Intrusion detection and vulnerability assessment system, method and computer program product
First Claim
Patent Images
1. A method, comprising:
- monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, utilizing an intrusion detection system;
performing a vulnerability assessment scan for identifying vulnerabilities utilizing a vulnerability assessment system coupled to the intrusion detection system;
determining whether the network communications exploit at least one of a plurality of known vulnerabilities;
executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and
updating a database of known vulnerabilities based on the vulnerability assessment scan;
wherein the intrusion detection system and the vulnerability assessment system are integrated in a single module;
wherein the remedying event includes extracting harmful information from infected network communications.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and associated method/computer program product are provided including an intrusion detection tool for determining whether network communications violate at least one of a plurality of policies. Such policies are defined to detect potential attacks in the network communications. Further included is a vulnerability assessment scanning tool coupled to the intrusion detection tool. The vulnerability assessment scanning tool is adapted for performing a vulnerability assessment scan for identifying vulnerabilities.
46 Citations
16 Claims
-
1. A method, comprising:
-
monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, utilizing an intrusion detection system; performing a vulnerability assessment scan for identifying vulnerabilities utilizing a vulnerability assessment system coupled to the intrusion detection system; determining whether the network communications exploit at least one of a plurality of known vulnerabilities; executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and updating a database of known vulnerabilities based on the vulnerability assessment scan; wherein the intrusion detection system and the vulnerability assessment system are integrated in a single module; wherein the remedying event includes extracting harmful information from infected network communications. - View Dependent Claims (2, 3, 4, 11, 12, 13, 14, 15, 16)
-
-
5. A computer program product embodied on a tangible computer readable medium comprising:
-
computer code for monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, utilizing an intrusion detection system; computer code for performing a vulnerability assessment scan for identifying vulnerabilities, utilizing a vulnerability assessment system coupled to the intrusion detection system; computer code for determining whether the network communication exploit at least one of a plurality of known vulnerabilities; computer code for executing a remedying event if it is determined that the network communications exploit at least on of the plurality of known vulnerabilities; and computer code for updating a database of known vulnerabilities based on the vulnerability assessment scan; wherein the intrusion detection system and the vulnerability assessment system are integrated in a single module; wherein the remedying event includes code for extracting harmful information from infected network communications. - View Dependent Claims (6, 7, 8)
-
-
9. A system including a tangible computer readable medium, the system for scanning network communications, comprising:
-
intrusion detection means for monitoring network communications for violations of policies where the policies are defined to detect potential attacks in the network communications, determining whether the network communications exploit at least one of a plurality of known vulnerabilities, and executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and vulnerabilities assessment means for performing a vulnerability assessment scan for identifying vulnerabilities, and updating a database of known vulnerabilities based on the vulnerability assessment scan; wherein the intrusion detection means and the vulnerability assessment means are integrated in a single module; wherein the remedying event includes extracting harmful information from infected network communications.
-
-
10. A system including a tangible computer readable medium, comprising:
-
an intrusion detection tool for determining whether network communications violate at least one of a plurality of policies where the policies are defined to detect potential attacks in the network communications, determining whether the network communications exploit at least one of a plurality of known vulnerabilities, executing a remedying event if it is determined that the network communications exploit at least one of the plurality of known vulnerabilities; and a risk assessment scanning tool coupled to the intrusion detection tool, the risk assessment scanning tool adapted for performing a risk assessment scan for identifying vulnerabilities, and updating a database of known vulnerabilities based on the risk assessment scan; wherein the remedying event includes extracting harmful information from infected network communications; wherein the intrusion detection tool and the risk assessment scanning tool are embodied on the tangible computer readable medium.
-
Specification