System, method and computer program product for improving computer network intrusion detection by risk prioritization

US 8,266,703 B1
Filed: 09/12/2007
Issued: 09/11/2012
Est. Priority Date: 11/30/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method for prioritized network security, comprising:

performing a risk assessment scan for identifying vulnerabilities on a network device;

prioritizing the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and

inspecting network communications to attempt to identify, in priority order, network communications that exploit the at least one identified vulnerability before attempting to identify network communications that exploit other known vulnerabilities not identified by the risk assessment scan;

wherein performing the risk assessment scan includes simulating security events.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for prioritized network security. Initially, a risk assessment scan is conducted for identifying vulnerabilities on a network device. Next, network communications are identified that exploit the vulnerabilities identified by the risk assessment scan before identifying network communications that exploit other vulnerabilities. In other words, network communications are monitored for identifying any exploitation of the vulnerabilities identified by the risk assessment scan before identifying any exploitation of other vulnerabilities.

Citations

15 Claims

1. A method for prioritized network security, comprising:
- performing a risk assessment scan for identifying vulnerabilities on a network device;
  
  prioritizing the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and
  
  inspecting network communications to attempt to identify, in priority order, network communications that exploit the at least one identified vulnerability before attempting to identify network communications that exploit other known vulnerabilities not identified by the risk assessment scan;
  
  wherein performing the risk assessment scan includes simulating security events.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method as recited in claim 1, wherein the risk assessment scan is carried out utilizing a risk assessment scanning tool.
  - 3. The method as recited in claim 1, wherein the risk assessment scan is performed on a plurality of network devices.
  - 4. The method as recited in claim 1, further comprising executing a remedying event upon identifying network communications that exploit the vulnerabilities.
  - 5. The method as recited in claim 1, wherein the network communications that exploit vulnerabilities of a lower risk are dropped before network communications that exploit vulnerabilities of a higher risk.
  - 6. The method as recited in claim 1, wherein the network communications include packets.
  - 7. The method as recited in claim 1, wherein results of simulating the security events and executing the one or more vulnerability probes are compared against a list of known vulnerabilities.
  - 8. The method as recited in claim 1, wherein the risk assessment scan is repeated.
  - 9. The method as recited in claim 8, wherein the risk assessment scan is repeated periodically.
  - 10. The method as recited in claim 1, wherein the vulnerabilities are prioritized by comparing the vulnerabilities identified by the risk assessment scan against a plurality of groups of vulnerabilities.
  - 11. The method as recited in claim 10, wherein the groups of vulnerabilities include a low risk group, a medium risk group, and a high risk group.
  - 12. The method as recited in claim 11, wherein the vulnerabilities identified by the risk assessment scan are transmitted to an intrusion detection system capable of identifying the network communications that exploit the vulnerabilities identified by the risk assessment scan before identifying network communications that exploit other vulnerabilities.
  - 13. The method as recited in claim 11, wherein the act of performing the risk assessment scan and the act of identifying the network communications are carried out by a common module.

14. A computer program product for prioritized network security embodied on a non-transitory computer-readable medium comprising instructions to cause one or more processing devices to:
- perform a risk assessment scan to identify vulnerabilities on a network device;
  
  prioritize the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and
  
  inspect network communications to attempt to identify, in priority order, network communications that exploit the at least one identified vulnerability before attempting to identify network communications that exploit other known vulnerabilities not identified by the scan;
  
  wherein the instructions to cause the one or more processors to perform the risk assessment scan further comprise instructions to cause the one or more processors to simulate security events that make up an attack and instructions to cause the one or more processors to execute one or more vulnerability probes.

15. A method for prioritized network security, comprising:
- performing a risk assessment scan for identifying vulnerabilities on a plurality of network devices utilizing a risk assessment scanning tool;
  
  prioritizing the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and
  
  utilizing the prioritized vulnerabilities to enhance network security;
  
  wherein performing the risk assessment scan includes simulating security events that make up an attack and executing one or more vulnerability probes; and
  
  wherein network communications that exploit the prioritized vulnerabilities identified by the risk assessment scan are attempted to be identified before attempting to identify network communications that exploit other known vulnerabilities not identified by the scan.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Magdych, James S., Rahmanovic, Tarik, McDonald, John R., Tellier, Brock E.
Primary Examiner(s)
Lipman, Jacob

Application Number

US11/854,412
Time in Patent Office

1,826 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

H04L 63/1433 Vulnerability analysis

H04L 63/145 the attack involving the pr...

System, method and computer program product for improving computer network intrusion detection by risk prioritization

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for improving computer network intrusion detection by risk prioritization

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links