ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
-
Citations
22 Claims
-
1-2. -2. (canceled)
-
3. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage that is capable of being used to identify a plurality of potential vulnerabilities, by including; at least one first potential vulnerability, and at least one second potential vulnerability; said actual vulnerability information being generated utilizing the potential vulnerability information by; identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, and determining that the plurality of devices is actually vulnerable to at least one actual vulnerability based on the identified at least one configuration, utilizing the potential vulnerability information that is capable of being used to identify the plurality of potential vulnerabilities; code for identifying an occurrence in connection with the plurality of devices; and code for determining that the at least one actual vulnerability of the plurality of devices is capable of being taken advantage of by the occurrence identified in connection with the plurality of devices, utilizing the actual vulnerability information; and code for providing a user with one or more options to selectively utilize different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and an intrusion prevention system-based occurrence mitigation type, across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one actual vulnerability utilize the different occurrence mitigation actions of the diverse occurrence mitigation types at different ones of the plurality of devices. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for accessing a data storage describing a plurality of mitigation techniques that mitigate a plurality of attacks that take advantage of a plurality of vulnerabilities, for retrieving a plurality of options in connection with a portion of the mitigation techniques that correspond with a subset of the plurality of the vulnerabilities resulting from an operating system and an application indicated to be on at least one device; code for presenting the plurality of options in connection with the portion of mitigation techniques that correspond with the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device, the plurality of options relating to an intrusion prevention mitigation technique and a firewall mitigation technique; code for receiving first user input selecting the intrusion prevention mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device; code for receiving second user input selecting the firewall mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device; code for, based on the first user input, applying the selected the intrusion prevention mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device, for occurrence mitigation; code for, based on the second user input, applying the selected firewall mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device, for occurrence mitigation; code for identifying an occurrence including one or more packets directed to the at least one of the device; code for determining whether the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device; and code for preventing the occurrence from taking advantage of the at least one of the subset of the plurality of the vulnerabilities, utilizing at least one of the intrusion prevention mitigation technique or the firewall mitigation technique based on the application thereof, based on the determination whether the occurrence is capable of taking advantage of the at least one of the subset of the plurality of the vulnerabilities resulting from the operating system and the application indicated to be on the at least one device. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage that is capable of being used to identify a plurality of potential vulnerabilities, by including; at least one first potential vulnerability, and at least one second potential vulnerability; said actual vulnerability information being generated utilizing the potential vulnerability information by; identifying at least one configuration associated with at least one of a plurality of networked devices, the at least one configuration relating to at least one of an operating system or an application of the at least one networked device, and determining that at least one networked device is actually vulnerable to at least one actual vulnerability based on the identified at least one configuration, utilizing the potential vulnerability information that is capable of being used to identify the plurality of potential vulnerabilities; said actual vulnerability information from the at least one first data storage capable of identifying the at least one actual vulnerability to which at least one networked device is actually vulnerable; code for determining whether an attack is capable of taking advantage of the at least one actual vulnerability to which at least one networked device is actually vulnerable; code for displaying one or more user options to selectively utilize different attack mitigation actions of diverse attack mitigation types, including a firewall-based attack mitigation type and an intrusion prevention system-based attack mitigation type, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device, such that the at least one actual vulnerability is determined as a function of the at least one of the operating system or the application of the at least one networked device and the different attack mitigation actions are specific to the at least one actual vulnerability, so that only relevant actual vulnerabilities prompt user selection of relevant attack mitigation actions of the diverse attack mitigation types; and code for conditionally completing the different attack mitigation actions of the diverse attack mitigation types, including the firewall-based attack mitigation type and the intrusion prevention system-based attack mitigation type, based on a user input in connection with the displayed one or more user options, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device. - View Dependent Claims (21, 22)
-
Specification