MULTI-PATH REMEDIATION

US 20150040230A1
Filed: 09/28/2014
Published: 02/05/2015
Est. Priority Date: 07/01/2003
Status: Active Grant

First Claim

Patent Images

1-2. -2. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.

20 Citations

View as Search Results

22 Claims

1-2. -2. (canceled)

3. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for accessing at least one at least one data storage capable of associating a plurality of device vulnerabilities to which computing devices can be subject, each device vulnerability having a vulnerability identifier, witha plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities;
  
  such that;
  
  each of the device vulnerabilities is associated with at least one remediation technique;
  
  each remediation technique associated with a particular device vulnerability remediates that particular device vulnerability;
  
  each remediation technique has a remediation type including at least one of a patch, a policy setting, or a configuration option; and
  
  a first one of the device vulnerabilities is associated with at least two alternative remediation techniques;
  
  code for receiving a query signal in connection with the first one of the device vulnerabilities; and
  
  code for sending a response signal, automatically generated in response to the query signal, for displaying the at least two alternative remediation techniques for selection by a user via a user interface;
  
  code for receiving a selection of at least one of the at least two alternative remediation techniques; and
  
  code for applying the selected at least one of the at least two alternative remediation techniques.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
- - 4. The computer program product of claim 3, wherein the computer program product is operable such that the at least two alternative remediation techniques include a firewall option for preventing at least one attack packet of an attack by terminating or dropping the same, and an intrusion detection or prevention option for preventing a connection request.
  - 5. The computer program product of claim 4, wherein the computer program product is operable such that, in response to user input received prior to the attack, the firewall option is applied to a plurality of different devices for preventing the at least one attack packet at any of the different devices.
  - 6. The computer program product of claim 5, wherein the computer program product is operable such that, in response to additional user input after the attack in connection with a particular single device of the plurality of different devices, the intrusion detection or prevention option is applied to the particular single device for preventing the connection request at the particular single device.
  - 7. The computer program product of claim 6, wherein the computer program product is operable such that, in response to user input prior to the attack in connection, the intrusion detection or prevention option is applied to a plurality of different devices for preventing the connection request at the plurality of different devices.
  - 8. The computer program product of claim 7, wherein the computer program product is operable such that, in response to user input after the attack in connection with a particular single device of the plurality of different devices, the firewall option is applied to the particular single device for preventing the at least one attack packet at the particular single device.
  - 9. The computer program product of claim 3, and further comprising:
    - code for causing at least one operation in connection with at least one of a plurality of networked devices, the at least one operation configured for;
      
      identifying at least one configuration associated with the at least one networked device, anddetermining whether the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration; and
      
      storing information identifying the at least one actual vulnerability to which the at least one networked device is actually vulnerable for use in connection with the selected at least one of the at least two alternative remediation techniques.
  - 10. The computer program product of claim 3, wherein the computer program product is operable such at least one of:
    - said remediation type includes the patch;
      
      said remediation type includes the policy setting;
      
      said remediation type includes the configuration option;
      
      said query signal is sent in connection with an identification of an attack that is capable of exploiting the first one of the device vulnerabilities;
      
      said query signal is sent before the identification of an attack that is capable of exploiting the first one of the device vulnerabilities;
      
      said query signal includes a vulnerability identifier;
      
      said at least one data storage is accessed by at least one of;
      
      receiving at least one update therefrom;
      
      pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
      
      at least some of said remediation techniques are configured for mitigating an effect of an attack that takes advantage of the corresponding device vulnerability;
      
      at least some of said remediation techniques are configured for removing the corresponding device vulnerability utilizing an update;
      
      said alternative remediation techniques are of different ones of the remediation types;
      
      orboth of said alternative remediation techniques are capable of being selected;
      
      wherein the computer program product is further operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with the device vulnerabilities, and wherein the computer program product is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.

11. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
- code for;
  
  accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability,each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option, andat least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities;
  
  code for receiving a first signal in connection with the first one of the vulnerabilities;
  
  code for sending a second signal, in response to the first signal, for displaying the at least two mitigation techniques for selection by a user via at least one user interface;
  
  code for receiving a selection of at least one of the at least two mitigation techniques; and
  
  code for applying the selected at least one of the at least two mitigation techniques.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The computer program product of claim 11, wherein the computer program product is operable such that the at least two mitigation techniques include a firewall option for preventing at least one attack packet of an attack by terminating or dropping the same, and an intrusion detection or prevention option for preventing a connection request;
    - the computer program product is further operable such that, in response to user input received prior to the attack, the firewall option is capable of being applied to a plurality of different devices for preventing the at least one attack packet at any of the different devices; and
      
      the computer program product is further operable such that, in response to additional user input after the attack in connection with a particular single device of the plurality of different devices, the intrusion detection or prevention option is capable of being applied to the particular single device for preventing the connection request at the particular single device.
  - 13. The computer program product of claim 11, wherein the computer program product is operable such that the at least two mitigation techniques include a firewall option for preventing at least one attack packet of an attack by terminating or dropping the same, and an intrusion detection or prevention option for preventing a connection request;
    - the computer program product is further operable such that, in response to user input prior to the attack, the intrusion detection or prevention option is capable of being applied to a plurality of different devices for preventing the connection request at the plurality of different devices; and
      
      the computer program product is further operable such that, in response to user input after the attack in connection with a particular single device of the plurality of different devices, the firewall option is capable of being applied to the particular single device for preventing the at least one attack packet at the particular single device.
  - 14. The computer program product of claim 11, wherein the computer program product is operable such that the first one of the vulnerabilities is identified as a function of at least one of an operating system or an application identified in connection with a device, such that the first signal is capable of being received in connection with the first one of the vulnerabilities based on the identification, so that, in order to avoid false positives, only relevant vulnerabilities prompt mitigation technique user selection among the at least two mitigation techniques, which involve both firewall and intrusion prevention system actions for providing diverse mitigation options in connection with the attack.
  - 15. The computer program product of claim 11, wherein the computer program product is operable such that which of the mitigation techniques that are displayed are based on actual vulnerabilities to which multiple devices are actually vulnerable so that only relevant mitigation techniques are displayed for selection by the user for application.
  - 16. The computer program product of claim 11, wherein the computer program product is operable such that the first one of the vulnerabilities is identified as a function of at least one of an operating system or an application identified in connection with a device and the at least two mitigation techniques are specific to the first one of the vulnerabilities, such that the first signal is capable of being received in connection with the first one of the vulnerabilities based on the identification, so that only relevant vulnerabilities prompt selection of relevant mitigation techniques by the user for application.
  - 17. The computer program product of claim 11, wherein the computer program product is operable such that the user input is capable of being received via the at least one user interface for different devices, for allowing different attack mitigation actions including at least one intrusion prevention action and at least one firewall action to be selectively applied to the different devices for different actual vulnerabilities determined to be actually relevant based on a presence of at least one of an operating system or an application.
  - 18. The computer program product of claim 11, wherein the computer program product is operable such that the at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating an attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes an intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities.
  - 19. The computer program product of claim 18, wherein the computer program product is operable such that the at least two mitigation techniques are displayed in connection with the first one of the vulnerabilities.
  - 20. The computer program product of claim 19, wherein the computer program product is operable such that different user input is capable of being received for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by the user to the different devices for different actual vulnerabilities.
  - 21. The computer program product of claim 19, wherein the computer program product is operable such that different user input is capable of being received for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by the user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in:
    - only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, and both the first mitigation technique and the second mitigation technique being selectively applied by the user to at least one third device.

22. A system, comprising:
- an intrusion prevention system component capable of accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability,each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option,at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, andsaid at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes a real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities;
  
  said intrusion prevention system component configured for;
  
  receiving a first signal relating to the first one of the vulnerabilities;
  
  sending a second signal, in response to the first signal, for causing a display of the at least two mitigation techniques for selection by a user via at least one user interface;
  
  receiving a selection of at least one of the at least two mitigation techniques; and
  
  automatically applying the selected at least one of the at least two mitigation techniques utilizing a communication between a server and client code supporting the intrusion prevention system component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.

Granted Patent

US 9,118,708 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

MULTI-PATH REMEDIATION

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-PATH REMEDIATION

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links