METHOD AND SYSTEM FOR SECURITY MAINTENANCE IN A NETWORK
First Claim
Patent Images
1. A method, comprising:
- issuing a communication associated with one or more programs to one or more devices in a network;
detecting a response to the communication from each of the one or more devices;
detecting an event logger message from an event logger when any of the one or more devices sends an event logger event message to the event logger in response to the communication;
analyzing, by a hardware processor, the response and the event logger message;
identifying a threat response when at least one of the response represents one of an alert, an unexpected response, or a response time-out indicating a lack of response from the one or more devices, and the event logger message reports an event; and
determining a network vulnerability based on identification of the threat response.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for monitoring a network and detecting network vulnerabilities is provided. A communication associated with one or more programs is issued to one or more devices in a network and the response from the devices is detected and analyzed. Based on the analysis, a device response is identified as a threat response if it represents at least an alert, an unexpected response or a response time-out indicating that the device did not response to the communication. The vulnerability of the network is determined based on the threat responses of the devices.
49 Citations
20 Claims
-
1. A method, comprising:
-
issuing a communication associated with one or more programs to one or more devices in a network; detecting a response to the communication from each of the one or more devices; detecting an event logger message from an event logger when any of the one or more devices sends an event logger event message to the event logger in response to the communication; analyzing, by a hardware processor, the response and the event logger message; identifying a threat response when at least one of the response represents one of an alert, an unexpected response, or a response time-out indicating a lack of response from the one or more devices, and the event logger message reports an event; and determining a network vulnerability based on identification of the threat response. - View Dependent Claims (2, 3, 5, 6, 7, 8, 9)
-
-
4. (canceled)
-
10. A non-transitory computer-readable medium comprising, computer-readable instructions of a computer program that, when executed by a processor, cause the processor to perform a method, the method comprising:
-
issuing a communication associated with one or more programs to one or more devices in a network; detecting a response to the communication from each of the one or more devices; detecting an event logger message from an event logger when any of the one or more devices sends an event logger event message to the event logger in response to the communication; analyzing, by a hardware processor, the response and the event logger message; identifying a threat response when at least one of the response represents one of an alert, an unexpected response, or a response time-out indicating a lack of response from the one or more devices, and the event logger message reports an event; and determining a network vulnerability based on identification of the threat response. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a coordinator device, being a hardware processor, connected to a network; a program database coupled to the coordinator device for storing programs; and a threat response database coupled to the coordinator for storing threat responses associated with devices connected to the network; wherein the coordinator device comprises a coordinator module configured to; issue a communication associated with one or more programs to one or more devices in a network; detect a response to the communication from each of the one or more devices; detect an event logger message from an event logger when any of the one or more devices sends an event logger event message to the event logger in response to the communication; analyze, by a hardware processor, the response and the event logger message; identify a threat response when at least one of the response represents one of an alert, an unexpected response, or a response time-out indicating a lack of response from the one or more devices, and the event logger message reports an event; and determine a network vulnerability based on identification of the threat response. - View Dependent Claims (19, 20)
-
Specification