ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT

US 20160094576A1
Filed: 08/24/2015
Published: 03/31/2016
Est. Priority Date: 07/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:

code for;

accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;

each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;

code for;

displaying at least one mitigation technique in connection with at least one vulnerability to be applied as an attack response, andreceiving user input for selecting the at least one mitigation technique in connection with the at least one vulnerability; and

code for;

receiving information in connection with at least one of a plurality of devices, andidentifying a particular attack in connection with the at least one device that takes advantage of the at least one vulnerability, based on the information;

wherein the computer program product is operable such that, as a result of the user input for selecting the at least one mitigation technique in connection with the at least one vulnerability, the particular attack is prevented from taking advantage of the at least one vulnerability, while there is no update at the at least one of the device that removes the at least one vulnerability from the at least one device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that: each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, and each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option. Further, the system, method, and computer program product are provided for displaying at least one mitigation technique in connection with at least one vulnerability to be applied as an attack response, and receiving user input for selecting the at least one mitigation technique in connection with the at least one vulnerability.

Citations

20 Claims

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
- code for;
  
  accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
  
  code for;
  
  displaying at least one mitigation technique in connection with at least one vulnerability to be applied as an attack response, andreceiving user input for selecting the at least one mitigation technique in connection with the at least one vulnerability; and
  
  code for;
  
  receiving information in connection with at least one of a plurality of devices, andidentifying a particular attack in connection with the at least one device that takes advantage of the at least one vulnerability, based on the information;
  
  wherein the computer program product is operable such that, as a result of the user input for selecting the at least one mitigation technique in connection with the at least one vulnerability, the particular attack is prevented from taking advantage of the at least one vulnerability, while there is no update at the at least one of the device that removes the at least one vulnerability from the at least one device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The computer program product of claim 1, wherein the computer program product is operable such that the displayed at least one mitigation technique includes at least two mitigation techniques include a firewall option for preventing at least one attack packet of the particular by terminating or dropping the same, and an intrusion detection or prevention option for preventing a connection request;
    - the computer program product is further operable such that, in response to user input received prior to the particular, the firewall option is capable of being applied to a plurality of different devices for preventing the at least one attack packet at any of the different devices; and
      
      the computer program product is further operable such that, in response to additional user input after the particular in connection with a particular single device of the plurality of different devices, the intrusion detection or prevention option is capable of being applied to the particular single device for preventing the connection request at the particular single device.
  - 3. The computer program product of claim 1, wherein the computer program product is operable such that the displayed at least one mitigation technique includes at least two mitigation techniques include a firewall option for preventing at least one attack packet of the particular by terminating or dropping the same, and an intrusion detection or prevention option for preventing a connection request;
    - the computer program product is further operable such that, in response to user input prior to the particular in connection, the intrusion detection or prevention option is capable of being applied to a plurality of different devices for preventing the connection request at the plurality of different devices; and
      
      the computer program product is further operable such that, in response to user input after the particular in connection with a particular single device of the plurality of different devices, the firewall option is capable of being applied to the particular single device for preventing the at least one attack packet at the particular single device.
  - 4. The computer program product of claim 1, wherein the computer program product is operable such that the at least one vulnerability is identified as a function of at least one of an operating system or an application identified in connection with a device, so that, in order to avoid false positives, only relevant vulnerabilities prompt mitigation technique user selection among at least two of the mitigation techniques, which involve both firewall and intrusion prevention system actions, for providing diverse mitigation options in connection with the particular.
  - 5. The computer program product of claim 1, wherein the computer program product is operable such that which of the mitigation techniques that are displayed are based on actual vulnerabilities to which the at least one device is actually vulnerable so that only relevant mitigation techniques are displayed for selection by the user for real-time attack mitigation.
  - 6. The computer program product of claim 1, wherein the computer program product is operable such that the at least one vulnerability is identified as a function of at least one of an operating system or an application identified in connection with the at least one device and the at least one mitigation technique is specific to the at least one vulnerability, so that only relevant one or more vulnerabilities prompt selection of relevant one or more mitigation techniques by the user for application.
  - 7. The computer program product of claim 1, wherein the computer program product is operable such that the user input is capable of being received via at least one user interface for different devices, for allowing different attack mitigation actions including at least one intrusion prevention action and at least one firewall action to be selectively applied to the different devices for different actual vulnerabilities determined to be actually relevant based on a presence of at least one of an operating system or an application.
  - 8. The computer program product of claim 1, wherein the computer program product is operable such that the displayed at least one mitigation technique includes at least two mitigation techniques including a first mitigation technique that utilizes a firewall action for at least mitigating the particular attack that takes advantage of the at least one vulnerability and a second mitigation technique that utilizes an intrusion prevention action for at least mitigating the particular attack that takes advantage of the at least one vulnerability.
  - 9. The computer program product of claim 8, wherein the computer program product is operable such that different user input is capable of being received via at least one console for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by the user to the different devices for different actual vulnerabilities.
  - 10. The computer program product of claim 8, wherein the computer program product is operable such that different user input is capable of being received via at least one console for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by the user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in:
    - only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, and both the first mitigation technique and the second mitigation technique being selectively applied by the user to at least one third device.
  - 11. The computer program product of claim 8, wherein the computer program product is operable such that the displayed at least one mitigation technique further includes a third mitigation technique that utilizes a policy compliance action for at least mitigating the particular attack that takes advantage of the at least one vulnerability, wherein the computer program product is operable such that different user input is capable of being received via at least one console for different devices, for allowing different mitigation techniques including the first mitigation technique, the second mitigation technique, and the third mitigation technique to be selectively applied by the user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in:
    - only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, both the first mitigation technique and the second mitigation technique being selectively applied by the user to at least one third device, and the third mitigation technique being selectively applied by the user to the at least one first device, the at least one second device, and the at least one third device.
  - 12. The computer program product of claim 8, wherein the computer program product is operable such that the first mitigation technique is automatically applied utilizing a first communication from a server to firewall-supporting client code, and the second technique is automatically applied utilizing a second communication from the server to intrusion prevention system-supporting client code, where the firewall-supporting client code and the system-supporting client code are part of the same client agent.
  - 13. The computer program product of claim 8, wherein the computer program product is operable such that the first mitigation technique and the second technique are automatically applied by sending at least one encrypted communication from a server to an intrusion prevention system-supporting and firewall-supporting client code associated with the same single platform.
  - 14. The computer program product of claim 1, wherein the computer program product is operable such that the information is capable of being used to determine a characterization of a payload.
  - 15. The computer program product of claim 1, wherein the computer program product is operable such that the at least one data storage identifies the plurality of mitigation techniques based on receipt of an identification of an operating system of the at least one device.
  - 16. The computer program product of claim 15, wherein the computer program product is operable such that such that the particular attack is prevented from taking advantage of the at least one vulnerability which includes an actual vulnerability of the at least one device related to the operating system thereof.
  - 17. The computer program product of claim 16, wherein the computer program product is operable such that the identification of the operating system of the at least one device is received as a result of a vulnerability assessment scan.
  - 18. The computer program product of claim 1, wherein at least one of:
    - said at least one data storage includes at least one database;
      
      said at least one data storage is accessed by at least one of;
      
      receiving at least one update therefrom;
      
      pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
      
      said mitigation techniques include remediation techniques;
      
      each mitigation technique has a mitigation type including the patch;
      
      each mitigation technique has a mitigation type including the policy setting;
      
      each mitigation technique has a mitigation type including the configuration option;
      
      each mitigation technique is capable of mitigating the effect of the attack that takes advantage of the corresponding vulnerability, by dropping packets associated with the attack or removing the corresponding vulnerability;
      
      said information is capable of being used to determine an intended destination of a connection request;
      
      orsaid information includes a vulnerability identifier;
      
      wherein the computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation technique;
      
      and wherein the computer program product is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.

19. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
- code for;
  
  accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
  
  code for;
  
  receiving information in connection with at least one of a plurality of devices; and
  
  identifying an attack on the at least one device that takes advantage of at least one of the vulnerabilities, based on the information;
  
  code for;
  
  automatically applying at least two of the plurality of mitigation techniques including at least one first mitigation technique of a first mitigation type and at least one second mitigation technique of a second mitigation type to the at least one device, in response to the attack for mitigating the attack;
  
  wherein the computer program product is operable such that the attack is mitigated by preventing the attack from taking advantage of the at least one vulnerability, while there is no update at the at least one of the device that removes the at least one vulnerability from the at least one device.

20. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
- at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities associated with an operating system identified in connection with at least one of a plurality of devices, such that;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
  
  code for;
  
  displaying at least two of the mitigation techniques in connection with at least one vulnerability, andreceiving at least one user input in connection with the at least two mitigation techniques;
  
  code for;
  
  automatically applying the at least two mitigation techniques based on the user input, the at least two mitigation techniques including;
  
  at least one first mitigation technique for utilizing a firewall for attack mitigation, andat least one second mitigation technique for utilizing an intrusion prevention system for attack mitigation; and
  
  code for;
  
  receiving information in connection with the at least one device, andidentifying a particular attack in connection with the at least one device that takes advantage of the at least one vulnerability, based on the information;
  
  wherein the computer program product is operable such that the attack is mitigated utilizing the first mitigation technique for utilizing the firewall for attack mitigation and the at least one second mitigation technique for second mitigation technique for utilizing the intrusion prevention system for attack mitigation, regardless of whether there is no update at the at least one of the device that removes the at least one vulnerability from the at least one device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.

Application Number

US14/834,170
Publication Number

US 20160094576A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/245   Query processing

G06F 21/50   Monitoring users, programs ...

G06F 21/554   involving event detection a...

G06F 8/65   Updates security arrangemen...

H04L 63/02   for separating internal fro...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links