Method and apparatus for detecting vulnerability status of a target
First Claim
1. A computer implemented method comprising:
- receiving at a server from a target, a notification of detection, in real time, of an event on the target, the event on the target comprisingat least one of a change in status of;
a network interface from active to inactive or vice versa,a client network service from start to stop or vice versa,a server network service from start to stop or vice versa, ora port from open to close or vice versa;
determining, at the server, in response to the notification, that a change has occurred in the status of at least one of the network interface, the client network service, the server network service, or the port;
when the notification indicates that the status of the port has changed, determining services running on the port, and based on the determined services, determining that security status of a network comprising the target is vulnerable; and
determining based on the determination of the change of status, that the security status of the network comprising the target is vulnerable,wherein, the detection at the target is implemented by at least one of an operating system (OS) service, an OS command, a hook, or an API.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer implemented method for detecting vulnerability status of a target having interfaces and ports is provided. The method comprises tracking the occurrence of an event including at least one of a network interface becoming active and/or inactive, start and/or stop of a client network service using a port on an active network interface, start and/or stop of a server network service running on a port on an active network interface, and start and/or stop of a network service that does not entail the use of any port. A notification is generated that a possible vulnerability status altering event has occurred. Tracking the occurrence of the event includes tracking using at least one of an operating system (OS) service, an OS command, a hook, and an API.
-
Citations
23 Claims
-
1. A computer implemented method comprising:
-
receiving at a server from a target, a notification of detection, in real time, of an event on the target, the event on the target comprising at least one of a change in status of; a network interface from active to inactive or vice versa, a client network service from start to stop or vice versa, a server network service from start to stop or vice versa, or a port from open to close or vice versa; determining, at the server, in response to the notification, that a change has occurred in the status of at least one of the network interface, the client network service, the server network service, or the port; when the notification indicates that the status of the port has changed, determining services running on the port, and based on the determined services, determining that security status of a network comprising the target is vulnerable; and determining based on the determination of the change of status, that the security status of the network comprising the target is vulnerable, wherein, the detection at the target is implemented by at least one of an operating system (OS) service, an OS command, a hook, or an API. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
at least one processor; and a memory comprising executable instructions, which when executed via the at least one processor implement a method comprising; receiving at a server from a target, a notification of detection, in real time, of an event on the target, the event on the target comprising at least one of a change in status of; a network interface from active to inactive or vice versa, a client network service from start to stop or vice versa, a server network service from start to stop or vice versa, or a port from open to close or vice versa, determining, at the server, in response to the notification, that a change has occurred in the status of at least one of the network interface, the client network service, the server network service, or the port, when the notification indicates that the status of the port has changed, determining services running on the port, and based on the determined services, determining that security status of a network comprising the target is vulnerable; and determining based on the determination of the change of status, that the security status of the network comprising the target is vulnerable, wherein, the detection at the target is implemented by at least one of an operating system (OS) service, an OS command, a hook, or an API. - View Dependent Claims (18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable storage medium stored thereon processor executable instructions, which when executed by at least one processor, implement a method comprising:
-
receiving at a server from a target, a notification of detection, in real time, of an event on the target, the event on the target comprising at least one of a change in status of; a network interface from active to inactive or vice versa, a client network service from start to stop or vice versa, a server network service from start to stop or vice versa, or a port from open to close or vice versa, determining, at the server, in response to the notification, that a change has occurred in the status of at least one of the network interface, the client network service, the server network service, or the port, when the notification indicates that the status of the port has changed, determining services running on the port, and based on the determined services, determining that security status of a network comprising the target is vulnerable; and determining based on the determination of the change of status, that the security status of the network comprising the target is vulnerable, wherein, the detection at the target is implemented by at least one of an operating system (OS) service, an OS command, a hook, or an API.
-
Specification