SOFTWARE VULNERABILITY EXPLOITATION SHIELD
First Claim
1. At a computing system in a network computing environment, a method of minimizing the exploitation of vulnerabilities on software installed on the computing system by inspecting network traffic thereto and identifying the malicious code before it can be executed and/or installed, the method comprising:
- monitoring, at a transport layer, incoming network traffic of a computing system using a security component installed thereon;
receiving as part of the network traffic a message at the transport layer identified as destined for the computing system;
comparing at least a portion of data included in the message received with exploit evidence used to identify malicious code, the exploit evidence provided to the security component by a security service that gathers information about the malicious code;
based on the comparison with the exploit evidence, identifying one or more rules that instruct the security component to perform one or more actions on the message received.
15 Assignments
0 Petitions
Accused Products
Abstract
This paper describes a mechanism for minimizing the exploitation of vulnerabilities on software installed on a computing system. At a transport layer (e.g., transmission communication protocol (TCP) sockets layer), network traffic is monitored using a security component installed on a target computer. When a message destined for the computing system is received, data included in the message is compared with exploit evidence used to identify malicious code. The exploit evidence is provided to the security component by security service that gathers information about the malicious code. Based on the comparison of data in the message with the exploit evidence, rules are identified that instruct the security component to take an appropriate action on the message received.
66 Citations
20 Claims
-
1. At a computing system in a network computing environment, a method of minimizing the exploitation of vulnerabilities on software installed on the computing system by inspecting network traffic thereto and identifying the malicious code before it can be executed and/or installed, the method comprising:
-
monitoring, at a transport layer, incoming network traffic of a computing system using a security component installed thereon; receiving as part of the network traffic a message at the transport layer identified as destined for the computing system; comparing at least a portion of data included in the message received with exploit evidence used to identify malicious code, the exploit evidence provided to the security component by a security service that gathers information about the malicious code; based on the comparison with the exploit evidence, identifying one or more rules that instruct the security component to perform one or more actions on the message received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. At a computing system in a network computing environment, a computer program product comprising a computer-readable storage medium having encoded thereon computer-readable instructions, the instructions, when executed in a computing environment, perform a method comprising:
-
monitoring, at a transport layer, incoming network traffic of a computing system using a security component installed thereon; receiving as part of the network traffic a message at the transport layer identified as destined for the computing system; comparing at least a portion of data included in the message received with exploit evidence used to identify malicious code, the exploit evidence provided to the security component by a security service that gathers information about the malicious code; based on the comparison with the exploit evidence, identifying one or more rules that instruct the security component to perform one or more actions on the message received. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification