Real-time vulnerability monitoring
DCFirst Claim
1. In a networked computing system comprising a plurality of networked computers on a particular subnet in communication with the Internet, a method comprising:
- receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
displaying an indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information;
accessing a database containing the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
transmitting a query to the database;
receiving from the database a result responsive to the query;
making a security-related determination based on the result;
displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation, and a third technique for installing a software update for occurrence mitigation;
receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation;
based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation;
receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applying the second technique for utilizing the firewall for occurrence mitigation;
receiving user input causing selection of the third technique for installing the software update for occurrence mitigation;
based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, automatically applying the third technique for installing the software update for occurrence mitigation;
identifying;
in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;
determining;
that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.
959 Citations
154 Claims
-
1. In a networked computing system comprising a plurality of networked computers on a particular subnet in communication with the Internet, a method comprising:
-
receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for; identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable; displaying an indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information; accessing a database containing the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable; transmitting a query to the database; receiving from the database a result responsive to the query; making a security-related determination based on the result; displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation, and a third technique for installing a software update for occurrence mitigation; receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation; based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation; receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation; based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applying the second technique for utilizing the firewall for occurrence mitigation; receiving user input causing selection of the third technique for installing the software update for occurrence mitigation; based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, automatically applying the third technique for installing the software update for occurrence mitigation; identifying; in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, and in connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device; determining; that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.
-
-
2. A computer program product embodied on at least one non-transitory computer readable medium, comprising:
-
code for receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for; identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable; code for displaying an indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information; code for displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation and a third technique for installing a software update for occurrence mitigation; code for receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation; code for, based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation; code for receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation; code for, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applying the second technique for utilizing the firewall for occurrence mitigation; code for receiving user input causing selection of the third technique for installing the software update for occurrence mitigation; code for, based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, automatically applying the third technique for installing the software update for occurrence mitigation; code for identifying; in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, and in connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device; code for determining; that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and code for preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 153, 154)
-
-
150. An apparatus, comprising:
-
an intrusion prevention system including computer program product embodied on at least one non-transitory computer readable medium, including; code for receiving a result of at least one operation performed on at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for; identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable; code for displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation and a third technique for installing a software update for occurrence mitigation; code for receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation; code for, based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, applying the first technique for utilizing the intrusion prevention system for occurrence mitigation; code for receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation; code for, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, applying the second technique for utilizing the firewall for occurrence mitigation; code for receiving user input causing selection of the third technique for installing the software update for occurrence mitigation; code for, based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, applying the third technique for installing the software update for occurrence mitigation; code for identifying; for the at least one networked device, a first occurrence including at least one first occurrence packet, and for the at least one networked device, a second occurrence including at least one second occurrence packet; code for determining; that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and code for preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, regardless of whether an update has been installed at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device. - View Dependent Claims (151, 152)
-
Specification