determine whether a first actual vulnerability of the first device identified by the first vulnerability information is configured so as to be taken advantage of by the at least one first occurrence packet, and identifying at least one aspect of the at least one second occurrence packet and utilizing the at least one aspect of the at least one second occurrence packet to determine whether a second actual vulnerability of the second device identified by the first vulnerability information is configured so as to be taken advantage of by the at least one second occurrence packet; and
the allowing the selective utilization of the different occurrence mitigation actions includes sending one or more control signals in response to receiving user input via a graphical user interface;
wherein the instructions are configured such that, based on the user input, a first occurrence mitigation action of the different occurrence mitigation actions of the firewall-based occurrence mitigation type is completed by sending a first signal over at least one network to a first component with a firewall type functionality and preventing the first occurrence including the at least one first occurrence packet from taking advantage of the first actual vulnerability in connection with the first device; and
wherein the instructions are configured such that a second occurrence mitigation action of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type is completed by sending a second signal to a second component with an intrusion prevention system type functionality and preventing the second occurrence including the at least one second occurrence packet, in automatic response thereto, from taking advantage of the second actual vulnerability in connection with the second device.
- identifying at least one first occurrence packet of a first occurrence directed to the first device, and identifying at least one second occurrence packet of a second occurrence directed to the second device;
-
32. The non-transitory computer-readable media of claim 31, wherein the instructions are configured such that at least one of:
-
said at least one first data storage includes at least one first database; said at least one second data storage includes at least one second database; said second vulnerability information is received from the at least one second data storage by at least one of; receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said first vulnerability information is generated via a vulnerability scan operation; said first device, said second device, and said third device are part of the same group; said at least one configuration includes at least one of configuration data, configuration information, or a configuration status; said at least one configuration includes at least one of a configuration option, a policy setting, or a patch; said at least one configuration is identified via user input in connection with at least one setting; said occurrence mitigation by preventing advantage being taken includes at least one of removing the at least one accurately identified vulnerability, or reducing an effect of any occurrence that takes advantage of the at least one accurately identified vulnerability; said firewall-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said intrusion prevention system-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing intrusion prevention system functionality, or a type that mitigates the occurrence utilizing an intrusion prevention system;said different occurrence mitigation actions of the diverse occurrence mitigation types are selectively utilized across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one accurately identified vulnerability after the occurrence; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one accurately identified vulnerability in connection with at least one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first actual vulnerability and utilizing a second one of the different occurrence mitigation actions for a second actual vulnerability; said at least one accurately identified vulnerability includes the at least one operating system; said actual vulnerabilities include the at least one accurately identified vulnerability; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one accurately identified vulnerability which includes the at least one operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the at least one operating system; one or more of said different occurrence mitigation actions is caused after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; one or more of said different occurrence mitigation actions is caused before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; said different occurrence mitigation actions include different remediation actions; said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions; said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack; said at least one aspect of the at least one first occurrence packet involves at least one of a payload thereof or an IP address; said at least one aspect of the at least one first occurrence packet is utilized to determine whether the first actual vulnerability of the first device identified by the first vulnerability information is configured so as to be taken advantage of by the at least one first occurrence packet, by utilizing the at least one aspect in connection with at least one of a cross-referencing operation or a look-up operation; said user input includes separate user input for selecting the first occurrence mitigation action and the second occurrence mitigation action; said first signal and the second signal include at least one of response signals, or signals sent in response to a query signal; said first component with the firewall type functionality includes at least one of a firewall, a gateway with the firewall type functionality, a router with the firewall type functionality, a sensor with the firewall type functionality, or a multiple-security product system with the firewall type functionality; said second component with the intrusion prevention system type functionality includes at least one of an intrusion prevention system, an intrusion detection system with the intrusion prevention system type functionality, a gateway with the intrusion prevention system type functionality, a router with the intrusion prevention system type functionality, a sensor with the intrusion prevention system type functionality, or a multiple-security product system with the intrusion prevention system type functionality; said preventing includes at least one of rejecting a request, disallowing an attempt, dropping at least one packet, blocking a potential attack, redirecting a request, setting a policy, affecting a service, changing a configuration option, or installing a patch;
orsaid automatic response includes a real-time response.
-
-
33. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that each of:
-
said at least one first data storage includes at least one first database; said at least one second data storage includes at least one second database; said second vulnerability information is received from the at least one second data storage by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said first vulnerability information is generated via a vulnerability scan operation; said first vulnerability information identifies at least one actual vulnerability; said first vulnerability information includes at least one of a vulnerability identifier or information associated with one or more of the actual vulnerabilities; said first device, said second device, and said third device are part of the same group; said at least one configuration includes at least one of configuration data, configuration information, or a configuration status; said at least one configuration includes at least one of a configuration option, a policy setting, or a patch; said at least one configuration is utilized for identifying the at least one operating system or an application; said at least one configuration is identified utilizing information regarding the at least one operating system or an application; said at least one configuration is identified via user input in connection with at least one setting; said occurrence mitigation includes at least one of removing the at least one accurately identified vulnerability, or reducing an effect of any occurrence that takes advantage of the at least one accurately identified vulnerability; said firewall-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said intrusion prevention system-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing intrusion prevention system functionality, or a type that mitigates the occurrence utilizing an intrusion prevention system;said different occurrence mitigation actions of the diverse occurrence mitigation types are selectively utilized across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one accurately identified vulnerability after the occurrence; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one accurately identified vulnerability in connection with at least one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first actual vulnerability and utilizing a second one of the different occurrence mitigation actions for a second actual vulnerability; said at least one actual vulnerability is the at least one operating system; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one accurately identified vulnerability which is the at least one operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the at least one operating system; one or more of said different occurrence mitigation actions is caused after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; one or more of said different occurrence mitigation actions is caused before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; said different occurrence mitigation actions include different remediation actions; said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions; said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack; said at least one actual vulnerability includes at least one of the potential vulnerabilities to which the plurality of devices is determined to be actually vulnerable based on the identified at least one configuration; said at least one configuration includes at least one of;
service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of the at least one operating system, identification of a software version, or identification of software;said determining that the plurality of devices is actually vulnerable to the at least one accurately identified vulnerability includes at least one of;
matching the identified at least one configuration with a guideline associated with at least one update, or cross-referencing an identifier with the identified at least one configuration;said non-transitory computer-readable media includes a single non-transitory computer readable medium; one or more of said different occurrence mitigation actions, after a user selection, is automatically applied at a later time; one or more of said different occurrence mitigation actions puts a policy in place for being utilized at a later time; one or more of said different occurrence mitigation actions, after an automatic application thereof, is utilized at a later time for the occurrence mitigation; one of said different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type utilizes an intrusion prevention system to deploy a patch; one of said different occurrence mitigation actions of the firewall-based occurrence mitigation type utilizes a firewall to deploy a patch utilizing an update component; and wherein the instructions are configured for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation, and wherein the instructions are configured for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.
-
-
34. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that which of the different occurrence mitigation actions for which selective utilization is caused, is based on one or more of the actual vulnerabilities to which the plurality of devices is actually vulnerable so that utilization of only relevant occurrence mitigation actions is caused.
-
35. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively caused for different devices prior to the occurrence.
-
36. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively caused for different devices prior to the occurrence, resulting in:
- the utilization of only a first occurrence mitigation action of the firewall-based occurrence mitigation type being selectively caused at the first device in response to the occurrence, the utilization of only a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being selectively caused at the second device in response to the occurrence, and the utilization of both the first occurrence mitigation action and the second occurrence mitigation action being selectively caused at the third device in response to the occurrence.
-
37. The non-transitory computer-readable media of claim 1, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
receive a first user input; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type.
-
-
38. The non-transitory computer-readable media of claim 1, wherein the instructions are configured such that each of:
-
said at least one first data storage includes at least one first database; said at least one second data storage includes at least one second database; said second vulnerability information is received from the at least one second data storage by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said second vulnerability information includes actual vulnerability information; said second vulnerability information includes potential vulnerability information; said first vulnerability information is generated via a vulnerability scan operation; said first vulnerability information identifies at least one accurately identified vulnerability; said first vulnerability information includes at least one of a vulnerability identifier or information associated with one or more of the accurately identified vulnerabilities; said first vulnerability information includes potential vulnerability information; said first device, said second device, and said third device are part of the same group; said at least one configuration includes at least one of configuration data, configuration information, or a configuration status; said at least one configuration includes at least one of a configuration option, a policy setting, or a patch; said at least one configuration is utilized for identifying the at least one operating system or an application; said at least one configuration is identified utilizing information regarding the at least one operating system or an application; said at least one configuration is identified via user input in connection with at least one setting; said occurrence mitigation includes at least one of removing the at least one accurately identified vulnerability, or reducing an effect of any occurrence that takes advantage of the at least one accurately identified vulnerability; said firewall-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said intrusion prevention system-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing intrusion prevention system functionality, or a type that mitigates the occurrence utilizing an intrusion prevention system;said different occurrence mitigation actions of the diverse occurrence mitigation types are selectively utilized across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one accurately identified vulnerability after the occurrence; said preventing advantage being taken of the accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices; said preventing advantage being taken of the accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices; said preventing advantage being taken of the accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one accurately identified vulnerability in connection with at least one of the plurality of devices; said preventing advantage being taken of the accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first accurately identified vulnerability and utilizing a second one of the different occurrence mitigation actions for a second accurately identified vulnerability; said at least one accurately identified vulnerability is the at least one operating system; said preventing advantage being taken of the accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one accurately identified vulnerability which is the at least one operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the at least one operating system; one or more of said different occurrence mitigation actions is caused after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; one or more of said different occurrence mitigation actions is caused before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; said different occurrence mitigation actions include different remediation actions; said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions; said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack; said at least one accurately identified vulnerability includes at least one of the potential vulnerabilities to which the plurality of devices is determined to be actually vulnerable based on the identified at least one configuration; said at least one configuration includes at least one of;
service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of the at least one operating system, identification of a software version, or identification of software;said determining that the plurality of devices is accurately identified as being vulnerable to the at least one accurately identified vulnerability includes at least one of;
matching the identified at least one configuration with a guideline associated with at least one update, or cross-referencing an identifier with the identified at least one configuration;said non-transitory computer-readable media includes a single non-transitory computer readable medium; one or more of said different occurrence mitigation actions, after a user selection, is automatically applied at a later time; one or more of said different occurrence mitigation actions puts a policy in place for being utilized at a later time; one or more of said different occurrence mitigation actions, after an automatic application thereof, is utilized at a later time for the occurrence mitigation; one of said different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type utilizes an intrusion prevention system to deploy a patch; one of said different occurrence mitigation actions of the firewall-based occurrence mitigation type utilizes a firewall to deploy a patch utilizing an update component; and wherein the instructions are configured for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation, and wherein the instructions are configured for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.
-
-
2. The non-transitory computer-readable media of claim 1, wherein the instructions are configured for providing at least two options via a user interface including a firewall-type option for preventing at least one occurrence packet, and an intrusion prevention-type option for preventing a connection request;
-
-
5. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
-
receive first vulnerability information from at least one first data storage that is generated utilizing second vulnerability information from at least one second data storage that is used to identify a plurality of potential vulnerabilities; said first vulnerability information generated utilizing the second vulnerability information, by; identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, and determining that the plurality of devices is vulnerable to at least one accurately identified vulnerability based on the identified at least one configuration, utilizing the second vulnerability information that is used to identify the plurality of potential vulnerabilities; identify an occurrence in connection with at least one of the plurality of devices, utilizing one or more monitors; based on a packet analysis, determine that the at least one accurately identified vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence identified in connection with the at least one of the plurality of devices, utilizing the first vulnerability information; and permit selective utilization of different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and an intrusion prevention system-based occurrence mitigation type, across the plurality of devices for occurrence mitigation by preventing advantage being taken of accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices; wherein the at least one configuration involves at least one operating system. - View Dependent Claims (6, 7, 8, 9, 17)
-
6. The non-transitory computer-readable media of claim 5, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively permitted for different devices prior to the occurrence, resulting in:
- the utilization of only a first occurrence mitigation action of the firewall-based occurrence mitigation type being selectively permitted at the first device in response to the occurrence, the utilization of only a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being selectively permitted at the second device in response to the occurrence, and the utilization of both the first occurrence mitigation action and the second occurrence mitigation action being selectively permitted at the third device in response to the occurrence.
-
7. The non-transitory computer-readable media of claim 5, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
receive a first user input; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type.
-
-
8. The non-transitory computer-readable media of claim 5, wherein the instructions are configured such that different user input is permitted to be received prior to the occurrence for different devices, for allowing completion of the different occurrence mitigation actions, in a manner that the different user input results in:
- only a first occurrence mitigation action of the firewall-based occurrence mitigation type being user-selectively completed at the first device in response to the occurrence, only a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being user-selectively completed at the second device in response to the occurrence, and both the first occurrence mitigation action and the second occurrence mitigation action being user-selectively completed at the third device in response to the occurrence.
-
9. The non-transitory computer-readable media of claim 5, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
display at least two options for selecting the different occurrence mitigation actions, utilizing at least one user interface; receive a first user input selecting a first one of the options, utilizing the at least one user interface; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input selecting a second one of the options, utilizing the at least one user interface; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type.
-
-
17. The non-transitory computer-readable media of claim 5, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively permitted for different devices prior to the occurrence.
-
6. The non-transitory computer-readable media of claim 5, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively permitted for different devices prior to the occurrence, resulting in:
-
-
10. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
-
receive first vulnerability information from at least one first data storage that is generated utilizing second vulnerability information from at least one second data storage that is used to identify a plurality of potential vulnerabilities; said first vulnerability information generated utilizing the second vulnerability information, by; identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, and determining that the plurality of devices is vulnerable to at least one accurately identified vulnerability based on the identified at least one configuration, utilizing the second vulnerability information that is used to identify the plurality of potential vulnerabilities; display information that is based on the first vulnerability information; cause utilization of different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and an intrusion mitigation system-based occurrence mitigation type, across the plurality of devices for occurrence mitigation by preventing advantage being taken of accurately identified vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices; and receive an indication that an occurrence has been identified in connection with at least one of the plurality of devices utilizing one or more monitors; wherein the at least one configuration involves at least one operating system. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
11. The non-transitory computer-readable media of claim 10, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is caused for different devices prior to the occurrence.
-
12. The non-transitory computer-readable media of claim 10, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is caused for different devices prior to the occurrence, resulting in:
- the utilization of only a first occurrence mitigation action of the firewall-based occurrence mitigation type being caused at the first device in response to the occurrence, the utilization of only a second occurrence mitigation action of the intrusion mitigation system-based occurrence mitigation type being caused at the second device in response to the occurrence, and the utilization of both the first occurrence mitigation action and the second occurrence mitigation action being caused at the third device in response to the occurrence.
-
13. The non-transitory computer-readable media of claim 10, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
receive a first user input; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the intrusion mitigation system-based occurrence mitigation type.
-
-
14. The non-transitory computer-readable media of claim 10, wherein the instructions are configured such that different user input is permitted to be received prior to the occurrence for different devices, for allowing completion of the different occurrence mitigation actions, in a manner that the different user input results in:
- only a first occurrence mitigation action of the firewall-based occurrence mitigation type being user-completed at the first device in response to the occurrence, only a second occurrence mitigation action of the intrusion mitigation system-based occurrence mitigation type being completed at the second device in response to the occurrence, and both the first occurrence mitigation action and the second occurrence mitigation action being completed at the third device in response to the occurrence.
-
15. The non-transitory computer-readable media of claim 10, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
display at least two options for selecting the different occurrence mitigation actions, utilizing at least one user interface; receive a first user input selecting a first one of the options, utilizing the at least one user interface; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input selecting a second one of the options, utilizing the at least one user interface; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the intrusion mitigation system-based occurrence mitigation type.
-
-
16. The non-transitory computer-readable media of claim 10, wherein the intrusion mitigation system-based occurrence mitigation type includes at least one of an intrusion prevention system-based occurrence mitigation type or an intrusion detection system-based occurrence mitigation type, and the information includes a recommendation.
-
11. The non-transitory computer-readable media of claim 10, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is caused for different devices prior to the occurrence.
-
-
39. A non-transitory computer-readable media storing instructions that, when executed by one or more processors, cause the one or more processors to:
-
receive first vulnerability information from at least one first data storage that is generated utilizing second vulnerability information from at least one second data storage that is used to identify a plurality of potential vulnerabilities, by including; at least one first potential vulnerability, and at least one second potential vulnerability; said first vulnerability information generated utilizing the second vulnerability information, by; identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, and determining that the plurality of devices is actually vulnerable to at least one actual vulnerability based on the identified at least one configuration, utilizing the second vulnerability information that is used to identify the plurality of potential vulnerabilities; identify an occurrence in connection with at least one of the plurality of devices, utilizing one or more monitors; based on a packet analysis, determine that the at least one actual vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence identified in connection with the at least one of the plurality of devices, utilizing the first vulnerability information; and permit selective utilization of different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and a other occurrence mitigation type, across the plurality of devices for occurrence mitigation by preventing advantage being taken of actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices; wherein the at least one configuration involves at least one operating system. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
40. The non-transitory computer-readable media of claim 39, wherein the instructions are configured for providing at least two options via a user interface including a firewall-type option for preventing at least one occurrence packet, and another option;
- the instructions are configured such that, in response to user input received prior to receipt of the at least one occurrence packet, the firewall-type option is applied to the plurality of devices by sending a first signal over at least one network to at least one first component with firewall-type functionality such that the at least one occurrence packet is prevented across the plurality of devices; and
the instructions are configured such that, in response to additional user input after the receipt of the at least one occurrence packet in connection with a particular single device of the plurality of devices, the other option is applied to the particular single device by sending a second signal over the at least one network to at least one second component with other functionality.
- the instructions are configured such that, in response to user input received prior to receipt of the at least one occurrence packet, the firewall-type option is applied to the plurality of devices by sending a first signal over at least one network to at least one first component with firewall-type functionality such that the at least one occurrence packet is prevented across the plurality of devices; and
-
41. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that at least two options are provided including a firewall-type option associated with the firewall-based occurrence mitigation type, and an other option associated with the other occurrence mitigation type;
- the instructions are configured such that, in response to user input prior to receipt of at least one occurrence packet, the other option is applied to the plurality of devices; and
the instructions are configured such that, in response to user input after the receipt of the at least one occurrence packet in connection with a particular single device of the plurality of devices, the firewall-type option is applied to the particular single device.
- the instructions are configured such that, in response to user input prior to receipt of at least one occurrence packet, the other option is applied to the plurality of devices; and
-
42. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that the at least one actual vulnerability is determined as a function of the at least one operating system, so that, in order to avoid false positives, only relevant vulnerabilities prompt user selection among the different occurrence mitigation actions of the diverse occurrence mitigation types in connection therewith.
-
43. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that which of the different occurrence mitigation actions for which one or more options are provided to a user, is based on one or more of the actual vulnerabilities to which the plurality of devices is actually vulnerable so that only relevant occurrence mitigation actions are available for selection by the user.
-
44. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that the at least one actual vulnerability is determined as a function of the at least one operating system and at least one some of the different occurrence mitigation actions are specific to the at least one actual vulnerability.
-
45. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that different user input is permitted to be received prior to the occurrence for different devices, for allowing completion of the different occurrence mitigation actions, in a manner that the different user input results in:
- only a first occurrence mitigation action of the firewall-based occurrence mitigation type being user-selectively completed at the first device in response to the occurrence, only a second occurrence mitigation action of the other occurrence mitigation type being user-selectively completed at the second device in response to the occurrence, and both the first occurrence mitigation action and the second occurrence mitigation action being user-selectively completed at the third device in response to the occurrence.
-
46. The non-transitory computer-readable media of claim 45, wherein the instructions are configured such that additional user input is permitted to be received after a reporting of the occurrence, for causing completion of the different occurrence mitigation actions, in a manner that the additional user input results in:
- the first occurrence mitigation action of the firewall-based occurrence mitigation type being supplemented by the second occurrence mitigation action of the other occurrence mitigation type at the first device.
-
47. The non-transitory computer-readable media of claim 45, wherein the instructions are configured such that additional user input is permitted to be received after a reporting of the occurrence, for prompting a rollback of one or more of the different occurrence mitigation actions, in a manner that the additional user input results in:
- the second occurrence mitigation action of the other occurrence mitigation type being rolled back at the third device.
-
48. The non-transitory computer-readable media of claim 45, wherein the instructions are configured such that additional user input is permitted to be received after a reporting of the occurrence, for causing completion of the different occurrence mitigation actions, in a manner that the additional user input results in:
- the second occurrence mitigation action of the other occurrence mitigation type being supplemented by the first occurrence mitigation action of the firewall-based occurrence mitigation type.
-
49. The non-transitory computer-readable media of claim 45, wherein the instructions are configured such that additional user input is permitted to be received after a reporting of the occurrence, for prompting a rollback of one or more of the different occurrence mitigation actions, in a manner that the additional user input results in:
- the first occurrence mitigation action of the firewall-based occurrence mitigation type being rolled back at the third device.
-
50. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that the different occurrence mitigation actions of the diverse occurrence mitigation types include:
- a first occurrence mitigation action of the firewall-based occurrence mitigation type including at least one of setting a configuration option, setting of a policy, or an installation of a patch; and
a second occurrence mitigation action of the other occurrence mitigation type including at least one of setting the configuration option, the setting of the policy, or the installation of the patch that is different than that included in connection with the first occurrence mitigation action.
- a first occurrence mitigation action of the firewall-based occurrence mitigation type including at least one of setting a configuration option, setting of a policy, or an installation of a patch; and
-
51. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that multiple options for selecting the different occurrence mitigation actions are displayed via an intrusion prevention system interface of an intrusion prevention system that is supported by a single client agent that supports at least one aspect of the identifying the occurrence, at least one aspect of automatically completing a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type in response to a selection of a first one of the multiple options, and at least one aspect of automatically completing a second one of the different occurrence mitigation actions of the other occurrence mitigation type in response to a selection of a second one of the multiple options.
-
52. The non-transitory computer-readable media of claim 39, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
display at least two options for selecting the different occurrence mitigation actions, utilizing at least one user interface; receive a first user input selecting a first one of the options, utilizing the at least one user interface; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input selecting a second one of the options, utilizing the at least one user interface; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the other occurrence mitigation type.
-
-
53. The non-transitory computer-readable media of claim 52, wherein the instructions are configured such that the automatic application of the first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type includes sending a first signal to at least one component with firewall functionality;
- and the automatic application of the second one of the different occurrence mitigation actions of the other occurrence mitigation type includes sending a second signal to at least one component with other functionality.
-
54. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that the different occurrence mitigation actions of the diverse occurrence mitigation types are for being automatically applied to different occurrences with different severities in real-time in response to the identification of the different occurrences based on a user selection of one or more options for selecting among the different occurrence mitigation actions before the identification of the different occurrences.
-
55. The non-transitory computer-readable media of claim 39, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
based on user input, automatically block the occurrence, to prevent an attack from taking advantage of the at least one actual vulnerability while there is no installation of a patch that removes the at least one actual vulnerability.
-
56. The non-transitory computer-readable media of claim 39, wherein the identifying the occurrence is accomplished by:
- identifying at least one first occurrence packet of a first occurrence directed to the first device, and identifying at least one second occurrence packet of a second occurrence directed to the second device;
the determining that the at least one actual vulnerability of the at least one of the plurality of devices is susceptible is accomplished by;
identifying at least one aspect of the at least one first occurrence packet and utilizing the at least one aspect of the at least one first occurrence packet to determine whether a first actual vulnerability of the first device identified by the first vulnerability information is configured so as to be taken advantage of by the at least one first occurrence packet, and identifying at least one aspect of the at least one second occurrence packet and utilizing the at least one aspect of the at least one second occurrence packet to determine whether a second actual vulnerability of the second device identified by the first vulnerability information is configured so as to be taken advantage of by the at least one second occurrence packet; and
the permitting the selective utilization of the different occurrence mitigation actions includes sending one or more control signals in response to receiving user input via a graphical user interface;
wherein the instructions are configured such that, based on the user input, a first occurrence mitigation action of the different occurrence mitigation actions of the firewall-based occurrence mitigation type is completed by sending a first signal over at least one network to a first component with a firewall type functionality and preventing the first occurrence including the at least one first occurrence packet from taking advantage of the first actual vulnerability in connection with the first device; and
wherein the instructions are configured such that a second occurrence mitigation action of the different occurrence mitigation actions of the other occurrence mitigation type is completed by sending a second signal to a second component with other functionality and preventing the second occurrence including the at least one second occurrence packet, in automatic response thereto, from taking advantage of the second actual vulnerability in connection with the second device.
- identifying at least one first occurrence packet of a first occurrence directed to the first device, and identifying at least one second occurrence packet of a second occurrence directed to the second device;
-
57. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that which of the different occurrence mitigation actions for which selective utilization is permitted, is based on one or more of the actual vulnerabilities to which the plurality of devices is actually vulnerable so that utilization of only relevant occurrence mitigation actions is permitted.
-
58. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively permitted for different devices prior to the occurrence.
-
59. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively permitted for different devices prior to the occurrence, resulting in:
- the utilization of only a first occurrence mitigation action of the firewall-based occurrence mitigation type being selectively permitted at the first device in response to the occurrence, the utilization of only a second occurrence mitigation action of the other occurrence mitigation type being selectively permitted at the second device in response to the occurrence, and the utilization of both the first occurrence mitigation action and the second occurrence mitigation action being selectively permitted at the third device in response to the occurrence.
-
60. The non-transitory computer-readable media of claim 39, wherein the instructions are configured such that one or more options are provided to a user so that the user is permitted to select each of the different occurrence mitigation actions of the diverse occurrence mitigation types in connection with the at least one actual vulnerability which includes a single actual vulnerability, such that both of the different occurrence mitigation actions are associated with the single actual vulnerability.
-
61. The non-transitory computer-readable media of claim 39, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
determine the occurrence to have a first severity if it is determined that the at least one actual vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence; determine the occurrence to have a second severity if it determined that the at least one actual vulnerability of the at least one of the plurality of devices is not susceptible to being taken advantage of by the occurrence; and report the occurrence differently based on whether the occurrence is determined to have the first severity or the second severity.
-
-
62. The non-transitory computer-readable media of claim 39, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
receive a first user input; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the other occurrence mitigation type.
-
-
63. The non-transitory computer-readable media of claim 39, wherein the other occurrence mitigation type includes a scan-based occurrence mitigation type.
-
64. The non-transitory computer-readable media of claim 39, wherein the other occurrence mitigation type includes a patch-based occurrence mitigation type.
-
65. The non-transitory computer-readable media of claim 56, wherein the instructions are configured such that at least one of:
-
said at least one first data storage includes at least one first database; said at least one second data storage includes at least one second database; said second vulnerability information is received from the at least one second data storage by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said second vulnerability information includes accurately identified vulnerability information; said second vulnerability information includes actual vulnerability information; said first vulnerability information is generated via a vulnerability scan operation; said first vulnerability information includes potential vulnerability information; said first device, said second device, and said third device are part of the same group; said at least one configuration includes at least one of configuration data, configuration information, or a configuration status; said at least one configuration includes at least one of a configuration option, a policy setting, or a patch; said at least one configuration is identified via user input in connection with at least one setting; said occurrence mitigation by preventing advantage being taken includes at least one of removing the at least one actual vulnerability, or reducing an effect of any occurrence that takes advantage of the at least one actual vulnerability; said firewall-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said different occurrence mitigation actions of the diverse occurrence mitigation types are selectively utilized across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one actual vulnerability after the occurrence; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one actual vulnerability in connection with at least one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first actual vulnerability and utilizing a second one of the different occurrence mitigation actions for a second actual vulnerability; said packet analysis includes an analysis involving the occurrence that involves one or more packets; said packet analysis includes an analysis involving a behavior of one or more packets; said packet analysis includes an analysis involving a content of one or more packets; said packet analysis includes an analysis involving a header of one or more packets; said packet analysis includes an analysis involving a payload of one or more packets; said one or more monitors includes a single monitor; said one or more monitors includes multiple monitors; said one or more monitors includes at least one sensor monitor; said one or more monitors includes at least one in-line sensor monitor; said one or more monitors includes is in-line; said one or more monitors includes at least one intrusion prevention system monitor; said one or more monitors includes at least one intrusion detection system monitor; said one or more monitors includes at least one intrusion prevention monitor; said one or more monitors includes at least one intrusion detection monitor; said at least one actual vulnerability includes the at least one operating system; said actual vulnerabilities include the at least one actual vulnerability; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one actual vulnerability which includes the at least one operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the at least one operating system; one or more of said different occurrence mitigation actions is caused after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; one or more of said different occurrence mitigation actions is caused before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; said different occurrence mitigation actions include different remediation actions; said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions; said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack; said user input includes separate user input for selecting the first occurrence mitigation action and the second occurrence mitigation action; said first signal and the second signal include at least one of response signals, or signals sent in response to a query signal; said first component with the firewall type functionality includes at least one of a firewall, a gateway with the firewall type functionality, a router with the firewall type functionality, a sensor with the firewall type functionality, or a multiple-security product system with the firewall type functionality; said preventing includes at least one of rejecting a request, disallowing an attempt, dropping at least one packet, blocking a potential attack, redirecting a request, setting a policy, affecting a service, changing a configuration option, or installing a patch;
orsaid automatic response includes a real-time response.
-
-
66. The non-transitory computer-readable media of claim 41, wherein the instructions are configured such that each of:
-
said at least one first data storage includes at least one first database; said at least one second data storage includes at least one second database; said second vulnerability information is received from the at least one second data storage by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said first vulnerability information is generated via a vulnerability scan operation; said first vulnerability information identifies at least one actual vulnerability; said first vulnerability information includes at least one of a vulnerability identifier or information associated with one or more of the actual vulnerabilities; said first device, said second device, and said third device are part of the same group; said at least one configuration includes at least one of configuration data, configuration information, or a configuration status; said at least one configuration includes at least one of a configuration option, a policy setting, or a patch; said at least one configuration for being utilized for identifying the at least one operating system or an application; said at least one configuration is identified utilizing information regarding the at least one operating system or an application; said at least one configuration is identified via user input in connection with at least one setting; said occurrence mitigation includes at least one of removing the at least one actual vulnerability, or reducing an effect of any occurrence that takes advantage of the at least one actual vulnerability; said firewall-based occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said other occurrence mitigation type includes at least one of;
a type that mitigates the occurrence utilizing intrusion prevention system functionality, or a type that mitigates the occurrence utilizing an intrusion prevention system;said different occurrence mitigation actions of the diverse occurrence mitigation types are selectively utilized across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one actual vulnerability after the occurrence; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one actual vulnerability in connection with at least one of the plurality of devices; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first actual vulnerability and utilizing a second one of the different occurrence mitigation actions for a second actual vulnerability; said at least one actual vulnerability is the at least one operating system; said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one actual vulnerability which is the at least one operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the at least one operating system; one or more of said different occurrence mitigation actions is caused after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; one or more of said different occurrence mitigation actions is caused before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types; said different occurrence mitigation actions include different remediation actions; said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions; said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack; said at least one actual vulnerability includes at least one of the potential vulnerabilities to which the plurality of devices is determined to be actually vulnerable based on the identified at least one configuration; said at least one configuration includes at least one of;
service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of the at least one operating system, identification of a software version, or identification of software;said determining that the plurality of devices is actually vulnerable to the at least one actual vulnerability includes at least one of;
matching the identified at least one configuration with a guideline associated with at least one update, or cross-referencing an identifier with the identified at least one configuration;said non-transitory computer-readable media includes a single non-transitory computer readable medium; one or more of said different occurrence mitigation actions, after a user selection, is automatically applied at a later time; one or more of said different occurrence mitigation actions puts a policy in place for being utilized at a later time; one or more of said different occurrence mitigation actions, after an automatic application thereof, is utilized at a later time for the occurrence mitigation; one of said different occurrence mitigation actions of the other occurrence mitigation type utilizes an intrusion prevention system to deploy a patch; said one or more monitors includes at least one sensor monitor; said one or more monitors includes at least one in-line sensor monitor; said one or more monitors includes is in-line; said one or more monitors includes at least one intrusion prevention system monitor; said one or more monitors includes at least one intrusion detection system monitor; said one or more monitors includes at least one intrusion prevention monitor; said one or more monitors includes at least one intrusion detection monitor; one of said different occurrence mitigation actions of the firewall-based occurrence mitigation type utilizes a firewall to deploy a patch utilizing an update component; and wherein the instructions are configured for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation, and wherein the instructions are configured for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.
-
-
67. The non-transitory computer-readable media of claim 41, wherein the instructions are configured such that which of the different occurrence mitigation actions for which selective utilization is caused, is based on one or more of the actual vulnerabilities to which the plurality of devices is actually vulnerable so that utilization of only relevant occurrence mitigation actions is caused.
-
68. The non-transitory computer-readable media of claim 41, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively caused for different devices prior to the occurrence.
-
69. The non-transitory computer-readable media of claim 41, wherein the instructions are configured such that the utilization of the different occurrence mitigation actions is selectively caused for different devices prior to the occurrence, resulting in:
- the utilization of only a first occurrence mitigation action of the firewall-based occurrence mitigation type being selectively caused at the first device in response to the occurrence, the utilization of only a second occurrence mitigation action of the other occurrence mitigation type being selectively caused at the second device in response to the occurrence, and the utilization of both the first occurrence mitigation action and the second occurrence mitigation action being selectively caused at the third device in response to the occurrence.
-
70. The non-transitory computer-readable media of claim 41, wherein the instructions, when executed by the one or more processors, cause the one or more processors to:
-
receive a first user input; based on the first user input, automatically apply a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; receive a second user input; and based on the second user input, automatically apply a second one of the different occurrence mitigation actions of the other occurrence mitigation type.
-
-
40. The non-transitory computer-readable media of claim 39, wherein the instructions are configured for providing at least two options via a user interface including a firewall-type option for preventing at least one occurrence packet, and another option;
-
Specification
- Resources
-
Current AssigneeSecurityProfiling, LLC
-
Original AssigneeSecurityProfiling, LLC
-
InventorsOliphant, Brett M., Blignaut, John P.
-
Primary Examiner(s)Herzog, Madhuri R
-
Application NumberUS15/608,978Time in Patent Office1,036 DaysField of SearchNoneUS Class CurrentCPC Class CodesG06F 21/50 Monitoring users, programs ...G06F 21/55 Detecting local intrusion o...G06F 21/554 involving event detection a...G06F 21/57 Certifying or maintaining t...G06F 21/577 Assessing vulnerabilities a...H04L 63/02 for separating internal fro...H04L 63/0227 Filtering policies mail mes...H04L 63/0263 Rule managementH04L 63/14 for detecting or protecting...H04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...H04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/145 the attack involving the pr...H04L 63/20 for managing network securi...