System, method and computer program product for improving computer network intrusion detection by risk prioritization
First Claim
Patent Images
1. A method for prioritized network security, comprising:
- performing a risk assessment scan for identifying vulnerabilities on a network device;
prioritizing the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and
inspecting network communications to attempt to identify, in priority order, network communications that exploit the at least one identified vulnerability before attempting to identify network communications that exploit other known vulnerabilities not identified by the risk assessment scan;
wherein performing the risk assessment scan includes simulating security events.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for prioritized network security. Initially, a risk assessment scan is conducted for identifying vulnerabilities on a network device. Next, network communications are identified that exploit the vulnerabilities identified by the risk assessment scan before identifying network communications that exploit other vulnerabilities. In other words, network communications are monitored for identifying any exploitation of the vulnerabilities identified by the risk assessment scan before identifying any exploitation of other vulnerabilities.
-
Citations
15 Claims
-
1. A method for prioritized network security, comprising:
-
performing a risk assessment scan for identifying vulnerabilities on a network device; prioritizing the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and inspecting network communications to attempt to identify, in priority order, network communications that exploit the at least one identified vulnerability before attempting to identify network communications that exploit other known vulnerabilities not identified by the risk assessment scan; wherein performing the risk assessment scan includes simulating security events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer program product for prioritized network security embodied on a non-transitory computer-readable medium comprising instructions to cause one or more processing devices to:
-
perform a risk assessment scan to identify vulnerabilities on a network device; prioritize the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and inspect network communications to attempt to identify, in priority order, network communications that exploit the at least one identified vulnerability before attempting to identify network communications that exploit other known vulnerabilities not identified by the scan; wherein the instructions to cause the one or more processors to perform the risk assessment scan further comprise instructions to cause the one or more processors to simulate security events that make up an attack and instructions to cause the one or more processors to execute one or more vulnerability probes.
-
-
15. A method for prioritized network security, comprising:
-
performing a risk assessment scan for identifying vulnerabilities on a plurality of network devices utilizing a risk assessment scanning tool; prioritizing the vulnerabilities identified by the risk assessment scan and known vulnerabilities not identified by the risk assessment scan to form a prioritized order, wherein at least one identified vulnerability is prioritized higher than a non-identified vulnerability; and utilizing the prioritized vulnerabilities to enhance network security; wherein performing the risk assessment scan includes simulating security events that make up an attack and executing one or more vulnerability probes; and wherein network communications that exploit the prioritized vulnerabilities identified by the risk assessment scan are attempted to be identified before attempting to identify network communications that exploit other known vulnerabilities not identified by the scan.
-
Specification