Universal patching machine
First Claim
1. A method for protecting a computer network by using a universal patching machine implemented on a network appliance to detect and fix vulnerability violations in data traffic flowing through the network appliance between a communications network and the computer network, wherein the universal patching machine includes patch processors and a packet controller, the method comprising:
- forming the patch processors in the universal patching machine from a plurality of network patches;
receiving the data traffic with the universal patching machine;
using the patch processors to detect vulnerability violations in the received data traffic;
when a vulnerability violation is detected in the data traffic by the patch processors, using the patch processors to issue a modification command to the packet controller that directs the packet controller to fix the data traffic and remove the vulnerability violation; and
using the universal patching machine to provide the fixed data traffic to the computer network.
1 Assignment
0 Petitions
Accused Products
Abstract
A universal patching machine is used to provide security for a computer system. A conversion function is generated for the patching machine that modifies input data to the computer system so that the computer system has an output and state that match the output and state that would be produced by a vendor-patched version of the computer system. The universal patching machine detects security vulnerabilities in intercepted data traffic. If a vulnerability violation is detected, the universal patching machine modifies the data traffic to remove the violation. Fixing the data traffic in this way ensures that the vulnerability cannot be exploited in an attack against the data network. The universal patching machine is formed from patch processors and a packet controller. The patch processors are formed from network patches. In operation, the patch processors detect vulnerabilities and issue modification commands that direct the packet controller to fix the data traffic.
35 Citations
18 Claims
-
1. A method for protecting a computer network by using a universal patching machine implemented on a network appliance to detect and fix vulnerability violations in data traffic flowing through the network appliance between a communications network and the computer network, wherein the universal patching machine includes patch processors and a packet controller, the method comprising:
-
forming the patch processors in the universal patching machine from a plurality of network patches;
receiving the data traffic with the universal patching machine;
using the patch processors to detect vulnerability violations in the received data traffic;
when a vulnerability violation is detected in the data traffic by the patch processors, using the patch processors to issue a modification command to the packet controller that directs the packet controller to fix the data traffic and remove the vulnerability violation; and
using the universal patching machine to provide the fixed data traffic to the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
Specification