Method and system for security maintenance in a network
First Claim
Patent Images
1. A method, comprising:
- issuing a communication associated with one or more programs to one or more devices in a network;
detecting a response to the communication from each of the one or more devices;
detecting an event logger message from an event logger when the one or more devices sends an event logger event message to the event logger in response to the communication;
analyzing, by a hardware processor, the response and the event logger message;
identifying a threat response when at least one of the detected response represents one of an unexpected response or a response time-out indicating a lack of response from the one or more devices, or the event logger message reports an event;
determining a network vulnerability based on identification of the threat response;
sending a follow-up communication to the one or more devices returning the threat response;
detecting a follow-up response from each of the one or more devices returning the threat response; and
analyzing the follow-up response to determine a network threat condition resulting in the threat response.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for monitoring a network and detecting network vulnerabilities is provided. A communication associated with one or more programs is issued to one or more devices in a network and the response from the devices is detected and analyzed. Based on the analysis, a device response is identified as a threat response if it represents at least an alert, an unexpected response or a response time-out indicating that the device did not response to the communication. The vulnerability of the network is determined based on the threat responses of the devices.
21 Citations
17 Claims
-
1. A method, comprising:
-
issuing a communication associated with one or more programs to one or more devices in a network; detecting a response to the communication from each of the one or more devices; detecting an event logger message from an event logger when the one or more devices sends an event logger event message to the event logger in response to the communication; analyzing, by a hardware processor, the response and the event logger message; identifying a threat response when at least one of the detected response represents one of an unexpected response or a response time-out indicating a lack of response from the one or more devices, or the event logger message reports an event; determining a network vulnerability based on identification of the threat response; sending a follow-up communication to the one or more devices returning the threat response; detecting a follow-up response from each of the one or more devices returning the threat response; and analyzing the follow-up response to determine a network threat condition resulting in the threat response. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium comprising computer-readable instructions of a computer program that, when executed by a processor, cause the processor to perform a method, the method comprising:
-
issuing a communication associated with one or more programs to one or more devices in a network; detecting a response to the communication from each of the one or more devices; detecting an event logger message from an event logger when the one or more devices sends an event logger event message to the event logger in response to the communication; analyzing, by a hardware processor, the response and the event logger message; identifying a threat response when at least one of the detected response represents one of an unexpected response or a response time-out indicating a lack of response from the one or more devices, or the event logger message reports an event; and determining a network vulnerability based on identification of the threat response; sending a follow-up communication to the one or more devices returning the threat response; detecting a follow-up response from each of the one or more devices returning the threat response; and analyzing the follow-up response to determine a network threat condition resulting in the threat response. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a coordinator device, being a hardware processor, connected to a network; a program database coupled to the coordinator device for storing programs; and a threat response database coupled to the coordinator device for storing threat responses associated with devices connected to the network; wherein the coordinator device comprises a coordinator module configured to; issue a communication associated with one or more programs to one or more devices in a network; detect a response to the communication from each of the one or more devices; detect an event logger message from an event logger when the one or more devices sends an event logger event message to the event logger in response to the communication; analyze, by a hardware processor, the response and the event logger message; identify a threat response when at least one of the detected response represents one of an unexpected response or a response time-out indicating a lack of response from the one or more devices, or the event logger message reports an event; and determine a network vulnerability based on identification of the threat response; send a follow-up communication to the one or more devices returning the threat response; detect a follow-up response from each of the one or more devices returning the threat response; and analyze the follow-up response to determine a network threat condition resulting in the threat response. - View Dependent Claims (16, 17)
-
Specification