Computer program product and apparatus for multi-path remediation

US 9,100,431 B2
Filed: 09/28/2014
Issued: 08/04/2015
Est. Priority Date: 07/01/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:

code for;

accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;

each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;

code for;

displaying at least one mitigation technique for mitigating an effect of at least one attack that takes advantage of at least one vulnerability, andreceiving user input for selecting the at least one mitigation technique to be applied for mitigating the effect of the at least one attack that takes advantage of the at least one vulnerability; and

code for;

receiving information in connection with at least one of a plurality of devices, andidentifying an attack in connection with the at least one device that takes advantage of the at least one vulnerability, based on the information;

wherein the computer program product is operable such that, as a result of the user input for selecting the at least one mitigation technique to be applied for mitigating the effect of the at least one attack that takes advantage of the at least one vulnerability, the identified attack is prevented from taking advantage of the at least one vulnerability;

wherein the computer program product is operable such that one or more of the plurality of mitigation techniques is capable of being identified based on an identification of an operating system.

View all claims

0 Assignments

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.

906 Citations

20 Claims

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
- code for;
  
  accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
  
  code for;
  
  displaying at least one mitigation technique for mitigating an effect of at least one attack that takes advantage of at least one vulnerability, andreceiving user input for selecting the at least one mitigation technique to be applied for mitigating the effect of the at least one attack that takes advantage of the at least one vulnerability; and
  
  code for;
  
  receiving information in connection with at least one of a plurality of devices, andidentifying an attack in connection with the at least one device that takes advantage of the at least one vulnerability, based on the information;
  
  wherein the computer program product is operable such that, as a result of the user input for selecting the at least one mitigation technique to be applied for mitigating the effect of the at least one attack that takes advantage of the at least one vulnerability, the identified attack is prevented from taking advantage of the at least one vulnerability;
  
  wherein the computer program product is operable such that one or more of the plurality of mitigation techniques is capable of being identified based on an identification of an operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 16, 17, 18)
- - 2. The computer program product of claim 1, wherein the computer program product is operable such that the displayed at least one mitigation technique includes at least two mitigation techniques include a firewall option for preventing at least one attack packet of the attack by terminating or dropping the same, and an intrusion detection or prevention option;
    - the computer program product is further operable such that, in response to user input received prior to the attack, the firewall option is capable of being applied to a plurality of different devices for preventing the at least one attack packet at any of the different devices; and
      
      the computer program product is further operable such that, in response to additional user input after the attack in connection with a particular single device of the plurality of different devices, the intrusion detection or prevention option is capable of being applied to the particular single device.
  - 3. The computer program product of claim 1, wherein the computer program product is operable such that the displayed at least one mitigation technique includes at least two mitigation techniques include a firewall option for preventing at least one attack packet of the attack by terminating or dropping the same, and an intrusion detection or prevention option;
    - the computer program product is further operable such that, in response to user input prior to the attack, the intrusion detection or prevention option is capable of being applied to a plurality of different devices at the plurality of different devices; and
      
      the computer program product is further operable such that, in response to user input after the attack in connection with a particular single device of the plurality of different devices, the firewall option is capable of being applied to the particular single device for preventing the at least one attack packet at the particular single device.
  - 4. The computer program product of claim 1, wherein the computer program product is operable such that the one or more of the plurality of mitigation techniques is capable of being identified based on the identification of the operating system in connection with the accessing for the displaying of the at least one mitigation technique, so that, in order to avoid false positives, relevant vulnerabilities prompt mitigation technique user selection among at least two of the mitigation techniques, which involve both firewall and intrusion prevention system actions, for providing diverse mitigation options in connection with the relevant vulnerabilities.
  - 5. The computer program product of claim 1, wherein the computer program product is operable such that the one or more of the plurality of mitigation techniques is capable of being identified based on the identification of the operating system in connection with the accessing for the displaying of the at least one mitigation technique, so that which one or more of the mitigation techniques that are displayed are based on one or more actual vulnerabilities to which the at least one device is actually vulnerable so that only relevant one or more mitigation techniques are displayed for selection by a user for attack mitigation.
  - 6. The computer program product of claim 1, wherein the computer program product is operable such that the user input is capable of being received via at least one user interface for different devices, for allowing different attack mitigation actions including at least one intrusion prevention action and at least one firewall action to be selectively applied to the different devices for different actual vulnerabilities determined to be actually relevant based on the identification of the operating system in connection with the different devices.
  - 7. The computer program product of claim 1, wherein the computer program product is operable such that the displayed at least one mitigation technique includes at least two mitigation techniques including a first mitigation technique that utilizes a firewall action and a second mitigation technique that utilizes an intrusion prevention action.
  - 8. The computer program product of claim 7, wherein the computer program product is operable such that different user input is capable of being received via at least one console for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by a user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in:
    - only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, and both the first mitigation technique and the second mitigation technique being selectively applied by the user to at least one third device.
  - 9. The computer program product of claim 7, wherein the computer program product is operable such that the displayed at least one mitigation technique further includes a third mitigation technique that utilizes a policy compliance action, wherein the computer program product is operable such that different user input is capable of being received via at least one console for different devices, for allowing different mitigation techniques including the first mitigation technique, the second mitigation technique, and the third mitigation technique to be selectively applied by a user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in:
    - only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, and the first mitigation technique, the second mitigation technique, and the third mitigation technique being selectively applied by the user to at least one third device.
  - 10. The computer program product of claim 7, wherein the computer program product is operable such that the first mitigation technique is automatically applied utilizing a first communication from an integrated firewall/intrusion prevention system platform component to firewall-supporting client code, and the second mitigation technique is automatically applied utilizing a second communication from the integrated firewall/intrusion prevention system platform component to intrusion prevention system-supporting client code, where the firewall-supporting client code and the system-supporting client code are part of the same client agent.
  - 11. The computer program product of claim 1, wherein the computer program product is operable such that the information is capable of being used to determine a characterization of a payload.
  - 12. The computer program product of claim 1, wherein the computer program product is operable such that the identification of the operating system is a result of a vulnerability assessment scan capable of a direct query.
  - 13. The computer program product of claim 1, wherein at least one of:
    - said at least one data storage includes at least one database;
      
      said at least one data storage is accessed by at least one of;
      
      receiving at least one update therefrom;
      
      pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
      
      said mitigation techniques include remediation techniques;
      
      each mitigation technique has a mitigation type including the patch;
      
      each mitigation technique has a mitigation type including the policy setting;
      
      each mitigation technique has a mitigation type including the configuration option;
      
      each mitigation technique is capable of mitigating the effect of the attack that takes advantage of the corresponding vulnerability, by dropping packets associated with the attack or removing the corresponding vulnerability;
      
      said information is capable of being used to determine an intended destination of a connection request;
      
      orsaid information includes a vulnerability identifier;
      
      wherein the computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation technique;
      
      and wherein the computer program product is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.
  - 16. The computer program product of claim 1, wherein the computer program product is configured such that the displaying of the at least one mitigation technique is supported by a system that includes intrusion prevention functionality for supporting a first mitigation technique and firewall functionality for supporting a second technique mitigation technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the system that also supports the identification of the attack in connection with the at least one device, the system further capable of receiving actual vulnerability information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of mitigation techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant mitigation techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 17. The computer program product of claim 1, wherein the computer program product is configured such that the displaying of the at least one mitigation technique is caused by a system that utilizes router-based functionality for supporting a first mitigation technique and firewall functionality for supporting a second technique mitigation technique.
  - 18. The computer program product of claim 17, wherein the computer program product is configured such that the system is capable of receiving actual vulnerability information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of mitigation techniques to allow selective utilization of the router-based functionality and the firewall functionality, so that only relevant mitigation techniques are displayed for selection to reduce false positives in connection with both the router-based functionality and the firewall functionality.

14. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
- code for;
  
  accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, where;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
  
  code for;
  
  receiving information in connection with at least one of a plurality of devices; and
  
  identifying an attack on the at least one device that takes advantage of at least one of the vulnerabilities, based on the information;
  
  code for;
  
  automatically applying at least two of the plurality of mitigation techniques including at least one first mitigation technique of a first mitigation type and at least one second mitigation technique of a second mitigation type to the at least one device, for mitigating an effect of the attack on the at least one device that takes advantage of the at least one vulnerability;
  
  wherein the computer program product is operable such that the effect of the attack is mitigated by preventing the attack from taking advantage of the at least one vulnerability;
  
  wherein the computer program product is operable such that one or more of the plurality of mitigation techniques is identified based on an identification of an operating system.
- View Dependent Claims (19, 20)
- - 19. The computer program product of claim 14, wherein the computer program product is operable such that the at least one first mitigation technique of the first mitigation type and the at least one second mitigation technique of the second mitigation type utilize different underlying security technology types that are both supported by a same system component that is capable of identifying the attack and preventing the attack from taking advantage of the at least one vulnerability after the at least two mitigation techniques are automatically applied.
  - 20. The computer program product of claim 19, wherein the computer program product is operable such the same system component is further capable of supporting a vulnerability assessment scan for the identification of the operating system.

15. An apparatus, comprising:
- at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities associated with an operating system, where;
  
  each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option; and
  
  a computer program product embodied on a non-transitory computer readable medium, the computer program product including;
  
  code for;
  
  displaying at least two of the mitigation techniques for mitigating an effect of at least one attack that takes advantage of at least one vulnerability, andreceiving at least one user input in connection with the at least two mitigation techniques;
  
  code for;
  
  automatically applying the at least two mitigation techniques based on the at least one user input, the at least two mitigation techniques including;
  
  at least one first mitigation technique for utilizing a firewall for attack mitigation, andat least one second mitigation technique for utilizing an intrusion prevention system for attack mitigation; and
  
  code for;
  
  identifying information in connection with at least one device, andidentifying an attack in connection with the at least one device that takes advantage of the at least one vulnerability, based on the information;
  
  wherein the computer program product is operable such that the identified attack is mitigated utilizing the first mitigation technique for utilizing the firewall for attack mitigation and the at least one second mitigation technique for second mitigation technique for utilizing the intrusion prevention system for attack mitigation;
  
  wherein the computer program product is operable such that the at least two mitigation techniques are displayed based on an identification of an operating system.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Blignaut, John P., Oliphant, Brett M.
Primary Examiner(s)
HERZOG, MADHURI R

Application Number

US14/499,230
Publication Number

US 20150040231A1
Time in Patent Office

310 Days
Field of Search

726/1, 726 11- 14, 726 22- 25
US Class Current

1/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Computer program product and apparatus for multi-path remediation

First Claim

0 Assignments

Litigations

1 Petition

Accused Products

Abstract

906 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Computer program product and apparatus for multi-path remediation

First Claim

0 Assignments

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

906 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links