Anti-vulnerability system, method, and computer program product

US 9,118,709 B2
Filed: 09/28/2014
Issued: 08/25/2015
Est. Priority Date: 07/01/2003
Status: Active Grant

First Claim

Patent Images

1. A computer program product embodied on a non-transitory computer readable medium, comprising:

code for;

identifying at least one aspect of at least one networked device;

accessing at least one data structure including particular weakness information related to a plurality of particular weaknesses, a portion of the particular weakness information related to the particular weaknesses being associated with at least one of a plurality of techniques capable of removing a corresponding particular weakness from the at least one networked device when the at least one networked device actually has the corresponding particular weakness, such that;

a first portion of the particular weakness information related to a first particular weakness is associated with a first technique for completing an installation of software for removing the first particular weakness,a second portion of the particular weakness information related to a second particular weakness is associated with a second technique for affecting a service for removing the second particular weakness, anda third portion of the particular weakness information related to a third particular weakness is associated with a third technique for changing a configuration for removing the third particular weakness;

the first technique, the second technique, and the third technique being different from each other;

determining whether the at least one networked device actually has one or more of the particular weaknesses, based on the at least one data structure and the at least one aspect of the at least one networked device;

performing one or more actions based on the determination, such that;

when it is determined that the at least one networked device actually has the first particular weakness;

the first technique is applied on the at least one networked device by automatically completing the installation of the software on the at least one networked device for removing the first particular weakness from the at least one networked device;

when it is determined that the at least one networked device actually has the second particular weakness;

the second technique is applied on the at least one networked device by automatically affecting the service in connection with the at least one networked device for removing the second particular weakness from the at least one networked device;

when it is determined that the at least one networked device actually has the third particular weakness;

the third technique is applied on the at least one networked device by automatically changing the configuration of the at least one networked device for removing the third particular weakness from the at least one networked device;

generating status information that is based on a completion of the one or more actions;

communicating the status information;

said computer program product further operable for;

identifying a request for a network resource by the at least one networked device;

receiving the status information from the at least one networked device;

after the identification of the request for the network resource, determining a reaction to the request for the network resource, based the status information; and

causing the reaction;

wherein the computer program product is operable such that the request for the network resource includes a connection request, and the reaction includes allowing or blocking the connection request;

wherein the computer program product is operable such that, in addition to being capable of supporting at least one aspect of both the identification of the at least one aspect of the at least one networked device and the performance of the one or more actions, a single client agent is further capable of supporting at least one aspect of the communication of the status information such that, in response to the identification of the request for the network resource by the at least one networked device, the reaction to the request for the network resource is capable of being determined, based the status information, which is received in connection with the request for the network resource.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided including client and server code configured to cooperate, resulting in display, via at least one user interface, of a plurality of user options for causing different actions of different types in connection with at least one of the networked devices that is actually vulnerable to at least one of a plurality of actual vulnerabilities for at least mitigating an occurrence. The user options include a first user option for causing a first action for dropping packets in connection with the at least one networked device for mitigating the occurrence and a second user option for causing a second action for installation of a patch on the at least one networked device for removing the at least one vulnerability from the at least one networked device. Based on receipt of first user input selecting the first option via the at least one user interface, the first action is caused for dropping packets in connection with the at least one networked device for mitigating the occurrence. Based on receipt of second user input selecting the second option via the at least one user interface, the second action is caused for installation of the patch on the at least one networked device, utilizing the client code, for removing the at least one vulnerability from the at least one networked device.

943 Citations

20 Claims

1. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for;
  
  identifying at least one aspect of at least one networked device;
  
  accessing at least one data structure including particular weakness information related to a plurality of particular weaknesses, a portion of the particular weakness information related to the particular weaknesses being associated with at least one of a plurality of techniques capable of removing a corresponding particular weakness from the at least one networked device when the at least one networked device actually has the corresponding particular weakness, such that;
  
  a first portion of the particular weakness information related to a first particular weakness is associated with a first technique for completing an installation of software for removing the first particular weakness,a second portion of the particular weakness information related to a second particular weakness is associated with a second technique for affecting a service for removing the second particular weakness, anda third portion of the particular weakness information related to a third particular weakness is associated with a third technique for changing a configuration for removing the third particular weakness;
  
  the first technique, the second technique, and the third technique being different from each other;
  
  determining whether the at least one networked device actually has one or more of the particular weaknesses, based on the at least one data structure and the at least one aspect of the at least one networked device;
  
  performing one or more actions based on the determination, such that;
  
  when it is determined that the at least one networked device actually has the first particular weakness;
  
  the first technique is applied on the at least one networked device by automatically completing the installation of the software on the at least one networked device for removing the first particular weakness from the at least one networked device;
  
  when it is determined that the at least one networked device actually has the second particular weakness;
  
  the second technique is applied on the at least one networked device by automatically affecting the service in connection with the at least one networked device for removing the second particular weakness from the at least one networked device;
  
  when it is determined that the at least one networked device actually has the third particular weakness;
  
  the third technique is applied on the at least one networked device by automatically changing the configuration of the at least one networked device for removing the third particular weakness from the at least one networked device;
  
  generating status information that is based on a completion of the one or more actions;
  
  communicating the status information;
  
  said computer program product further operable for;
  
  identifying a request for a network resource by the at least one networked device;
  
  receiving the status information from the at least one networked device;
  
  after the identification of the request for the network resource, determining a reaction to the request for the network resource, based the status information; and
  
  causing the reaction;
  
  wherein the computer program product is operable such that the request for the network resource includes a connection request, and the reaction includes allowing or blocking the connection request;
  
  wherein the computer program product is operable such that, in addition to being capable of supporting at least one aspect of both the identification of the at least one aspect of the at least one networked device and the performance of the one or more actions, a single client agent is further capable of supporting at least one aspect of the communication of the status information such that, in response to the identification of the request for the network resource by the at least one networked device, the reaction to the request for the network resource is capable of being determined, based the status information, which is received in connection with the request for the network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer program product of claim 1, wherein the computer program product is operable such that the status information indicates whether the at least one networked device complies with a predetermined security policy.
  - 3. The computer program product of claim 1, wherein the computer program product is operable such that the status information indicates whether the at least one networked device complies with a minimum security policy set.
  - 4. The computer program product of claim 1, wherein the computer program product is operable such that the status information includes security status information that characterizes zero or more weaknesses to which the at least one networked device is subject.
  - 5. The computer program product of claim 1, wherein the computer program product is operable such that the status information includes an indication whether the at least one networked device actually has at least one of the first particular weakness, the second particular weakness, or the third particular weakness.
  - 6. The computer program product of claim 1, wherein the computer program product is operable such that the status information includes an indication whether the software is installed.
  - 7. The computer program product of claim 1, wherein the computer program product is operable such that the status information indicates whether the at least one networked device meets a baseline level of security.
  - 8. The computer program product of claim 1, wherein the computer program product is operable such that the status information is received after the request for network resource is identified.
  - 9. The computer program product of claim 1, wherein the computer program product is operable for:
    - displaying, via at least one user interface, a plurality of user options for causing different actions in connection with the at least one of the networked device, the user options including a first user option for causing automatic installation of a patch on the at least one networked device for removing at least one weakness from the at least one networked device,receiving first user input selecting the first option via the at least one user interface, for causing the automatic installation of the patch on the at least one networked device for removing the at least one weakness from the at least one networked device, andbased on receipt of the first user input selecting the first option via the at least one user interface, causing the automatic installation of the patch on the at least one networked device for removing the at least one weakness from the at least one networked device.
  - 10. The computer program product of claim 9, wherein the computer program product is operable such that the installation of the patch is automatically completed in response to a first single-click via the at least one user interface, and a rollback of the installation of the patch is automatically completed in response to second single-click via the at least one user interface.
  - 11. The computer program product of claim 9, wherein the computer program product is operable such that the installation of the patch causes a change in the status information from the at least one networked device such that, after an identification of another request for the network resource, a different reaction is determined for the another request for the network resource.
  - 12. The computer program product of claim 1, wherein the computer program product is operable such that a least one of:
    - said particular weakness information including at least one of a weakness identifier or information describing at least one aspect of one of the weaknesses;
      
      said first technique, the second technique, and the third technique are of different technique types;
      
      said first technique, the second technique, and the third technique are remediation techniques;
      
      said at least one aspect includes at least one of software installed on the at least one networked device, a configuration setting of the at least one networked device, a policy setting of the at least one networked device, or a patch installed on the at least one networked device;
      
      said causing is performed by server code;
      
      at least of said particular weaknesses is capable of being exploited by at least one attack;
      
      at least of said particular weaknesses includes a performance weakness;
      
      orsaid affect on said service includes at least one of stopping, disabling, or removing the service.
  - 13. The computer program product of claim 1, wherein the computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation technique, and wherein the computer program product is further operable for determining which devices have weaknesses by directly querying a firmware or operating computer program product of the devices.

14. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for identifying at least one aspect of at least one networked device;
  
  code for accessing at least one data structure describing a plurality of techniques capable of at least mitigating a plurality of particular weaknesses, each of the techniques capable of at least mitigating a corresponding particular weakness, where;
  
  a first technique is described which is capable of removing a first particular weakness by completing an installation of software for at least mitigating the first particular weakness,a second technique is described which is capable of removing a second particular weakness by affecting a service for at least mitigating the second particular weakness, anda third technique is described which is capable of removing a third particular weakness by changing a configuration for at least mitigating the third particular weakness;
  
  the first technique, the second technique, and the third technique being different from each other;
  
  code for determining whether the at least one networked device actually has one or more of the particular weaknesses, based on the at least one data structure and the at least one aspect of the at least one networked device;
  
  code for performing one or more actions based on the determination, such that;
  
  when it is determined that the at least one networked device actually has the first particular weakness;
  
  the first technique is applied on the at least one networked device by automatically completing the installation of the software on the at least one networked device for at least mitigating the first particular weakness on the at least one networked device;
  
  when it is determined that the at least one networked device actually has the second particular weakness;
  
  the second technique is applied on the at least one networked device by automatically affecting the service in connection with the at least one networked device for at least mitigating the second particular weakness on the at least one networked device;
  
  when it is determined that the at least one networked device actually has the third particular weakness;
  
  the third technique is applied on the at least one networked device by automatically changing the configuration of the at least one networked device for at least mitigating the third particular weakness on the at least one networked device;
  
  code for generating status information indicating whether at least one of the first technique, the second technique, or the third technique has been applied; and
  
  code for communicating the status information such that, in response to an identification of a request for a network resource by the at least one networked device, a reaction to the request for the network resource is capable of being caused, based the status information;
  
  wherein the computer program product is operable such that, in addition to being capable of supporting at least one aspect of both the identification of the at least one aspect of the at least one networked device and the performance of the one or more actions, a single client agent is further capable of supporting at least one aspect of the communication of the status information such that, in response to the identification of the request for the network resource by the at least one networked device, the reaction to the request for the network resource is capable of being caused, based the status information, which is identified in connection with the identification of the request for the network resource.

15. A computer program product embodied on at least one non-transitory computer readable medium, comprising:
- code for deploying a single client agent to at least one of a plurality of devices, the single client agent being capable of both identifying a plurality of aspects of the at least one device that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure identifying the remediation techniques that remediate the weaknesses, where;
  
  each of at least a portion of the remediation techniques remediates at least one of the plurality of weaknesses;
  
  each of at least a portion of the remediation techniques has a remediation type including at least one of installation of software, a policy setting, or a configuration;
  
  said at least one data structure identifies;
  
  a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness;
  
  the first remediation technique, the second remediation technique, and the third remediation technique being different from each other; and
  
  code for;
  
  identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness, utilizing the single client agent,determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device,conditionally applying at least one of the first remediation technique, the second remediation technique, or the third remediation technique to the at least one device, utilizing the single client agent, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness, andreporting to at least one server, utilizing the single client agent, at least one of first status information relating to the application of the first remediation technique, second status information relating to the application of the second remediation technique, or third status information relating to the application of the third remediation technique;
  
  wherein the computer program product is operable such that, in addition to being capable of supporting both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the single client agent is further capable of supporting at least one aspect of the reporting which, in turn, is capable of being used for supporting at least one aspect of;
  
  identifying a request for a network resource by the at least one device including a connection request, and, after the identification of the request for the network resource, blocking the connection request based on at least one of the first status information, the second status information, or the third status information, which is received in connection with the request for the network resource.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the computer program product is configured such that the at least one data structure is capable of residing at the at least one device.
  - 17. The computer program product of claim 15, wherein the computer program product is integrated with a firewall for the blocking of the connection request.
  - 18. The computer program product of claim 15, wherein the computer program product is configured such that the at least one aspect of the identifying and the blocking includes providing at least one of the first status information, the second status information, or the third status information so that the blocking is capable of being based thereon.
  - 19. The computer program product of claim 15, wherein the computer program product is configured such that the at least one of the first status information, the second status information, or the third status information is received from the at least one server after the request for the network resource so that the blocking is capable of being based thereon.
  - 20. The computer program product of claim 15, wherein the computer program product is configured such that the use of the single client agent for each of the supporting results in more integration such that the computer program product is thereby capable of responding to weaknesses faster and more effectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/499,236
Publication Number

US 20150033351A1
Time in Patent Office

331 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/245   Query processing

G06F 21/50   Monitoring users, programs ...

G06F 21/554   involving event detection a...

G06F 8/65   Updates security arrangemen...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Anti-vulnerability system, method, and computer program product

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

943 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Anti-vulnerability system, method, and computer program product

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

943 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links