Multi-path remediation

  • US 9,118,708 B2
  • Filed: 09/28/2014
  • Issued: 08/25/2015
  • Est. Priority Date: 07/01/2003
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product embodied on a non-transitory computer readable medium, comprising:

  • code for accessing at least one data storage associating a plurality of device vulnerabilities, each device vulnerability having a vulnerability identifier, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities;

    such that;

    each of the device vulnerabilities is associated with at least one remediation technique;

    each remediation technique associated with a device vulnerability remediates that device vulnerability;

    each remediation technique has a remediation type including at least one of a patch, a policy setting, and a configuration option; and

    a first one of the device vulnerabilities is associated with at least two alternative remediation techniques including a firewall remediation technique for reacting to packets and an intrusion prevention system remediation technique for inspecting packet payloads;

    code for causing at least one operation in connection with a plurality of devices, the at least one operation configured for;

    identifying at least one aspect associated with at least one of an operating system and an application of the plurality of devices, anddetermining that the plurality of devices is actually vulnerable to the first one of the device vulnerabilities, based on the identified at least one aspect;

    code for displaying a result of the at least one operation;

    code for storing information associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable for use in connection with selection among the at least two alternative remediation techniques;

    code for receiving a first signal in connection with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the first signal capable of being received after displaying the information associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable and the first signal including an identifier for use in connection with a second signal;

    code for sending the second signal, automatically generated in response to the first signal, for displaying the at least two alternative remediation techniques associated with the first one of the device vulnerabilities, for selection by a user via a user interface, such that, in order to, at least in part, avoid false positives, only a relevant vulnerability prompts remediation technique user selection among the at least two alternative remediation techniques, which include both the firewall remediation technique and the intrusion prevention system remediation technique for providing diverse remediation technique options in connection with attack mitigation;

    code for receiving, prior to detecting an attack associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the selection by the user of at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads; and

    code for automatically applying, prior to detecting the attack associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the selected at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads, to the plurality of devices for the attack mitigation at any of the plurality of devices;

    said computer program product further operable such that, in response to another selection by the user of at least one of the at least two alternative remediation techniques after the attack in connection with at least one of the plurality of devices, applying the at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique and the intrusion prevention system remediation technique to the at least one of the plurality of devices;

    said computer program product further operable for automatically applying, after the attack, the at least one of the at least two alternative remediation techniques selected via the another selection by the user.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×