MULTI-PATH REMEDIATION
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.
20 Citations
22 Claims
-
1-2. -2. (canceled)
-
3. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for accessing at least one at least one data storage capable of associating a plurality of device vulnerabilities to which computing devices can be subject, each device vulnerability having a vulnerability identifier, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities; such that; each of the device vulnerabilities is associated with at least one remediation technique; each remediation technique associated with a particular device vulnerability remediates that particular device vulnerability; each remediation technique has a remediation type including at least one of a patch, a policy setting, or a configuration option; and a first one of the device vulnerabilities is associated with at least two alternative remediation techniques; code for receiving a query signal in connection with the first one of the device vulnerabilities; and code for sending a response signal, automatically generated in response to the query signal, for displaying the at least two alternative remediation techniques for selection by a user via a user interface; code for receiving a selection of at least one of the at least two alternative remediation techniques; and code for applying the selected at least one of the at least two alternative remediation techniques. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
-
code for; accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that; each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option, and at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities; code for receiving a first signal in connection with the first one of the vulnerabilities; code for sending a second signal, in response to the first signal, for displaying the at least two mitigation techniques for selection by a user via at least one user interface; code for receiving a selection of at least one of the at least two mitigation techniques; and code for applying the selected at least one of the at least two mitigation techniques. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system, comprising:
-
an intrusion prevention system component capable of accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that; each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option, at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, and said at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes a real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities; said intrusion prevention system component configured for; receiving a first signal relating to the first one of the vulnerabilities; sending a second signal, in response to the first signal, for causing a display of the at least two mitigation techniques for selection by a user via at least one user interface; receiving a selection of at least one of the at least two mitigation techniques; and automatically applying the selected at least one of the at least two mitigation techniques utilizing a communication between a server and client code supporting the intrusion prevention system component.
-
Specification