Anti-vulnerability system, method, and computer program product
DCFirst Claim
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for allowing access to first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability;
code for causing at least one operation in connection with at least one of a plurality of networked devices, the at least one operation configured for;
identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to one or more actual vulnerabilities, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information is stored in at least one second data storage separate from the at least one first data storage, the second information identifying the one or more actual vulnerabilities to which the at least one networked device is actually vulnerable;
code for identifying a first occurrence in connection with the at least one networked device and a second occurrence in connection with the at least one networked device;
code for;
determining the first occurrence to have a first severity if the at least one networked device is actually vulnerable to at least one of the actual vulnerabilities that is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device, and further determining the second occurrence to have a second severity if the at least one networked device is not actually vulnerable to the second occurrence identified in connection with the at least one networked device;
code for reporting the first occurrence and the second occurrence differently based on the first severity and the second severity;
code for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for occurrence mitigation, and a second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation;
code for receiving user input selecting the first technique for setting or modifying the policy for occurrence mitigation, utilizing the at least one user interface;
code for, based on the user input selecting the first technique for setting or modifying the policy for occurrence mitigation, automatically applying the first technique for setting or modifying the policy for occurrence mitigation, such that an identification of a particular actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the first technique, for mitigating a particular occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the particular actual vulnerability and the particular actual vulnerability is capable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device, and further for not mitigating the particular occurrence if the particular actual vulnerability is incapable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device;
code for receiving user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, utilizing the at least one user interface; and
code for, based on the user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, automatically applying the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, such that an identification of a certain actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the second technique, for reacting to packets in connection with a certain occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the certain actual vulnerability and the certain actual vulnerability is capable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device, and further for not reacting, at least in part, to packets in connection with the certain occurrence if the certain actual vulnerability is incapable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device;
wherein the computer program product is operable such that at least one of;
said at least one first data storage includes at least one first database;
said at least one first data storage is a component of a network operations center (NOC) server;
said at least one second data storage includes at least one second database;
said allowed access to the first information from the at least one first data storage is accomplished by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus;
said at least one operation includes a vulnerability scan operation;
said at least one configuration includes at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, an aspect of an operating system, or registry information;
said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities, is carried out by utilizing at least one of a vulnerability identifier or a profile;
said first occurrence of the first severity includes an incident and said second occurrence of the second severity includes an event;
said second occurrence is reported differently than the first occurrence by not being reported;
said first technique for setting or modifying the policy includes just setting the policy;
said first technique for setting or modifying the policy includes just setting the policy, and said policy is associated with at least one of a policy template, a custom policy, or standardized template;
said second technique for reacting to the packets is carried out utilizing a firewall;
said occurrence mitigation includes at least one of removing the one or more actual vulnerabilities, or reducing an effect of a detected occurrence;
said reacting to packets involves at least one of dropping, blocking, or redirecting;
said occurrence mitigation is carried out for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server, and the at least one particular aspect includes at least one of an operating system or an application;
said particular actual vulnerability is at least one of the actual vulnerabilities;
said certain actual vulnerability is at least one of the actual vulnerabilities;
said particular actual vulnerability is the certain actual vulnerability;
said particular occurrence is the certain occurrence;
said particular occurrence includes the first occurrence;
said certain occurrence includes the first occurrence;
said first and second techniques include remediation techniques;
said first occurrence includes an attack;
said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the second information and at least one of the plurality of techniques;
orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities is carried out by directly querying a firmware or an operating system.
0 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for mitigating a first occurrence, and a second technique for dropping packets in connection with at least one networked device for mitigating the first occurrence. Based on user input selecting the first technique for setting or modifying the policy for mitigating the first occurrence, the first technique is automatically applied for setting or modifying the policy for mitigating the first occurrence. Based on the user input selecting the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence, the second technique is applied for dropping packets in connection with the at least one networked device for mitigating the first occurrence.
-
Citations
20 Claims
-
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for allowing access to first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability; code for causing at least one operation in connection with at least one of a plurality of networked devices, the at least one operation configured for; identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to one or more actual vulnerabilities, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information is stored in at least one second data storage separate from the at least one first data storage, the second information identifying the one or more actual vulnerabilities to which the at least one networked device is actually vulnerable; code for identifying a first occurrence in connection with the at least one networked device and a second occurrence in connection with the at least one networked device; code for;
determining the first occurrence to have a first severity if the at least one networked device is actually vulnerable to at least one of the actual vulnerabilities that is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device, and further determining the second occurrence to have a second severity if the at least one networked device is not actually vulnerable to the second occurrence identified in connection with the at least one networked device;code for reporting the first occurrence and the second occurrence differently based on the first severity and the second severity; code for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for occurrence mitigation, and a second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation; code for receiving user input selecting the first technique for setting or modifying the policy for occurrence mitigation, utilizing the at least one user interface; code for, based on the user input selecting the first technique for setting or modifying the policy for occurrence mitigation, automatically applying the first technique for setting or modifying the policy for occurrence mitigation, such that an identification of a particular actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the first technique, for mitigating a particular occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the particular actual vulnerability and the particular actual vulnerability is capable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device, and further for not mitigating the particular occurrence if the particular actual vulnerability is incapable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device; code for receiving user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, utilizing the at least one user interface; and code for, based on the user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, automatically applying the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, such that an identification of a certain actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the second technique, for reacting to packets in connection with a certain occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the certain actual vulnerability and the certain actual vulnerability is capable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device, and further for not reacting, at least in part, to packets in connection with the certain occurrence if the certain actual vulnerability is incapable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device; wherein the computer program product is operable such that at least one of; said at least one first data storage includes at least one first database;
said at least one first data storage is a component of a network operations center (NOC) server;said at least one second data storage includes at least one second database; said allowed access to the first information from the at least one first data storage is accomplished by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus; said at least one operation includes a vulnerability scan operation; said at least one configuration includes at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, an aspect of an operating system, or registry information; said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities, is carried out by utilizing at least one of a vulnerability identifier or a profile; said first occurrence of the first severity includes an incident and said second occurrence of the second severity includes an event; said second occurrence is reported differently than the first occurrence by not being reported; said first technique for setting or modifying the policy includes just setting the policy; said first technique for setting or modifying the policy includes just setting the policy, and said policy is associated with at least one of a policy template, a custom policy, or standardized template; said second technique for reacting to the packets is carried out utilizing a firewall; said occurrence mitigation includes at least one of removing the one or more actual vulnerabilities, or reducing an effect of a detected occurrence; said reacting to packets involves at least one of dropping, blocking, or redirecting; said occurrence mitigation is carried out for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server, and the at least one particular aspect includes at least one of an operating system or an application; said particular actual vulnerability is at least one of the actual vulnerabilities; said certain actual vulnerability is at least one of the actual vulnerabilities; said particular actual vulnerability is the certain actual vulnerability; said particular occurrence is the certain occurrence; said particular occurrence includes the first occurrence; said certain occurrence includes the first occurrence; said first and second techniques include remediation techniques; said first occurrence includes an attack; said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the second information and at least one of the plurality of techniques;
orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities is carried out by directly querying a firmware or an operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product embodied on at least one non-transitory computer readable medium, comprising:
-
code for receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for; identifying at least one aspect associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one aspect and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable; code for displaying an indication of the at least one networked device and the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information; code for displaying, via at least one user interface, a plurality of techniques including a first technique for setting a policy for occurrence mitigation, and a second technique for setting an option for occurrence mitigation; code for receiving user input causing selection of the first technique for setting the policy for occurrence mitigation; code for, based on the user input causing selection of the first technique for setting the policy for occurrence mitigation, automatically applying the first technique for setting the policy for occurrence mitigation, such that an identification of a particular actual vulnerability to which the at least one networked device is actually vulnerable is capable of being used in connection with the first technique, by virtue of a capability of mitigating a particular occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the particular actual vulnerability and the particular actual vulnerability is capable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device, and further by virtue of a capability of not mitigating the particular occurrence if the particular actual vulnerability is incapable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device; code for receiving user input causing selection of the second technique for setting the option for occurrence mitigation; code for, based on the user input causing selection of the second technique for setting the option for occurrence mitigation, automatically applying the second technique for setting the option for occurrence mitigation, such that the identification of a certain actual vulnerability to which the at least one networked device is actually vulnerable is capable of being used in connection with the second technique, by virtue of a capability of mitigating a certain occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the certain actual vulnerability and the certain actual vulnerability is capable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device, and further by virtue of a capability of not mitigating the certain occurrence if the certain actual vulnerability is incapable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device; code for identifying; in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, and in connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device; code for determining; that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; wherein the computer program product is operable such that the at least one first occurrence packet of the first occurrence is reacted to in response to the identification of the first occurrence, to prevent the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device; wherein the computer program product is operable such that at least one of; said at least one first data storage includes at least one first database; said at least one first data storage is a component of a network operations center (NOC) server; said at least one second data storage includes at least one second database; said first information from the at least one first data storage is accessed by at least one of;
receiving at least one update therefrom;
pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus; said at least one operation includes a vulnerability scan operation; said at least one aspect includes at least one configuration including at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, an aspect of an operating system, or registry information; said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability, is carried out by utilizing at least one of a vulnerability identifier or a profile; said first occurrence includes an incident and said second occurrence includes an event; said second occurrence is reported differently than the first occurrence by not being reported; said policy is associated with at least one of a policy template, a custom policy, or standardized template; said second technique for setting the option is carried out utilizing a firewall;
said occurrence mitigation includes at least one of removing the at least one actual vulnerability, or reducing an effect of a detected occurrence;said occurrence mitigation is carried out for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server, and the at least one particular aspect includes at least one of an operating system or an application; said particular actual vulnerability is at least one of the actual vulnerabilities; said certain actual vulnerability is at least one of the actual vulnerabilities; said particular actual vulnerability is the certain actual vulnerability; said particular occurrence is the certain occurrence; said particular occurrence includes the first occurrence; said certain occurrence includes the first occurrence; said first and second techniques include remediation techniques; said first occurrence includes an attack; said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the second information and at least one of the plurality of techniques;
orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability is carried out by directly querying a firmware or an operating system. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving actual vulnerability information from at least one first data structure that is generated utilizing potential vulnerability information from at least one second data structure that is capable of being used to identify a plurality of potential vulnerabilities, by including; at least one first potential vulnerability, and at least one second potential vulnerability; said actual vulnerability information being generated utilizing the potential vulnerability information by; identifying at least one aspect associated with at least one of a plurality of networked devices, the at least one aspect relating to at least one of an operating system or an application of the at least one networked device, and determining that at least one networked device is actually vulnerable to at least one actual vulnerability based on the identified at least one aspect, utilizing the potential vulnerability information that is capable of being used to identify the plurality of potential vulnerabilities; said actual vulnerability information from the at least one first data structure capable of being used for identifying the at least one actual vulnerability to which at least one networked device is actually vulnerable; code for displaying, via at least one user interface, one or more options for applying one or more different attack mitigation actions of diverse attack mitigation types; code for receiving user input selecting the one or more options for applying the one or more different attack mitigation actions of the diverse attack mitigation types; code for determining whether an attack is capable of taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable; and code for, based on the user input, applying the one or more different attack mitigation actions of the diverse attack mitigation types, including at least one of a firewall-based attack mitigation type, an intrusion prevention system-based attack mitigation type, a router-based attack mitigation type, or a compliance attack mitigation type, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device, based on the determination whether the attack is capable of taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, the at least one actual vulnerability being a function of the at least one of the operating system or the application of the at least one networked device and the one or more different attack mitigation actions corresponding to the at least one actual vulnerability, thereby resulting in one or more relevant attack mitigation actions being selectively applied; wherein the computer program product is operable such that the identification of the least one actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the display of the one or more options for applying the one or more different attack mitigation actions of the diverse attack mitigation types, resulting in mitigation of the attack in connection with the at least one networked device if the at least one networked device is actually vulnerable to the least one actual vulnerability and the least one actual vulnerability is capable of being taken advantage of by the attack in connection with the at least one networked device, and further resulting in an avoidance, at least in part, of mitigation of the attack if the least one actual vulnerability is incapable, at least in part, of being taken advantage of by the attack identified in connection with the at least one networked device; wherein the computer program product is operable such that at least one of; said at least one first data structure is stored in at least one data storage that includes at least one database; said at least one second data structure is stored in at least one data storage that is a component of a network operations center (NOC) server; said at least one second data structure is stored in at least one data storage that includes at least one database; said potential vulnerability information from the at least one second data structure is accessed by at least one of;
receiving at least one update therefrom, pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in the application or the operating system that are capable of being exploited by an attack or a virus; said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability is carried out in connection with a vulnerability scan operation; said at least one aspect includes at least one configuration involving at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, or registry information; said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability, is carried out by utilizing at least one of a vulnerability identifier or a profile; said one or more different attack mitigation actions are applied for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server; said one or more different attack mitigation actions involve one or more remediation techniques; said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the actual vulnerability information and the one or more different attack mitigation actions;
orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability is carried out by directly querying a firmware or the operating system. - View Dependent Claims (18, 19, 20)
-
Specification