System, method and computer program product for risk assessment scanning based on detected anomalous events
First Claim
Patent Images
1. A method for scanning a source of suspicious network communications, comprising:
- monitoring network communications for violations of policies, wherein the policies are defined to detect potential attacks in the network communications;
determining whether the network communications violate at least one of the policies;
identifying a source of the network communications that violate at least one of the policies; and
automatically scanning the source of the network communications upon it being determined that the network communications violate at least one of the policies;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
9 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for scanning a source of suspicious network communications. Initially, network communications are monitored for violations of policies. Then, it is determined whether the network communications violate at least one of the policies. Further, a source of the network communications that violate at least one of the policies is identified. Upon it being determined that the network communications violate at least one of the policies, the source of the network communications is automatically scanned.
-
Citations
27 Claims
-
1. A method for scanning a source of suspicious network communications, comprising:
-
monitoring network communications for violations of policies, wherein the policies are defined to detect potential attacks in the network communications;
determining whether the network communications violate at least one of the policies;
identifying a source of the network communications that violate at least one of the policies; and
automatically scanning the source of the network communications upon it being determined that the network communications violate at least one of the policies;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
-
-
2. The method as recited in claim 1, and further comprising determining whether the network communications exploit at least one of a plurality of known vulnerabilities.
-
3. The method as recited in claim 2, and further comprising executing a remedying event if it is determined that the network communications exploit at least one of the known vulnerabilities.
-
4. The method as recited in claim 1, wherein the policies are user-defined.
-
5. The method as recited in claim 1, and further comprising executing a remedying event based on the risk assessment scan.
-
6. The method as recited in claim 5, and further comprising updating a database of known vulnerabilities based on the risk assessment scan.
-
7. The method as recited in claim 6, wherein the database of known vulnerabilities is utilized for determining whether the network communications exploit at least one of a plurality of the known vulnerabilities, and executing a remedying event if it is determined that the network communications exploit at least one of the known vulnerabilities.
-
8. The method as recited in claim 1, wherein the monitoring, the determining, and the identifying are executed utilizing an intrusion detection tool.
-
9. The method as recited in claim 1, wherein the scanning is executed utilizing a risk assessment scanning tool.
-
10. The method as recited in claim 1, wherein the monitoring, the determining, the identifying, and the scanning are executed utilizing a single module.
-
11. A computer program product for scanning a source of suspicious network communications, comprising:
-
computer code for monitoring network communications for violations of policies, wherein the policies are defined to detect potential attacks in the network communications;
computer code for determining whether the network communications violate at least one of the policies;
computer code for identifying a source of the network communications that violate at least one of the policies; and
computer code for automatically scanning the source of the network communications upon it being determined that the network communications violate at least one of the policies;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
-
-
12. The computer program product as recited in claim 11, and further comprising computer code for determining whether the network communications exploit at least one of a plurality of known vulnerabilities.
-
13. The computer program product as recited in claim 12, and further comprising computer code for executing a remedying event if it is determined that the network communications exploit at least one of the known vulnerabilities.
-
14. The computer program product as recited in claim 11, wherein the policies are user-defined.
-
15. The computer program product as recited in claim 11, and further comprising computer code for executing a remedying event based on the risk assessment scan.
-
16. The computer program product as recited in claim 15, and further comprising computer code for updating a database of known vulnerabilities based on the risk assessment scan.
-
17. The computer program product as recited in claim 16, wherein the database of known vulnerabilities is utilized for determining whether the network communications exploit at least one of a plurality of the known vulnerabilities, and executing a remedying event if it is determined that the network communications exploit at least one of the known vulnerabilities.
-
18. The computer program product as recited in claim 11, wherein the computer code segments for the monitoring, the determining, and the identifying are executed utilizing an intrusion detection tool.
-
19. The computer program product as recited in claim 11, wherein the computer code segment for the scanning is executed utilizing a risk assessment scanning tool.
-
20. The computer program product as recited in claim 11, wherein the computer code segments for the monitoring, the determining, the identifying, and the scanning are executed utilizing a single module.
-
21. A system for scanning a source of suspicious network communications, comprising:
-
means for monitoring network communications for violations of policies, wherein the policies are defined to detect potential attacks in the network communications;
means for determining whether the network communications violate at least one of the policies;
means for identifying a source of the network communications that violate at least one of the policies; and
means for automatically scanning the source of the network communications upon it being determined that the network communications violate at least one of the policies;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
-
-
22. A system for scanning a source of suspicious network communications, comprising:
-
logic for monitoring network communications for violations of policies, wherein the policies are defined to detect potential attacks in the network communications;
logic for determining whether the network communications violate at least one of the policies;
logic for identifying a source of the network communications that violate at least one of the policies; and
logic for automatically scanning the source of the network communications upon it being determined that the network communications violate at least one of the policies;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
-
-
23. A system for scanning a source of suspicious network communications, comprising:
-
an intrusion detection tool for determining whether network communications violate at least one of a plurality of policies, wherein the policies are defined to detect potential attacks in the network communications; and
a risk assessment scanning tool coupled to the intrusion detection tool, the risk assessment scanning tool adapted for scanning a source of the network communications that violate the at least one policy in response to a command from the intrusion detection tool;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
-
-
24. A scanning method, comprising:
-
determining whether network communications exploit at least one of a plurality of known vulnerabilities;
executing a remedying event if it is determined that the network communications exploit at least one of the known vulnerabilities;
determining whether the network communications violate at least one of a plurality of policies, wherein the policies are defined to detect potential attacks in the network communications; and
automatically scanning at least one of a source and destination of the network communications upon it being determined that the network communications violate at least one of the policies;
wherein the scanning includes a risk assessment scan for identifying vulnerabilities.
-
-
25. A method for scanning a source of suspicious network communications, comprising:
-
(a) receiving a plurality of known vulnerabilities and a plurality of user-defined policies from a database, wherein the policies are defined to detect potential attacks in the network communications;
(b) monitoring network communications utilizing an intrusion detection tool;
(c) identifying a source of the network communications utilizing the intrusion detection tool;
(d) determining whether the network communications exploit at least one of the known vulnerabilities utilizing the intrusion detection tool;
(e) executing a remedying event utilizing the intrusion detection tool if it is determined that the network communications exploit at least one of the known vulnerabilities;
(f) determining whether the network communications violate at least one of the policies;
(g) performing, a risk assessment scan on the source of the network communications utilizing a risk assessment scanning tool if it is determined that the network communications violate at least one of the policies, the risk assessment scan adapted for identifying vulnerabilities on the source;
(h) executing a remedying event based on the risk assessment scan; and
(i) updating the known vulnerabilities in the database based on the risk assessment scan.
-
-
26. A method for identifying a vulnerability of a network device, comprising:
-
receiving a list of known vulnerabilities over a network;
identifying a network device;
probing the identified network device utilizing a risk assessment scanner capable of simulating a security event;
generating a result of the probing;
comparing the result against the list of known vulnerabilities;
identifying a vulnerability of the network device based on the comparison;
reporting the identified vulnerability to a user;
testing a user password for security compliance; and
updating the list of known vulnerabilities with a vulnerability identified by the risk assessment scanner;
wherein the receiving, the identifying, the probing, the generating, the comparing, the identifying, the reporting, the testing, and the updating are executed utilizing a single module.
-
-
27. The method as recited in claim 26, and further comprising initiating a remedying event.
Specification