Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems
First Claim
1. A method of disseminating instructions for removing an intrusion of a computer security threat, comprising:
- receiving a notification of a computer security threat;
generating a computer-actionable first Threat Management Vector (T M V) from the notification that was received, the first TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, and a computer-readable field that provides identification of a release level for the system type;
transmitting the first TMV that is generated to a plurality of target systems for processing by the plurality of target systems;
generating a null TMV in response to receiving a notification from a target system, included in the plurality of targets systems, that intrusion of the computer security threat has been detected, the null TMV including therein a computer-readable field that identifies that no instructions are available for removing the intrusion of the computer security threat that was detected; and
transmitting the null TMV that is generated to the target system for processing by the target system.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer security threat management information is generated by receiving a notification of a security threat and/or a notification of a test that detects intrusion of a computer security threat. A computer-actionable TMV is generated from the notification that was received. The TMV includes a computer-readable field that provides identification of at least one system type that is effected by the computer security threat, a computer-readable field that provides identification of a release level for a system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level, a computer-readable field that provides identification of a method to reverse the intrusion exploit of the computer security threat for a system type and a release level, and a computer-readable field that provides identification of a method to remediate the vulnerability subject to exploit of the computer security threat for a system type and a release level. The TMV is transmitted to target systems for processing by the target systems.
39 Citations
5 Claims
-
1. A method of disseminating instructions for removing an intrusion of a computer security threat, comprising:
-
receiving a notification of a computer security threat; generating a computer-actionable first Threat Management Vector (T M V) from the notification that was received, the first TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, and a computer-readable field that provides identification of a release level for the system type; transmitting the first TMV that is generated to a plurality of target systems for processing by the plurality of target systems; generating a null TMV in response to receiving a notification from a target system, included in the plurality of targets systems, that intrusion of the computer security threat has been detected, the null TMV including therein a computer-readable field that identifies that no instructions are available for removing the intrusion of the computer security threat that was detected; and transmitting the null TMV that is generated to the target system for processing by the target system. - View Dependent Claims (2)
-
-
3. A computer program product that is configured to process computer security threat management information, the computer program product comprising a non-transitory computer storage medium having computer-readable program code embodied in the medium, the computer-readable program code comprising:
-
computer-readable program code that is configured to receive a computer-actionable first Threat Management Vector (T M V) at a target system, the first TM-V″
including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of a test that detects intrusion of the computer security threat for a system type and a release level;computer-readable program code that is configured to perform the test that detects intrusion of the computer security threat, at the target system, in response to receipt of the first TMV; computer-readable program code that is configured to send a notification from the target system that intrusion of the computer security threat has been detected; computer-readable program code that is configured to receive a second TMV including therein a computer-readable field that identifies instructions for removing the intrusion of the computer security threat that was detected; computer-readable program code that is configured to perform the instructions for removing the intrusion of the computer security threat that was detected, at the target system, in response to receiving the second TMV; and wherein the first TMV further includes a computer-readable field that provides identification of a plurality of tests for a system type and a release level; and wherein the computer-readable program code is configured to perform the test comprises computer-readable program code that is configured to perform the plurality of tests that detect intrusion of the computer security threat, at the target system in response to receiving the first TMV. - View Dependent Claims (4)
-
-
5. A computer security threat management system, comprising:
-
means for receiving a notification of a test that detects intrusion of a computer security threat; means for generating a computer-actionable Threat Management Vector (T M V) from the notification that was received, the TMV including therein a computer-readable field that provides identification of at least one system type that is affected by the computer security threat, a computer-readable field that provides identification of a release level for the system type, and a computer-readable field that provides identification of the test that detects intrusion of the computer security threat for a system type and a release level; means for transmitting the TMV that is generated to a plurality of target systems; means for receiving the TMV that is generated, at the plurality of target systems; and means for performing the test that detects intrusion of the computer security threat, at the target system, in response to receipt of the TMV.
-
Specification