CLIENT CAPTURE OF VULNERABILITY DATA
First Claim
Patent Images
1. A computing system, comprising:
- a plurality of networked computing devices; and
a database containing configuration information for each of the plurality of networked computing devices;
wherein each of the networked computing devices comprises;
a processor; and
a memory encoded with programming instructions executable by the processor to monitor the configuration of the computing device and communicate the configuration of the computing device to the database.
0 Assignments
0 Petitions
Accused Products
Abstract
Abstract of the Disclosure
A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
-
Citations
20 Claims
-
1. A computing system, comprising:
-
a plurality of networked computing devices; and a database containing configuration information for each of the plurality of networked computing devices; wherein each of the networked computing devices comprises; a processor; and a memory encoded with programming instructions executable by the processor to monitor the configuration of the computing device and communicate the configuration of the computing device to the database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
data identifying an operating system, a service pack, software, and patches installed on the computing device; and data characterizing system policy settings and configuration status data on the computing device.
-
-
3. The system of claim 1, wherein for each of the networked computing devices, the configuration information includes initialization files and configuration registry data.
-
4. The system of claim 1, wherein the configuration information is kept current by a software agent executed by the processor of each of the networked computing devices.
-
5. The system of claim 1, wherein:
-
the system includes an application programming interface to allow retrieval of the configuration information by one or more security applications; and the one or more security applications make security-related determinations based on the retrieved configuration information.
-
-
6. The system of claim 5, wherein the determinations include:
-
whether to block connection attempts; whether to allow software to be installed; and whether to pass communications.
-
-
7. The system of claim 5, wherein one security application is an intrusion detection system operable to:
-
accesses the configuration information contained in the database; and determine whether an intrusion attempt has occurred at one or more of the networked computing devices.
-
-
8. The system of claim 7, wherein the intrusion detection system is also operable to block one or more intrusion attempts at one or more of the networked computing devices.
-
9. The system of claim 1, wherein the database also contains:
-
information that characterizes zero or more vulnerabilities to which each of the networked computing devices are subject; and vulnerability remediation information including remediation techniques for the zero or more vulnerabilities.
-
-
10. The system of claim 9, wherein a server incorporating the database is operable to:
-
select one or more remediation techniques from the database that remediate one or more of the vulnerabilities; and remediate the one or more vulnerabilities according to the one or more selected techniques.
-
-
11. A method, comprising:
-
monitoring configuration information of each of a plurality of networked computing devices; communicating the configuration information from each of the plurality of networked computing devices to a central database; and making and executing security-related determinations as a function of the configuration information in the database. - View Dependent Claims (12, 13, 14, 15, 16, 17)
data identifying an operating system, initialization information, software, and patches installed on the computing device; and data characterizing system policy settings and configuration status data on the computing device.
-
-
14. The method of claim 11, further comprising accessing the database to retrieve at least a portion of the configuration information, wherein:
-
the accessing is performed by one or more security applications via an application programming interface; and the making and executing are performed by the one or more security applications based on the retrieved configuration information.
-
-
15. The method of claim 11, further comprising communicating vulnerability information from each of the plurality of networked computing devices to the database, wherein:
-
the vulnerability information characterizes zero or more vulnerabilities to which each of the networked computing devices are subject; and the database contains vulnerability remediation information including remediation techniques for the zero or more vulnerabilities.
-
-
16. The method of claim 15, further comprising:
-
selecting one or more remediation techniques from the database that remediate one or more vulnerabilities; and remediating the one or more vulnerabilities according to the one or more selected techniques.
-
-
17. The method of claim 11, wherein the security-related determinations are selected from the group consisting of:
-
whether to block a connection attempt to one or more of the networked computing devices; whether to pass a communication to one or more of the networked computing devices; and whether to permit software to be installed on one or more of the networked computing devices.
-
- 18. An apparatus, comprising a networked computing device having a memory encoded with logic executable by one or more processors to monitor configuration information of the computing device and communicate the configuration information of the computing device to a database, wherein the database contains configuration information for a plurality of networked computing devices.
Specification