ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT

US 20150033349A1
Filed: 09/28/2014
Published: 01/29/2015
Est. Priority Date: 07/01/2003
Status: Active Grant

First Claim

Patent Images

1-2. -2. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage. The actual vulnerability information is generated utilizing the potential vulnerability information. Further, the actual vulnerability information from the at least one first data storage is capable of identifying the plurality of actual vulnerabilities to which the plurality of networked computers are actually vulnerable. In use, an action may be caused to be automatically completed in connection with at least one of the networked devices.

6 Citations

View as Search Results

22 Claims

1-2. -2. (canceled)

3. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for deploying at least one client agent to at least one of a plurality of devices, the at least one client agent being capable of both identifying a plurality of aspects of the at least one device that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure identifying the remediation techniques that remediate the weaknesses, where;
  
  each of at least a portion of the remediation techniques remediates at least one of the plurality of weaknesses;
  
  each of at least a portion of the remediation techniques has a remediation type including at least one of installation of software, a policy setting, or a configuration;
  
  said at least one data structure identifies;
  
  a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness; and
  
  code for;
  
  identifying at least one first aspect of the at least one device that is a basis for the first particular weakness, utilizing the at least one client agent,determining whether the at least one device is subject to the first particular weakness, based on the at least one first aspect of the at least one device and the at least one data structure,conditionally applying the first remediation technique to the at least one device by automatically installing the software for at least mitigating the first particular weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the first particular weakness,reporting to at least one server, utilizing the at least one client agent, first information relating to the application of the first remediation technique including an indication of whether the software was installed for at least mitigating the first particular weakness,identifying at least one second aspect of the at least one device that is a basis for the second particular weakness, utilizing the at least one client agent,determining whether the at least one device is subject to the second particular weakness, based on the at least one second aspect of the at least one device and the at least one data structure,conditionally applying the second remediation technique to the at least one device by automatically affecting the service for at least mitigating the second particular weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the second particular weakness,reporting to the at least one server, utilizing the at least one client agent, second information relating to the application of the second remediation technique including an indication of whether the service was affected for at least mitigating the second particular weakness,identifying at least one third aspect of the at least one device that is a basis for the third particular weakness, utilizing the at least one client agent,determining whether the at least one device is subject to the third particular weakness, based on the at least one third aspect of the at least one device and the at least one data structure,conditionally applying the third remediation technique to the at least one device by automatically changing the configuration or policy setting for at least mitigating the third particular weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the third particular weakness, andreporting to the at least one server, utilizing the at least one client agent, third information relating to the application of the third remediation technique including an indication of whether the configuration or policy setting was changed for at least mitigating the third particular weakness.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 4. The computer program product of claim 3, wherein the computer program product is operable such that reporting information is reported that includes at least one of the first information, the second information, or the third information.
  - 5. The computer program product of claim 4, wherein the computer program product is operable such that the reporting information is received after a request for network resource is identified.
  - 6. The computer program product of claim 5, wherein the computer program product is operable for causing a reaction to the request for the network resource, based the reporting information.
  - 7. The computer program product of claim 6, wherein the computer program product is operable such that the request for the network resource includes a connection request, and the reaction includes blocking or allowing the connection request.
  - 8. A computer program product of claim 3, wherein the computer program product is operable such that the at least one first aspect of the at least one device includes at least one first operating system-related aspect associated with a framework that dictates how data is communicated, and the first remediation technique is conditionally applied to the at least one device for at least mitigating the first particular weakness, based on the at least one first operating system-related aspect associated with the framework that dictates how data is communicated, and the computer program product is further operable such that the at least one second aspect of the at least one device includes at least one second operating system-related aspect associated with the framework that dictates how data is communicated, and the second remediation technique is conditionally applied to the at least one device for at least mitigating the second particular weakness, based on the at least one second operating system-related aspect associated with the framework that dictates how data is communicated, and the computer program product is even further operable such that the at least one third aspect of the at least one device includes at least one third operating system-related aspect associated with the framework that dictates how data is communicated, and the third remediation technique is conditionally applied to the at least one device for at least mitigating the third particular weakness, based on the at least one third operating system-related aspect associated with the framework that dictates how data is communicated.
  - 9. A computer program product of claim 3, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is capable of applying the remediation techniques in immediate response the identification of the aspects.
  - 10. A computer program product of claim 3, wherein the computer program product is operable such that the at least one data structure resides on the at least one device with the at least one client agent while it is determined whether:
    - the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, and the at least one device is subject to the third particular weakness;
      
      such that the at least one client agent does not necessarily have to send a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, and the at least one device is subject to the third particular weakness.
  - 11. A computer program product of claim 3, wherein the computer program product is operable such that the at least one client agent includes a vulnerability management portion for identifying the aspects of the devices that are the bases for the weaknesses and a remediation deployment portion for applying the remediation techniques that remediate the weaknesses.
  - 12. A computer program product of claim 3, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is capable of applying the remediation techniques utilizing a platform of a single party, without requiring third-party software for performing the identification of the aspects of the devices.
  - 13. A computer program product of claim 3, wherein the computer program product is operable such that, in addition to being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is further capable of supporting at least one aspect of:
    - identifying a request for a network resource by the at least one device including a connection request; and
      
      after the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information.
  - 14. A computer program product of claim 3, wherein the computer program product is operable such that the at least one data structure further identifies:
    - a plurality of security-related remediation techniques that remediate a plurality of particular weaknesses including security vulnerabilities; and
      
      a plurality of non-security-related remediation techniques that remediate a plurality of particular non-security-related weaknesses; and
      
      further comprising;
      
      code for;
      
      identifying at least one security-related aspect of the at least one device that is a basis for at least one of the security vulnerabilities, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one security vulnerability, based on the at least one security-related aspect of the at least one device and the at least one data structure,conditionally applying at least one of the security-related remediation techniques to the at least one device for at least mitigating the at least one security vulnerability utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one security vulnerability,identifying at least one non-security-related aspect of the at least one device that is a basis for at least one of the non-security-related weaknesses, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one non-security-related weakness, based on the at least one non-security-related aspect of the at least one device and the at least one data structure, andconditionally applying at least one of the non-security-related remediation techniques to the at least one device for at least mitigating the at least one non-security-related weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one non-security-related weakness.
  - 15. A computer program product of claim 3, wherein the computer program product is operable such that the at least one data structure further identifies:
    - a plurality of security-related remediation techniques that remediate a plurality of particular weaknesses including security vulnerabilities; and
      
      a plurality of performance-related remediation techniques that remediate a plurality of particular performance-related weaknesses; and
      
      further comprising;
      
      code for;
      
      identifying at least one security-related aspect of the at least one device that is a basis for at least one of the security vulnerabilities, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one security vulnerability, based on the at least one security-related aspect of the at least one device and the at least one data structure,conditionally applying at least one of the security-related remediation techniques to the at least one device for at least mitigating the at least one security vulnerability utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one security vulnerability,identifying at least one performance-related aspect of the at least one device that is a basis for at least one of the performance-related weaknesses, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one performance-related weakness, based on the at least one performance-related aspect of the at least one device and the at least one data structure, andconditionally applying at least one of the performance-related remediation techniques to the at least one device for at least mitigating the at least one performance-related weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one performance-related weakness.
  - 16. A computer program product of claim 3, wherein the computer program product is operable such that the at least one of the at least one first aspect of the at least one device, the at least one second aspect of the at least one device, or the at least one third aspect of the at least one device includes at least one first operating system-related aspect associated with a framework that dictates how data is communicated;
    - and the at least one client agent is capable of applying the remediation techniques without requiring third-party software for performing the identification of the aspects of the devices and the at least one data structure resides on the at least one device with the at least one client agent while it is determined whether;
      
      the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, and the at least one device is subject to the third particular weakness, such that the at least one client agent is capable of avoiding sending a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, and the at least one device is subject to the third particular weakness, and so that the at least one client agent is capable of applying at least one of the remediation techniques in immediate response the identification of one of the aspects.
  - 17. A computer program product of claim 16, wherein the computer program product is operable such that, in addition to being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is further capable of supporting at least one aspect of:
    - identifying a request for a network resource by the at least one device including a connection request, and, after the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information.
  - 18. The computer program product of claim 3, wherein at least one of:
    - said at least one data structure is accessed by the at least one client agent by at least one of;
      
      communication of data therewith, or synchronization of data therewith;
      
      said at least one data structure including at least one database;
      
      said at least one portion of the remediation techniques includes at least one remediation technique;
      
      at least one of said remediation techniques at least one of;
      
      removes at least one of the weaknesses;
      
      or mitigates an affect of an attack that takes advantage of the at least one weakness;
      
      at least of one of said weaknesses being capable of being exploited by at least one attack;
      
      at least of one of said weaknesses including an vulnerability;
      
      at least of one of said weaknesses a performance-related weakness;
      
      at least of one of said weaknesses a version-related weakness;
      
      said software includes a patch;
      
      said determining is carried out in response to a signal;
      
      said determining is carried out utilizing logic;
      
      said at least one client agent is capable of accessing the at least one data structure while the at least one data structure is residing on the at least one server;
      
      at least one of said first information, the second information, or the third information includes an identifier;
      
      orsaid first information, the second information, and the third information being reported via a single log;
      
      wherein the computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation technique; and
      
      wherein the computer program product is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.

19. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for deploying a single client agent to at least one of a plurality of devices, the single client agent being capable of both identifying a plurality of aspects of the at least one device that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure residing at the at least one device and identifying the remediation techniques that remediate the weaknesses, where;
  
  each of at least a portion of the remediation techniques remediates at least one of the plurality of weaknesses;
  
  each of at least a portion of the remediation techniques has a remediation type including at least one of installation of software, a policy setting, or a configuration;
  
  said at least one data structure identifies;
  
  a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness; and
  
  code for;
  
  identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness, utilizing the single client agent,determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device,conditionally applying at least one of the first remediation technique, the second remediation technique, or the third remediation technique to the at least one device, utilizing the single client agent, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness, andreporting to at least one server, utilizing the single client agent, at least one of first information relating to the application of the first remediation technique, second information relating to the application of the second remediation technique, or third information relating to the application of the third remediation technique.
- View Dependent Claims (20)
- - 20. A computer program product of claim 19, wherein the computer program product is operable such that, in addition to being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the single client agent is further capable of supporting at least one aspect of:
    - identifying a request for a network resource by the at least one device including a connection request, and, after the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information.

21. A computer program product embodied on a non-transitory computer readable medium, comprising:
- single client agent code capable of both identifying a plurality of aspects of at least one of a plurality of devices that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure identifying the remediation techniques that remediate the weaknesses, where;
  
  each of at least a portion of the remediation techniques remediates at least one of the plurality of weaknesses;
  
  each of at least a portion of the remediation techniques has a remediation type including at least one of installation of software, a policy setting, or a configuration;
  
  said at least one data structure identifies;
  
  a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness;
  
  wherein the single client agent code is further operable for;
  
  identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness,determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device,conditionally applying at least one of the first remediation technique, the second remediation technique, or the third remediation technique to the at least one device, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness, andreporting to at least one server at least one of first information relating to the application of the first remediation technique, second information relating to the application of the second remediation technique, or third information relating to the application of the third remediation technique.
- View Dependent Claims (22)
- - 22. A computer program product of claim 21, wherein the computer program product is operable such that, in addition to being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the single client agent code is further capable of supporting at least one aspect of:
    - identifying a request for a network resource by the at least one device including a connection request, and, after the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.

Granted Patent

US 9,350,752 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/50   Monitoring users, programs ...

G06F 21/57   Certifying or maintaining t...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others