Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems

US 20060015941A1
Filed: 07/13/2004
Published: 01/19/2006
Est. Priority Date: 07/13/2004
Status: Active Grant

First Claim

Patent Images

1. A method of generating computer security threat management information, comprising:

receiving a notification of a computer security threat and/or a notification of a test that detects intrusion of the computer security threat;

generating a computer-actionable Threat Management Vector (TMV) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level; and

transmitting the TMV that is generated to a plurality of target systems for processing by the plurality of target systems.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer security threat management information is generated by receiving a notification of a security threat and/or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of at least one system type that is effected by the computer security threat, a computer-readable field that provides identification of a release level for a system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level, a computer-readable field that provides identification of a method to reverse the intrusion exploit of the computer security threat for a system type and a release level, and a computer-readable field that provides identification of a method to remediate the vulnerability subject to exploit of the computer security threat for a system type and a release level. The TMV is transmitted to target systems for processing by the target systems.

94 Citations

View as Search Results

20 Claims

1. A method of generating computer security threat management information, comprising:
- receiving a notification of a computer security threat and/or a notification of a test that detects intrusion of the computer security threat;
  
  generating a computer-actionable Threat Management Vector (TMV) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level; and
  
  transmitting the TMV that is generated to a plurality of target systems for processing by the plurality of target systems.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1 wherein the TMV further includes a computer-readable field that provides identification of a possible countermeasure for a system type and a release level.
  - 3. A method according to claim 1 wherein the TMV is a first TMV, the method further comprising:
    - generating a second TMV in response to notification from a target system that intrusion of the computer security threat has been detected, the second TMV including therein a computer-readable field that identifies instructions for removing the intrusion of the computer security threat that was detected; and
      
      transmitting the second TMV that is generated to the target system for processing by the target system.
  - 4. A method according to claim 2 wherein the TMV further includes a computer-readable field that provides identification of a plurality of tests that detect intrusion of the computer security threat for a system type and a release level and/or identification of a plurality of possible countermeasures for a system type and a release level.
  - 5. A method according to claim 1 further comprising:
    - generating a null TMV in response to notification from a target system that intrusion of the computer security threat has been detected, the null TMV including therein a computer-readable field that identifies that no instructions are available for removing the intrusion of the computer security threat that was detected; and
      
      transmitting the null TMV that is generated to the target system for processing by the target system.
  - 6. A method according to claim 5 wherein the TMV is a first TMV and wherein transmitting the null TMV is followed by:
    - generating a second TMV in response to receipt of instructions for removing the intrusion of the computer security threat that was detected, the second TMV including therein a computer-readable field that identifies the instructions for removing the intrusion of the computer security threat that was detected; and
      
      transmitting the second TMV that is generated to the target system for processing by the target system.
  - 7. A method according to claim 2 wherein the possible countermeasure includes a countermeasure to remove the intrusion and/or a countermeasure to remediate damage caused by the intrusion.
  - 8. A method according to claim 1 wherein receiving, generating and transmitting are performed by a threat management domain controller.

9. A computer program product that is configured to process computer security threat management information, the computer program product comprising a computer usable storage medium having computer-readable program code embodied in the medium, the computer-readable program code comprising:
- computer-readable program code that is configured to receive a computer-actionable Threat Management Vector (TMV) at a target system, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of a test that detects intrusion of the computer security threat for a system type and a release level; and
  
  computer-readable program code that is configured to perform the test that detects intrusion of the computer security threat, at the target system, in response to receipt of the TMV.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A computer program product according to claim 9 wherein the TMV is a first TMV, the computer program product further comprising:
    - computer-readable program code that is configured to send a notification from the target system that intrusion of the computer security threat has been detected;
      
      computer-readable program code that is configured to receive a second TMV including therein a computer-readable field that identifies instructions for removing the intrusion of the computer security threat that was detected; and
      
      computer-readable program code that is configured to perform the instructions for removing the intrusion of the computer security threat that was detected, at the target system, in response to receiving the second TMV.
  - 11. A computer program product according to claim 9:
    - wherein the TMV further includes a computer-readable field that provides identification of a plurality of tests for a system type and a release level; and
      
      wherein the computer-readable program code is configured to perform the test comprises computer-readable program code that is configured to perform the plurality of tests that detect intrusion of the computer security threat, at the target system in response to receiving the TMV.
  - 12. A computer program product according to claim 9 further comprising:
    - computer-readable program code that is configured to send a notification from the target system that intrusion of the computer security threat has been detected; and
      
      computer-readable program code that is configured to receive a null TMV including therein a computer-readable field that identifies that no instructions are available for removing the intrusion of the computer security threat that was detected.
  - 13. A computer program product according to claim 12 wherein the TMV is a first TMV, the computer program product further comprising:
    - computer-readable program code that is configured to receive a second TMV including therein a computer-readable field that identifies the instructions for removing the intrusion of the computer security threat that was detected; and
      
      computer-readable program code that is configured to perform the instructions for removing the intrusion of the computer security threat that was detected, at the target system, response to receiving the second TMV.

14. A computer-actionable Threat Management Vector (TMV) comprising:
- a computer-readable field that provides identification of at least one system type that is affected by a computer security threat;
  
  a computer-readable field that provides identification of a release level for the system type; and
  
  a computer-readable field that provides identification of a test that detects intrusion of the computer security threat for a system type and a release level.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. A TMV according to claim 14 further comprising:
    - a computer-readable field that provides identification of a possible countermeasure for a system type and a release level.
  - 16. A TMV according to claim 14 further comprising:
    - a computer-readable field that identifies instructions for removing the intrusion of the computer security threat that was detected.
  - 17. A TMV according to claim 14 further comprising:
    - a computer-readable field that provides identification of a plurality of tests that detect intrusion of the computer security threat for a system type and a release level and/or identification of a plurality of possible countermeasures for a system type and a release level.
  - 18. A TMV according to claim 14 further comprising:
    - a computer-readable field that identifies that no instructions are available for removing the intrusion of the computer security threat that was detected
  - 19. A TMV according to claim 14 wherein the system type is a program instance type.

20. A computer security threat management system, comprising:
- means for receiving a notification of a computer security threat and/or a notification of a test that detects intrusion of the computer security threat;
  
  means for generating a computer-actionable Threat Management Vector (TMV) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level;
  
  means for transmitting the TMV that is generated to a plurality of target systems;
  
  means for receiving the TMV that is generated, at the plurality of target systems; and
  
  means for performing the test that detects intrusion of the computer security threat, at the target system, in response to receipt of the TMV.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (SoftBank Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
McKenna, John J.

Granted Patent

US 8,458,793 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

G06F 21/577 Assessing vulnerabilities a...

Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links