System for real-time network-based vulnerability assessment of a host/device via real-time tracking, vulnerability assessment of services and a method thereof
First Claim
1. A system for real-time vulnerability assessment of a host/device, said system comprising:
- an agent running on the host/device, said agent comprising;
a first data structure for storing the status of interfaces and ports on the interfaces of the host/device, an executable agent module coupled to the first data structure to track the status of interfaces and ports on the interfaces of the host/device and to store the information, as entries in said first data structure, said executable agent module to compare the entries to determine a change in the status of interfaces and/or of ports on the interfaces of the host/device, a remote destination server, said destination server comprising, a second data structure for storing the status of interfaces and the ports on the interfaces of the host/device, an executable server module coupled to the second data structure to receive the information communicated by the agent executable module of the agent on the host/device, said executable server module to store the received information as entries in the second data structure wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as received, said executable server module to compare the entries in said data structures to determine the change in the status of interfaces and ports on the interfaces of the host/device, and said executable server module to run vulnerability assessment tests on the host/device in the event of a change in the status of interface/ports.
7 Assignments
0 Petitions
Accused Products
Abstract
A system for real-time vulnerability assessment of a host/device, said system comprising an agent running on the host/device. The agent includes a a first data structure for storing the status of interfaces and ports on the interfaces of the host/device. An n executable agent module is coupled to the first data structure to track the status of interfaces and ports on the interfaces of the host/device and to store the information, as entries in said first data structure. The executable agent module compares the entries to determine a change in the status of interfaces and/or of ports on the interfaces of the host/device. A remote destination server is provided that includes a second data structure for storing the status of interfaces and the ports on the interfaces of the host/device. An executable server module is coupled to the second data structure to receive the information communicated by the agent executable module of the agent on the host/device. The executable server module stores the received information as entries in the second data structure wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as received. The executable server module compares the entries in said data structures to determine the change in the status of interfaces and ports on the interfaces of the host/device. The executable server module runs vulnerability assessment tests on the host/device in the event of a change in the status of interface/ports.
165 Citations
38 Claims
-
1. A system for real-time vulnerability assessment of a host/device, said system comprising:
-
an agent running on the host/device, said agent comprising;
a first data structure for storing the status of interfaces and ports on the interfaces of the host/device, an executable agent module coupled to the first data structure to track the status of interfaces and ports on the interfaces of the host/device and to store the information, as entries in said first data structure, said executable agent module to compare the entries to determine a change in the status of interfaces and/or of ports on the interfaces of the host/device, a remote destination server, said destination server comprising, a second data structure for storing the status of interfaces and the ports on the interfaces of the host/device, an executable server module coupled to the second data structure to receive the information communicated by the agent executable module of the agent on the host/device, said executable server module to store the received information as entries in the second data structure wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as received, said executable server module to compare the entries in said data structures to determine the change in the status of interfaces and ports on the interfaces of the host/device, and said executable server module to run vulnerability assessment tests on the host/device in the event of a change in the status of interface/ports. - View Dependent Claims (2, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
3. A system for real-time vulnerability assessment of a host/device, said system comprising:
-
an agent running on the host/device, said agent comprising;
a first data structure to store the status of interfaces on the host/device and the ports on the interfaces on the host/device, an executable agent module coupled to the first data structure and operable to track the status of interfaces and ports on the interfaces of the host/device to collect and store the information, as entries in the first data structure, said executable agent module coupled to the first data structure to compare the entries to determine a change in the status of interfaces and/or of ports on the interfaces of the host/device, said executable agent module to communicate said changes to a remotely located destination server on the network, and a destination server running remotely, said destination server comprising;
a second data structure for storing the status of interfaces/ports on the host/device, an executable server module coupled to the second data structure to receive information communicated by the executable module on the host/device, said executable server module coupled to the second data structure to store the received information as entries in the second data structure wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as received, said executable server module coupled to the second data structure to compare the entries to determine any change in the status of interfaces and ports on the interfaces of the host/device as reported to it, said executable server module coupled to the second data structure to process the changes to determine any new interfaces active and/or any newly opened ports on any of the active interfaces on the host/device on which services are listening as reported to it, said executable server module coupled to the second data structure to run tests remotely to identify the network services running on the newly opened ports on the various active interfaces of the host/device, said executable server module coupled to the second data structure to run vulnerability assessment tests on the identified network services on the newly opened ports of the interfaces and storing the results, and said executable server module coupled to the second data structure to obtain an incremental or an overall vulnerability status report of the host/device from the results of the current vulnerability tests, and previously stored results. - View Dependent Claims (4)
-
-
15. Logic encoded in media for real-time vulnerability assessment of a host/device, and operable to perform the following steps:
-
a) tracking in real-time the status of interfaces and/or of the ports on a host/device, b) communicating a change in the status of the interfaces and/or the status of ports of the host/device to a remotely located destination server on the network, c) tracking in real-time the reported status of ports and interfaces of the host/device by the destination server, and d) conducting vulnerability assessment tests on the host/device by the destination server in the event of a change in the status of interfaces and/or ports of the host/device. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
16. Logic encoded in media for real-time vulnerability assessment of a host/device, and operable to perform the following steps:
-
a) tracking in real-time the status of interfaces and/or ports on a host/device, b) communicating the change in the status of the interfaces and/or the status of ports to a remotely located destination server on the network, c) tracking in real-time the reported status of the ports and interfaces of the host/device by the destination server, d) processing the changes by the destination server to determine new active interfaces or newly opened ports on any of the active interfaces on the host/device on which services are listening, e) running tests to identify remotely the network services running on the newly opened ports on the various active interfaces of the host/device, f) running vulnerability assessment tests on the identified network services on the newly opened ports of the interfaces and storing the results, and g) generating an incremental and/or overall vulnerability status report of the host/device from the results of the current vulnerability tests, and storing the results classified port and interface wise
-
-
29. A computer-implemented method for real-time vulnerability assessment of a host/device, said method comprising:
-
a) tracking in real-time the status of interfaces and ports on the host/device, b) collecting and storing the status as entries in a data structure, c) comparing the entries to determine any change in the status of interfaces and/or the status of ports on the interfaces of the host/device, d) communicating the changes to a remotely located destination server on the network, e) storing said changes as entries in a data structure by the destination server wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as reported, f) comparing the entries by the destination server to determine if there is any change in the status of interfaces and ports on the interfaces of the host/device as reported to it, and g) running vulnerability assessment tests on the host/device by the destination server and reporting the results. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
-
-
30. A computer-implemented method for real-time vulnerability assessment of a host/device, said method comprising:
-
a) polling the status of the ports and interfaces on the host/device, periodically at a pre-configured time interval, b) collecting the above information and storing as entries in the first data structure of an agent, c) comparing the entries to determine if there is any change in the status of interfaces and/or the status of ports on the interfaces of the host/device, d) communicating the changes to a remotely located destination server on the network, e) storing the received information as entries in the second data structure of a server by the destination server wherein the entries indicate the state of each of the ports on each of the active interfaces of the host/device as reported, f) comparing the entries by the destination server to determine if there is any change in the status of interfaces and ports on the interfaces of the host/device as reported to it, and g) running vulnerability assessment tests on the host/device by the destination server and reporting the results.
-
Specification