Systems and methods for real-time network-based vulnerability assessment
First Claim
1. A system for real-time vulnerability assessment of a host computer or device, said system comprising:
- an agent residing and running on the host computer or device, said agent comprising;
an executable agent module configured to track in real-time the status of interfaces and ports on interfaces of host computer or device by monitoring and storing the status information as information entries in a first data structure,wherein the agent tracks the status of interfaces and ports by listening to the start and stop of network services on the host computer or device in real-time;
said executable agent module configured to compare the entries to determine any change in the status of at least one of interfaces and ports on the interfaces of the host computer or device,said executable agent communicating the information entries to a remote destination server on the network;
the remote destination server comprising;
an executable server module configured to receive the information entries communicated by the executable agent module,said executable server module configured to store the received information entries in a second data structure, wherein the information entries indicate the state of each of the ports on each of the active interfaces of the host computer or device,said executable server module configured to compare the received information entries with stored information on the server to determine the change in the status of at least one of interfaces and ports on the interfaces of the host computer or device, andsaid executable server module configured to run a network based vulnerability assessment tests on the host computer or device in the event of a change in the status of at least one of interface and ports.
7 Assignments
0 Petitions
Accused Products
Abstract
A system for real-time vulnerability assessment of a host/device, said system comprising an agent running on the host/device. The agent includes a a first data structure for storing the status of interfaces and ports on the interfaces of the host/device. An n executable agent module is coupled to the first data structure to track the status of interfaces and ports on the interfaces of the host/device and to store the information, as entries in said first data structure. The executable agent module compares the entries to determine a change in the status of interfaces and/or of ports on the interfaces of the host/device. A remote destination server is provided that includes a second data structure for storing the status of interfaces and the ports on the interfaces of the host/device. An executable server module is coupled to the second data structure to receive the information communicated by the agent executable module of the agent on the host/device. The executable server module stores the received information as entries in the second data structure wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as received. The executable server module compares the entries in said data structures to determine the change in the status of interfaces and ports on the interfaces of the host/device. The executable server module runs vulnerability assessment tests on the host/device in the event of a change in the status of interface/ports.
-
Citations
34 Claims
-
1. A system for real-time vulnerability assessment of a host computer or device, said system comprising:
-
an agent residing and running on the host computer or device, said agent comprising; an executable agent module configured to track in real-time the status of interfaces and ports on interfaces of host computer or device by monitoring and storing the status information as information entries in a first data structure, wherein the agent tracks the status of interfaces and ports by listening to the start and stop of network services on the host computer or device in real-time; said executable agent module configured to compare the entries to determine any change in the status of at least one of interfaces and ports on the interfaces of the host computer or device, said executable agent communicating the information entries to a remote destination server on the network; the remote destination server comprising; an executable server module configured to receive the information entries communicated by the executable agent module, said executable server module configured to store the received information entries in a second data structure, wherein the information entries indicate the state of each of the ports on each of the active interfaces of the host computer or device, said executable server module configured to compare the received information entries with stored information on the server to determine the change in the status of at least one of interfaces and ports on the interfaces of the host computer or device, and said executable server module configured to run a network based vulnerability assessment tests on the host computer or device in the event of a change in the status of at least one of interface and ports. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Logic encoded in a program stored in a computer readable storage device for real-time vulnerability assessment of a host computer or device, and said program when executed by a computer causes the computer to perform the following steps:
-
an agent residing and running on the host computer or device, said agent, tracking in real-time the status of at least one of interfaces and ports on a host computer or device by monitoring and storing the status information as information entries in a first data structure, wherein the agent tracks the status of interfaces and ports by listening to the start and stop of network services on the host computer or device in real-time; comparing the entries to determine any change in the status of at least one of interfaces and ports on the interfaces of the host computer or device, communicating the change in the status of at least one of the interfaces and ports of the host computer or device to a remotely located destination server on the network, tracking, by the remote destination server, in real-time the status of ports and interfaces of the host computer or device communicated by the agent, and conducting, by the remote destination server, a network based vulnerability assessment tests on the host computer or device in the event of a change in the status of at least one of interfaces and ports of the host computer or device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer-implemented method for real-time vulnerability assessment of a host computer or device, said method comprising:
-
tracking, by the agent residing and running on the host computer or device, in real-time the status of interfaces and ports on the host computer or device, wherein the agent tracks the status of interfaces and ports by listening to the start and stop of network services the host computer or device in real-time; collecting and storing the status as information entries in a first data structure on the host computer or device; comparing the entries to determine any change in the status of at least one of interfaces and the status of ports on the interfaces of the host computer or device; communicating the changes in the status of interfaces and the status of ports to a remotely located remote destination server on the network; storing said changes as entries in a second data structure in the remote destination server wherein the entries indicate the state of each of the ports on each of the active interfaces of the host computer or device communicated by the agent; comparing, by the remote destination server, the entries stored at the remote destination server to determine it there is any change in the status of interfaces and ports on the interfaces of the host computer or device; and running, by the remote destination server, a network based vulnerability assessment tests on the host computer or device and reporting the results. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34)
-
Specification