Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems
First Claim
1. A method of generating computer security threat management information, comprising:
- receiving a notification of a computer security threat and/or a notification of a test that detects intrusion of the computer security threat;
generating a computer-actionable Threat Management Vector (TMV) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level; and
transmitting the TMV that is generated to a plurality of target systems for processing by the plurality of target systems.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer security threat management information is generated by receiving a notification of a security threat and/or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of at least one system type that is effected by the computer security threat, a computer-readable field that provides identification of a release level for a system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level, a computer-readable field that provides identification of a method to reverse the intrusion exploit of the computer security threat for a system type and a release level, and a computer-readable field that provides identification of a method to remediate the vulnerability subject to exploit of the computer security threat for a system type and a release level. The TMV is transmitted to target systems for processing by the target systems.
94 Citations
20 Claims
-
1. A method of generating computer security threat management information, comprising:
-
receiving a notification of a computer security threat and/or a notification of a test that detects intrusion of the computer security threat;
generating a computer-actionable Threat Management Vector (TMV) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level; and
transmitting the TMV that is generated to a plurality of target systems for processing by the plurality of target systems. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product that is configured to process computer security threat management information, the computer program product comprising a computer usable storage medium having computer-readable program code embodied in the medium, the computer-readable program code comprising:
-
computer-readable program code that is configured to receive a computer-actionable Threat Management Vector (TMV) at a target system, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of a test that detects intrusion of the computer security threat for a system type and a release level; and
computer-readable program code that is configured to perform the test that detects intrusion of the computer security threat, at the target system, in response to receipt of the TMV. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A computer-actionable Threat Management Vector (TMV) comprising:
-
a computer-readable field that provides identification of at least one system type that is affected by a computer security threat;
a computer-readable field that provides identification of a release level for the system type; and
a computer-readable field that provides identification of a test that detects intrusion of the computer security threat for a system type and a release level. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer security threat management system, comprising:
-
means for receiving a notification of a computer security threat and/or a notification of a test that detects intrusion of the computer security threat;
means for generating a computer-actionable Threat Management Vector (TMV) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level;
means for transmitting the TMV that is generated to a plurality of target systems;
means for receiving the TMV that is generated, at the plurality of target systems; and
means for performing the test that detects intrusion of the computer security threat, at the target system, in response to receipt of the TMV.
-
Specification