ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for mitigating a first occurrence, and a second technique for dropping packets in connection with at least one networked device for mitigating the first occurrence. Based on user input selecting the first technique for setting or modifying the policy for mitigating the first occurrence, the first technique is automatically applied for setting or modifying the policy for mitigating the first occurrence. Based on the user input selecting the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence, the second technique is applied for dropping packets in connection with the at least one networked device for mitigating the first occurrence.
70 Citations
22 Claims
-
1-2. -2. (canceled)
-
3. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for allowing access to first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability; code for causing at least one operation in connection with at least one of a plurality of networked devices, the at least one operation configured for; identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information is stored in at least one second data storage separate from the at least one first data storage, the second information identifying the at least one actual vulnerability to which the at least one networked device is actually vulnerable; code for identifying a first occurrence in connection with the at least one networked device and a second occurrence in connection with the at least one networked device; code for;
determining the first occurrence to have a first severity if it is determined that the at least one networked device is actually vulnerable to at least one of the actual vulnerabilities that is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device, utilizing the second information, and further determining the second occurrence to have a second severity if it is determined that the at least one networked device is not actually vulnerable to at least one of the actual vulnerabilities that is capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device, utilizing the second information;code for reporting the first occurrence and the second occurrence differently based on the first severity and the second severity; code for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for mitigating the first occurrence, and a second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence; code for receiving user input selecting the first technique for setting or modifying the policy for mitigating the first occurrence, utilizing the at least one user interface; code for, based on the user input selecting the first technique for setting or modifying the policy for mitigating the first occurrence, automatically applying the first technique for setting or modifying the policy for mitigating the first occurrence; code for receiving user input selecting the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence, utilizing the at least one user interface; and code for, based on the user input selecting the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence, automatically applying the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product embodied on at least one non-transitory computer readable medium, comprising:
-
code for receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for; identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable; code for displaying an indication of the at least one networked device and the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information; code for displaying, via at least one user interface, a plurality of techniques including a first technique for setting a policy for occurrence mitigation, and a second technique for setting an option for occurrence mitigation; code for receiving user input causing selection of the first technique for setting the policy for occurrence mitigation; code for, based on the user input causing selection of the first technique for setting the policy for occurrence mitigation, automatically applying the first technique for setting the policy for occurrence mitigation; code for receiving user input causing selection of the second technique for setting the option for occurrence mitigation; code for, based on the user input causing selection of the second technique for setting the option for occurrence mitigation, automatically applying the second technique for setting the option for occurrence mitigation; code for identifying; in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, and in connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device; code for determining; that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; wherein the computer program product is operable such that the at least one first occurrence packet of the first occurrence is prevented in response to the identification of the first occurrence, to prevent the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.
-
-
21. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving actual vulnerability information from at least one first data structure that is generated utilizing potential vulnerability information from at least one second data structure that is capable of being used to identify a plurality of potential vulnerabilities, by including; at least one first potential vulnerability, and at least one second potential vulnerability; said actual vulnerability information being generated utilizing the potential vulnerability information by; identifying at least one configuration associated with at least one of a plurality of networked devices, the at least one configuration relating to at least one of an operating system or an application of the at least one networked device, and determining that at least one networked device is actually vulnerable to at least one actual vulnerability based on the identified at least one configuration, utilizing the potential vulnerability information that is capable of being used to identify the plurality of potential vulnerabilities; said actual vulnerability information from the at least one first data structure capable of being used for identifying the at least one actual vulnerability to which at least one networked device is actually vulnerable; code for determining whether an attack is capable of taking advantage of the at least one actual vulnerability to which at least one networked device is actually vulnerable; and code for applying different attack mitigation actions of diverse attack mitigation types, including a firewall-based attack mitigation type and an intrusion prevention system-based attack mitigation type, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device, based on the determination whether the attack is capable of taking advantage of the at least one actual vulnerability to which at least one networked device is actually vulnerable, the at least one actual vulnerability being a function of the at least one of the operating system or the application of the at least one networked device and the different attack mitigation actions corresponding to the at least one actual vulnerability, thereby resulting in relevant attack mitigation actions of the diverse attack mitigation types being applied based on the determination whether one or more attacks are capable of taking advantage of only relevant actual vulnerabilities. - View Dependent Claims (22)
-
Specification