METHODS, COMPUTER PROGRAM PRODUCTS AND DATA STRUCTURES FOR INTRUSION DETECTION, INTRUSION RESPONSE AND VULNERABILITY REMEDIATION ACROSS TARGET COMPUTER SYSTEMS
First Claim
1. A computer program product for detecting intrusions, the computer program product comprising:
- one or more computer-readable storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising;
program instructions to receive, at a target system, a message identifying a first version of a program that is installed at the target system, and select from a plurality of different intrusion detection tests for a respective plurality of different versions of the program, a first one of the tests that detects intrusion of the first version of the program; and
program instructions, responsive to the message, to perform the first test at the target system.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer security threat management information is generated by receiving a notification of a security threat and/or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of at least one system type that is effected by the computer security threat, a computer-readable field that provides identification of a release level for a system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level, a computer-readable field that provides identification of a method to reverse the intrusion exploit of the computer security threat for a system type and a release level, and a computer-readable field that provides identification of a method to remediate the vulnerability subject to exploit of the computer security threat for a system type and a release level. The TMV is transmitted to target systems for processing by the target systems.
3 Citations
5 Claims
-
1. A computer program product for detecting intrusions, the computer program product comprising:
-
one or more computer-readable storage devices and program instructions stored on at least one of the one or more storage devices, the program instructions comprising; program instructions to receive, at a target system, a message identifying a first version of a program that is installed at the target system, and select from a plurality of different intrusion detection tests for a respective plurality of different versions of the program, a first one of the tests that detects intrusion of the first version of the program; and program instructions, responsive to the message, to perform the first test at the target system. - View Dependent Claims (2)
-
-
3. A method for processing computer security information, the method comprising:
-
a computer transmitting, to a target system, one or more messages identifying a plurality of versions of a program that are available for installation at the target system and a respective plurality of different intrusion detection test programs to detect intrusions directed to the respective plurality of different versions of the program, wherein the plurality of different intrusion detection tests programs includes a first intrusion detection test program that detects intrusion directed to a first one of the plurality of versions of the program; and the computer subsequently receiving a notification from the target system that intrusion of the first version of the program has been detected. - View Dependent Claims (4, 5)
-
Specification