Signal level propagation mechanism for distribution of a payload to vulnerable systems
First Claim
1. A method of identifying software vulnerabilities in a computer network comprising a set of computer systems having software stored thereon, a scanning system, and a management system, wherein the method comprises:
- operating the scanning system to apply to at least one computer system of at least a subset of the computer systems a first interrogation program arranged to exploit a known software vulnerability;
in the event that the known vulnerability is exploited, operating the first interrogation program to cause the computer system on which the known software vulnerability was exploited to apply to a plurality of said computer systems in said subset a second interrogation program arranged to exploit the known software vulnerability;
in the event that the known vulnerability is exploited by the second interrogation program, operating the second interrogation program to generate management information at the computer system on which the known vulnerability was exploited by the second interrogation program, the management information at least identifying the respective computer system at which the known vulnerability was exploited; and
sending the generated management information to the management system.
6 Assignments
0 Petitions
Accused Products
Abstract
A method of identifying a software vulnerability in computer systems in a computer network includes a multiple level scanning process controlled from a management system connected to the network. The management system runs a root scanner which applies an interrogation program to remote systems having network addresses in a predefined address range. When a software vulnerability is detected, the interrogation program causes the respective remote system to scan topologically local systems, the remote system itself applying a second interrogation program to the local systems to detect and mitigate the vulnerability using an associated mitigation payload. Whilst that local scanning process is in progress, the root scanner can be applied to remote systems in other predefined address ranges.
-
Citations
23 Claims
-
1. A method of identifying software vulnerabilities in a computer network comprising a set of computer systems having software stored thereon, a scanning system, and a management system, wherein the method comprises:
-
operating the scanning system to apply to at least one computer system of at least a subset of the computer systems a first interrogation program arranged to exploit a known software vulnerability; in the event that the known vulnerability is exploited, operating the first interrogation program to cause the computer system on which the known software vulnerability was exploited to apply to a plurality of said computer systems in said subset a second interrogation program arranged to exploit the known software vulnerability; in the event that the known vulnerability is exploited by the second interrogation program, operating the second interrogation program to generate management information at the computer system on which the known vulnerability was exploited by the second interrogation program, the management information at least identifying the respective computer system at which the known vulnerability was exploited; and sending the generated management information to the management system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of detecting a software vulnerability in computer systems contained in a computer network, each computer system having a respective address within the network, wherein the method comprises:
-
running on a root system connected to the network a root scanning program which applies to a plurality of said computer systems that have addresses within a predefined address range a first interrogation program configured to detect a known software vulnerability; in the event that said vulnerability is detected, running the first interrogation program to cause the computer system in which the vulnerability was detected to scan computer systems that have addresses within at least a subset of said predefined address range by applying to those computer systems a second interrogation program configured to detect said vulnerability; and in the event that said vulnerability is detected by the second interrogation program, running the second interrogation program to cause the computer system in which it detected said vulnerability to run a mitigation program mitigating said vulnerability. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program stored on a computer usable medium, the computer program comprising computer-readable instructions arranged to operate under the control of processing means to identify a software vulnerability in a computer network to which the processing means are connected, the computer network comprising a set of computer systems having software stored thereon, the computer program performing the following steps:
-
a scanning step comprising sending to at least one computer system of at least a subset of the computer systems a first interrogation program arranged to exploit a known software vulnerability; in the event that the known vulnerability is exploited, causing the first interrogation program to operate to cause the computer system on which the known software vulnerability was exploited to apply to a plurality of said computer systems in said subset a second interrogation program arranged to exploit the known software vulnerability; the first and second interrogation programs being such that, in the event that the known vulnerability is exploited by the second interrogation program, the second interrogation program is operated to generate management information at the computer system on which the known vulnerability was exploited by the second interrogation program, the management information at least identifying the respective computer system at which the known vulnerability was exploited; and receiving the generated management information.
-
-
19. A computer program stored on a computer usable medium, the computer program comprising computer-readable instructions arranged to operate under the control of processing means to identify a software vulnerability in computer systems contained in a computer network, each computer system having a respective address within the network, the processing means forming part of a root system connected to the network, wherein the computer program performs the step of:
-
running on the root system connected to the network a root scanning program which applies to a plurality of said computer systems that have addresses within a predefined address range a first interrogation program configured to detect a known software vulnerability; and in the event that said vulnerability is detected, causing the first interrogation program to operate so as to cause the computer system in which the vulnerability was detected to scan computer systems that have addresses within at least a subset of said predefined address range by applying to those computer systems a second interrogation program configured to detect said vulnerability, the first and second interrogation programs being such that, in the event that said vulnerability is detected by the second interrogation program, the second interrogation program is operated to cause the computer system in which it detected said vulnerability to run a mitigation program mitigating said vulnerability.
-
-
20. A method of investigating vulnerabilities in a network of computers comprising:
-
using a first computer to scan other computers in the network; detecting a vulnerability in a second computer; and using the second computer to scan further computers which lie in a predefined range of network addresses. - View Dependent Claims (21, 22, 23)
-
Specification