Real-time vulnerability monitoring

US 10,154,055 B2
Filed: 08/24/2015
Issued: 12/11/2018
Est. Priority Date: 07/01/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. An apparatus, comprising:

at least one platform;

an intrusion prevention system component that is communicatively coupled with the at least one platform;

a firewall that is communicatively coupled with the at least one platform;

at least one first data storage that is communicatively coupled with the at least one platform; and

at least one second data storage that is communicatively coupled with the at least one platform;

said at least one platform;

receives a result of at least one operation performed on at least one of a plurality of networked devices, the at least one operation based on first information from the at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;

identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in the at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;

causes to display, via at least one user interface, a plurality of techniques including a first technique for utilizing the intrusion prevention system component for occurrence mitigation, and a second technique for utilizing the firewall for occurrence mitigation;

allows receipt of;

user input causing selection of the first technique for utilizing the intrusion prevention system component for occurrence mitigation;

user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;

applies, based on the user input causing selection of the first technique for utilizing the intrusion prevention system component for occurrence mitigation, the first technique for utilizing the intrusion prevention system component for occurrence mitigation;

applies, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, the second technique for utilizing the firewall for occurrence mitigation;

identifies;

for the at least one networked device, a first occurrence including at least one first occurrence packet, andfor the at least one networked device, a second occurrence including at least one second occurrence packet;

determines;

that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;

that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, andcauses a reporting of at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.

View all claims

0 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

An apparatus is provided including at least one platform; an intrusion prevention system configured to communicative couple with the at least one platform; a firewall configured to communicative couple with the at least one platform; at least one first data storage configured to communicative couple with the at least one platform; and at least one second data storage configured to communicative couple with the at least one platform. The at least one platform is configured to perform a plurality of operations that collective protect one or more networked devices.

945 Citations

20 Claims

1. An apparatus, comprising:
- at least one platform;
  
  an intrusion prevention system component that is communicatively coupled with the at least one platform;
  
  a firewall that is communicatively coupled with the at least one platform;
  
  at least one first data storage that is communicatively coupled with the at least one platform; and
  
  at least one second data storage that is communicatively coupled with the at least one platform;
  
  said at least one platform;
  
  receives a result of at least one operation performed on at least one of a plurality of networked devices, the at least one operation based on first information from the at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in the at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  causes to display, via at least one user interface, a plurality of techniques including a first technique for utilizing the intrusion prevention system component for occurrence mitigation, and a second technique for utilizing the firewall for occurrence mitigation;
  
  allows receipt of;
  
  user input causing selection of the first technique for utilizing the intrusion prevention system component for occurrence mitigation;
  
  user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  applies, based on the user input causing selection of the first technique for utilizing the intrusion prevention system component for occurrence mitigation, the first technique for utilizing the intrusion prevention system component for occurrence mitigation;
  
  applies, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, the second technique for utilizing the firewall for occurrence mitigation;
  
  identifies;
  
  for the at least one networked device, a first occurrence including at least one first occurrence packet, andfor the at least one networked device, a second occurrence including at least one second occurrence packet;
  
  determines;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, andcauses a reporting of at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the platform includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the platform that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the platform further including logic that receives the second information and utilizes the second information to conditionally cause the display of, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 3. The apparatus of claim 1, wherein the platform includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the platform that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the platform further including logic that receives actual vulnerability information and utilizes the actual vulnerability information to relevantly cause the display of, as a function of one or more actual vulnerabilities identified utilizing the actual vulnerability information, multiple of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality.
  - 4. The apparatus of claim 1, wherein the platform manages different user selections which are capable of being received for different devices, for allowing different techniques including the first technique and the second technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in:
    - only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device.
  - 5. The apparatus of claim 1, wherein the platform manages the first technique which is automatically applied utilizing a first communication, and the second technique is automatically applied utilizing a second communication;
    - wherein the platform includes intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, the platform further manages to receive the second information to conditionally cause display of, as a function of an existence of the at least one actual vulnerability, the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are caused to be displayed to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality;
      
      wherein the apparatus further allows different user selections which are capable of being received for different devices, for allowing different techniques including the first technique and the second technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in;
      
      only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device.
  - 6. The apparatus of claim 1, wherein the apparatus is configured such that one or more of the plurality of mitigation techniques is capable of being identified based on an identification of an application.

7. An apparatus, comprising:
- at least one platform;
  
  an intrusion prevention system that is communicatively coupled with the at least one platform;
  
  a firewall that is communicatively coupled with the at least one platform;
  
  at least one first data storage that is communicatively coupled with the at least one platform; and
  
  at least one second data storage that is communicatively coupled with the at least one platform;
  
  said at least one platform;
  
  receives a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from the at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, and determining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in the at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  causes to display, via at least one user interface, a plurality of techniques including a first technique for utilizing the intrusion prevention system for occurrence mitigation, a second technique for utilizing the firewall for occurrence mitigation;
  
  allows receipt of;
  
  user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, anduser input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applies the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applies the second technique for utilizing the firewall for occurrence mitigation;
  
  causes identification of;
  
  in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;
  
  determines;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  causes a reporting of at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus of claim 7, wherein the intrusion prevention system includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the intrusion prevention system that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the intrusion prevention system further including logic that receives the second information and utilizes the second information to conditionally cause the display of, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 9. The apparatus of claim 7, wherein the intrusion prevention system includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the intrusion prevention system that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the intrusion prevention system further including logic that receives actual vulnerability information and utilizes the actual vulnerability information to relevantly cause the display of, as a function of one or more actual vulnerabilities identified utilizing the actual vulnerability information, multiple of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality.
  - 10. The apparatus of claim 7, wherein the intrusion prevention system manages different user selections which are capable of being received for different devices, for allowing different techniques including the first technique and the second technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in:
    - only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device.
  - 11. The apparatus of claim 7, wherein the intrusion prevention system manages the first technique which is automatically applied utilizing a first communication, and the second technique is automatically applied utilizing a second communication;
    - wherein the intrusion prevention system includes intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, the intrusion prevention system further configured to receive the second information to conditionally cause display of, as a function of an existence of the at least one actual vulnerability, the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are caused to be displayed to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality;
      
      wherein the apparatus allows the different user selections which are capable of being received for different devices, for allowing different techniques including the first technique and the second technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in;
      
      only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device.
  - 12. The apparatus of claim 7, wherein the intrusion prevention system determines which of the networked devices have weaknesses by directly querying a firmware or operating system thereof.
  - 13. The apparatus of claim 7, wherein the intrusion prevention system implements at least one of:
    - said result includes the second information;
      
      said at least one first data storage includes at least one first database;
      
      said at least one first data storage is a component of a network operations center (NOC) server;
      
      said at least one second data storage includes at least one second database;
      
      said first information is from the at least one first data storage via at least one of;
      
      receiving at least one update therefrom;
      
      pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
      
      said at least one operation includes a vulnerability scan operation;
      
      said at least one operation is automatic;
      
      said identifying the at least one configuration is automatic;
      
      said at least one actual vulnerability includes at least one of the potential vulnerabilities to which the at least one networked device is determined to be actually vulnerable based on identified at least one configuration;
      
      said at least one configuration includes at least one of;
      
      service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of an operating system, identification of a software version, or identification of software;
      
      said determining that the at least one networked device is actually vulnerable to the at least one actual vulnerability includes at least one of;
      
      matching the identified at least one configuration with a guideline associated with at least one update, or cross-referencing an identifier with the configuration;
      
      said second information identifies the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said second information is stored in the at least one second storage when it is utilized;
      
      said indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable includes an identification of the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said computer program product is embodied on a single non-transitory computer readable medium;
      
      said first technique and second technique are of different types;
      
      at least one of said first or second techniques include at least one of remediation techniques, mitigation techniques, attack mitigation techniques, or vulnerability mitigation techniques;
      
      said occurrence mitigation includes at least one of removing the at least one actual vulnerability, occurrence prevention, or reducing an effect of a particular occurrence;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation and the second technique for utilizing the firewall for occurrence mitigation are displayed via the same user interface;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation and the second technique for utilizing the firewall for occurrence mitigation are displayed via different user interface elements;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation, and the second technique for utilizing the firewall for occurrence mitigation, are displayed via the at least one user interface utilizing at least one of options or graphical user interface elements;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation results in the first technique being automatically applied at a later time;
      
      at least one of said first or second techniques, after the user selection thereof, is automatically applied at a later time;
      
      said user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the first technique being automatically applied at a later time;
      
      said user input causing selection of the first technique and the user input causing selection of the second technique including separate user inputs;
      
      said automatic application of the first technique puts a policy in place for being utilized at a later time;
      
      said automatic application of the second technique puts a policy in place for being utilized at a later time;
      
      at least one of said first or second techniques, after the automatic application thereof, is utilized at a later time for the occurrence mitigation, said user input selecting the first technique is received utilizing the at least one user interface;
      
      said user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation specifically identifies the first technique;
      
      said user input causing selection of the second technique for utilizing the firewall for occurrence mitigation specifically identifies the second technique;
      
      said user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is received in response to the display of the first technique;
      
      said user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is received in connection with the display of the second technique;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation involves an intrusion prevention system action that prevents an attack;
      
      said second technique for utilizing the firewall for occurrence mitigation includes a firewall action that blocks an attack;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation utilizes the intrusion prevention system to deploy a patch utilizing an update component;
      
      said second technique for utilizing the firewall for occurrence mitigation utilizes the firewall to deploy a patch utilizing an update component;
      
      said automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation includes the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, said automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation results from the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said intrusion prevention system and the firewall are separate;
      
      said intrusion prevention system and the firewall are integrated on the same single platform;
      
      said first occurrence includes an attack;
      
      said first occurrence includes an incident and said second occurrence includes an event;
      
      said determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, is carried out utilizing at least one of vulnerability identifiers, profiles, threat information, or the second information;
      
      said reporting includes reporting of the second occurrence;
      
      said reporting is carried out utilizing a log;
      
      orsaid at least one first occurrence packet of the first occurrence is prevented by terminating or dropping the same.

14. An intrusion prevention system, comprising:
- means for receiving a result of at least one operation performed on at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  means for causing display of, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, and a second technique for utilizing a firewall for occurrence mitigation;
  
  means for receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation and user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  means for;
  
  based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, applying the first technique for utilizing the intrusion prevention system for occurrence mitigation; and
  
  based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, applying the second technique for utilizing the firewall for occurrence mitigation;
  
  means for identifying;
  
  for the at least one networked device, a first occurrence including at least one first occurrence packet, andfor the at least one networked device, a second occurrence including at least one second occurrence packet;
  
  code for determining;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, andthat the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  means for causing a reporting of at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The intrusion prevention system of claim 14, wherein the intrusion prevention system includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the system that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the intrusion prevention system further including logic that receives the second information and utilizes the second information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 16. The intrusion prevention system of claim 14, wherein the intrusion prevention system includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, the intrusion prevention system further including means for receiving the second information and utilizing the second information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 17. The intrusion prevention system of claim 14, wherein the intrusion prevention system includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the system that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the system further including logic that receives actual vulnerability information and utilizes the actual vulnerability information to relevantly display, as a function of one or more actual vulnerabilities identified utilizing the actual vulnerability information, multiple of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality.
  - 18. The intrusion prevention system of claim 14, wherein the intrusion prevention system is configured such that different user selections are capable of being received for different devices, for allowing different techniques including the first technique and the second technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in:
    - only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device.
  - 19. The intrusion prevention system of claim 14, wherein the intrusion prevention system includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, the intrusion prevention system further including means for receiving the second information and utilizing the second information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality;
    - wherein the intrusion prevention system is further configured such that different user selections are capable of being received for different devices, for allowing different techniques including the first technique and the second technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in;
      
      only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device.

20. An apparatus, comprising:
- at least one platform for communicating with an intrusion prevention system, a firewall, at least one first data storage, and at least one second data storage;
  
  said at least one platform;
  
  receives a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from the at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in the at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  causes to display, via at least one user interface, a plurality of techniques including a first technique for utilizing the intrusion prevention system for occurrence mitigation, a second technique for utilizing the firewall for occurrence mitigation;
  
  allows receipt of;
  
  user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, anduser input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applies the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applies the second technique for utilizing the firewall for occurrence mitigation;
  
  causes identification of;
  
  in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;
  
  determines;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  causes a reporting of at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.
Primary Examiner(s)
Harriman, Dant Shaifer

Application Number

US14/834,102
Publication Number

US 20160088010A1
Time in Patent Office

1,205 Days
Field of Search

726 23
US Class Current
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Real-time vulnerability monitoring

First Claim

0 Assignments

Litigations

0 Petitions

Reexamination

Accused Products

Abstract

945 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time vulnerability monitoring

First Claim

0 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

945 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links