SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR REPORTING AN OCCURRENCE IN DIFFERENT MANNERS
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for identifying operating system information associated with at least one of a plurality of networked devices, and an occurrence in connection with the at least one of the networked device. It is also determined whether at least one vulnerability capable being exploited by the occurrence is relevant to the at least one networked device based on the operating system information. To this send, the occurrence is reported in a first manner, if it is determined that the at least one vulnerability capable being exploited by the occurrence is relevant to the at least one networked device based on the operating system information. Further, the occurrence is reported in a second manner different from the first manner, if it is determined that the at least one vulnerability capable being exploited by the occurrence is not relevant to the at least one networked device based on the operating system information.
-
Citations
22 Claims
-
1-2. -2. (canceled)
-
3. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving an identification of at least one of an operating system or an application associated with at least one of a plurality of devices; code for accessing a data storage describing a plurality of mitigation techniques that mitigate an attack that takes advantage of a plurality of vulnerabilities; code for presenting a plurality of options in connection with the plurality of mitigation techniques that correspond with a subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system or the application associated with the at least one device, the plurality of options relating to an intrusion detection or prevention mitigation technique and a firewall mitigation technique that both correspond with the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system or the application associated with the at least one device; code for receiving user input selecting at least one of the options in connection with at least one of the plurality of the mitigation techniques that correspond with the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system or the application associated with the at least one device; code for, based on the user input, deploying the selected at least one option in connection with the at least one mitigation technique that corresponds with the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system or the application associated with the at least one device; code for identifying an occurrence in connection with the at least one of the device; code for determining whether the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system or the application associated with the at least one device; and code for preventing the occurrence from taking advantage of the at least one of the subset of the plurality of the vulnerabilities, utilizing the at least one mitigation technique in connection with the selected at least one option, based on the determination whether the occurrence is capable of taking advantage of the at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system or the application associated with the at least one device. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for retrieving a plurality of options from a data storage describing a plurality of mitigation techniques that mitigate an attack that takes advantage of a plurality of vulnerabilities; code for presenting the plurality of options which relate to the plurality of mitigation techniques in connection with a subset of a plurality of the vulnerabilities posed by at least one of an operating system or an application of at least one device, the plurality of options relating to an intrusion detection or prevention mitigation technique and a firewall mitigation technique; code for receiving user input selecting at least one of the options which relate to at least one of the plurality of the mitigation techniques in connection with the subset of the plurality of the vulnerabilities posed by the at least one of the operating system or the application of the at least one device; code for, based on the user input, deploying the selected at least one option which relates to the at least one mitigation technique in connection with the subset of the plurality of the vulnerabilities posed by the at least one of the operating system or the application of the at least one device, to the at least one device with the at least one of the operating system or the application; code for identifying an occurrence including one or more packets directed to the at least one of the device; code for determining whether the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities posed by the at least one of the operating system or the application of the at least one device; and code for preventing the occurrence from taking advantage of the at least one of the subset of the plurality of the vulnerabilities, utilizing the at least one mitigation technique related to the selected at least one option, based on the determination whether the occurrence is capable of taking advantage of the at least one of the subset of the plurality of the vulnerabilities posed by the at least one of the operating system or the application of the at least one device.
-
-
20. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage that is capable of being used to identify a plurality of potential vulnerabilities, by including; at least one first potential vulnerability, and at least one second potential vulnerability; said actual vulnerability information being generated utilizing the potential vulnerability information by; identifying at least one configuration associated with at least one of a plurality of networked devices, the at least one configuration relating to at least one of an operating system or an application of the at least one networked device, and determining that at least one networked device is actually vulnerable to at least one actual vulnerability based on the identified at least one configuration, utilizing the potential vulnerability information that is capable of being used to identify the plurality of potential vulnerabilities; said actual vulnerability information from the at least one first data storage capable of identifying the at least one actual vulnerability to which at least one networked device is actually vulnerable; code for determining whether an attack is capable of taking advantage of the at least one actual vulnerability to which at least one networked device is actually vulnerable; and code for causing different attack mitigation actions of diverse attack mitigation types, including a firewall-based attack mitigation type and an intrusion prevention system-based attack mitigation type, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device, based on the determination whether the attack is capable of taking advantage of the at least one actual vulnerability to which at least one networked device is actually vulnerable, the at least one actual vulnerability being determined as a function of the at least one of the operating system or the application of the at least one networked device and the different attack mitigation actions being specific to the at least one actual vulnerability, thereby resulting in relevant attack mitigation actions of the diverse attack mitigation types being caused based on the determination whether one or more attacks are capable of taking advantage of only relevant actual vulnerabilities. - View Dependent Claims (21, 22)
-
Specification