Anti-vulnerability system, method, and computer program product

US 9,118,711 B2
Filed: 09/29/2014
Issued: 08/25/2015
Est. Priority Date: 07/01/2003
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A computer program product embodied on a non-transitory computer readable medium, comprising:

code for allowing access to first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability;

code for causing at least one operation in connection with at least one of a plurality of networked devices, the at least one operation configured for;

identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to one or more actual vulnerabilities, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information is stored in at least one second data storage separate from the at least one first data storage, the second information identifying the one or more actual vulnerabilities to which the at least one networked device is actually vulnerable;

code for identifying a first occurrence in connection with the at least one networked device and a second occurrence in connection with the at least one networked device;

code for;

determining the first occurrence to have a first severity if the at least one networked device is actually vulnerable to at least one of the actual vulnerabilities that is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device, and further determining the second occurrence to have a second severity if the at least one networked device is not actually vulnerable to the second occurrence identified in connection with the at least one networked device;

code for reporting the first occurrence and the second occurrence differently based on the first severity and the second severity;

code for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for occurrence mitigation, and a second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation;

code for receiving user input selecting the first technique for setting or modifying the policy for occurrence mitigation, utilizing the at least one user interface;

code for, based on the user input selecting the first technique for setting or modifying the policy for occurrence mitigation, automatically applying the first technique for setting or modifying the policy for occurrence mitigation, such that an identification of a particular actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the first technique, for mitigating a particular occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the particular actual vulnerability and the particular actual vulnerability is capable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device, and further for not mitigating the particular occurrence if the particular actual vulnerability is incapable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device;

code for receiving user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, utilizing the at least one user interface; and

code for, based on the user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, automatically applying the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, such that an identification of a certain actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the second technique, for reacting to packets in connection with a certain occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the certain actual vulnerability and the certain actual vulnerability is capable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device, and further for not reacting, at least in part, to packets in connection with the certain occurrence if the certain actual vulnerability is incapable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device;

wherein the computer program product is operable such that at least one of;

said at least one first data storage includes at least one first database;

said at least one first data storage is a component of a network operations center (NOC) server;

said at least one second data storage includes at least one second database;

said allowed access to the first information from the at least one first data storage is accomplished by at least one of;

receiving at least one update therefrom;

pulling at least one update therefrom, communicating therewith, or synchronizing therewith;

said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus;

said at least one operation includes a vulnerability scan operation;

said at least one configuration includes at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, an aspect of an operating system, or registry information;

said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities, is carried out by utilizing at least one of a vulnerability identifier or a profile;

said first occurrence of the first severity includes an incident and said second occurrence of the second severity includes an event;

said second occurrence is reported differently than the first occurrence by not being reported;

said first technique for setting or modifying the policy includes just setting the policy;

said first technique for setting or modifying the policy includes just setting the policy, and said policy is associated with at least one of a policy template, a custom policy, or standardized template;

said second technique for reacting to the packets is carried out utilizing a firewall;

said occurrence mitigation includes at least one of removing the one or more actual vulnerabilities, or reducing an effect of a detected occurrence;

said reacting to packets involves at least one of dropping, blocking, or redirecting;

said occurrence mitigation is carried out for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server, and the at least one particular aspect includes at least one of an operating system or an application;

said particular actual vulnerability is at least one of the actual vulnerabilities;

said certain actual vulnerability is at least one of the actual vulnerabilities;

said particular actual vulnerability is the certain actual vulnerability;

said particular occurrence is the certain occurrence;

said particular occurrence includes the first occurrence;

said certain occurrence includes the first occurrence;

said first and second techniques include remediation techniques;

said first occurrence includes an attack;

said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the second information and at least one of the plurality of techniques;

orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities is carried out by directly querying a firmware or an operating system.

View all claims

0 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for mitigating a first occurrence, and a second technique for dropping packets in connection with at least one networked device for mitigating the first occurrence. Based on user input selecting the first technique for setting or modifying the policy for mitigating the first occurrence, the first technique is automatically applied for setting or modifying the policy for mitigating the first occurrence. Based on the user input selecting the second technique for dropping packets in connection with the at least one networked device for mitigating the first occurrence, the second technique is applied for dropping packets in connection with the at least one networked device for mitigating the first occurrence.

927 Citations

20 Claims

1. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for allowing access to first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability;
  
  code for causing at least one operation in connection with at least one of a plurality of networked devices, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to one or more actual vulnerabilities, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information is stored in at least one second data storage separate from the at least one first data storage, the second information identifying the one or more actual vulnerabilities to which the at least one networked device is actually vulnerable;
  
  code for identifying a first occurrence in connection with the at least one networked device and a second occurrence in connection with the at least one networked device;
  
  code for;
  
  determining the first occurrence to have a first severity if the at least one networked device is actually vulnerable to at least one of the actual vulnerabilities that is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device, and further determining the second occurrence to have a second severity if the at least one networked device is not actually vulnerable to the second occurrence identified in connection with the at least one networked device;
  
  code for reporting the first occurrence and the second occurrence differently based on the first severity and the second severity;
  
  code for displaying, via at least one user interface, a plurality of techniques of different technique types including a first technique for setting or modifying a policy for occurrence mitigation, and a second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation;
  
  code for receiving user input selecting the first technique for setting or modifying the policy for occurrence mitigation, utilizing the at least one user interface;
  
  code for, based on the user input selecting the first technique for setting or modifying the policy for occurrence mitigation, automatically applying the first technique for setting or modifying the policy for occurrence mitigation, such that an identification of a particular actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the first technique, for mitigating a particular occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the particular actual vulnerability and the particular actual vulnerability is capable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device, and further for not mitigating the particular occurrence if the particular actual vulnerability is incapable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device;
  
  code for receiving user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, utilizing the at least one user interface; and
  
  code for, based on the user input selecting the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, automatically applying the second technique for reacting to packets in connection with the at least one networked device for occurrence mitigation, such that an identification of a certain actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the second technique, for reacting to packets in connection with a certain occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the certain actual vulnerability and the certain actual vulnerability is capable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device, and further for not reacting, at least in part, to packets in connection with the certain occurrence if the certain actual vulnerability is incapable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device;
  
  wherein the computer program product is operable such that at least one of;
  
  said at least one first data storage includes at least one first database;
  
  said at least one first data storage is a component of a network operations center (NOC) server;
  
  said at least one second data storage includes at least one second database;
  
  said allowed access to the first information from the at least one first data storage is accomplished by at least one of;
  
  receiving at least one update therefrom;
  
  pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
  
  said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus;
  
  said at least one operation includes a vulnerability scan operation;
  
  said at least one configuration includes at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, an aspect of an operating system, or registry information;
  
  said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities, is carried out by utilizing at least one of a vulnerability identifier or a profile;
  
  said first occurrence of the first severity includes an incident and said second occurrence of the second severity includes an event;
  
  said second occurrence is reported differently than the first occurrence by not being reported;
  
  said first technique for setting or modifying the policy includes just setting the policy;
  
  said first technique for setting or modifying the policy includes just setting the policy, and said policy is associated with at least one of a policy template, a custom policy, or standardized template;
  
  said second technique for reacting to the packets is carried out utilizing a firewall;
  
  said occurrence mitigation includes at least one of removing the one or more actual vulnerabilities, or reducing an effect of a detected occurrence;
  
  said reacting to packets involves at least one of dropping, blocking, or redirecting;
  
  said occurrence mitigation is carried out for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server, and the at least one particular aspect includes at least one of an operating system or an application;
  
  said particular actual vulnerability is at least one of the actual vulnerabilities;
  
  said certain actual vulnerability is at least one of the actual vulnerabilities;
  
  said particular actual vulnerability is the certain actual vulnerability;
  
  said particular occurrence is the certain occurrence;
  
  said particular occurrence includes the first occurrence;
  
  said certain occurrence includes the first occurrence;
  
  said first and second techniques include remediation techniques;
  
  said first occurrence includes an attack;
  
  said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the second information and at least one of the plurality of techniques;
  
  orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the one or more actual vulnerabilities is carried out by directly querying a firmware or an operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer program product of claim 1, wherein the computer program product is operable such that the potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus.
  - 3. The computer program product of claim 1, wherein the computer program product is operable such that said occurrence mitigation is carried out utilizing a proxy device that sits in front of one or more of the networked devices for protecting an application thereon by analyzing a characterization of attacks.
  - 4. The computer program product of claim 1, wherein the computer program product is operable such that said at least one operation includes a vulnerability scan operation.
  - 5. The computer program product of claim 4, wherein the computer program product is operable such that said vulnerability scan includes an agentless vulnerability scan for supporting a presentation of a plurality of actual vulnerability-relevant policies for being user-selectively applied to one or more of the networked devices that are determined to include one or more corresponding actual vulnerabilities based on the agentless vulnerability scan.
  - 6. The computer program product of claim 4, wherein the computer program product is operable such that said vulnerability scan takes into account at least one of an operating system, an application, or a firmware.
  - 7. The computer program product of claim 1, wherein the computer program product is operable such that the first technique and the second technique are enabled by different underlying security technologies selected from the group consisting of a firewall, an intrusion prevention system, or a compliance application.
  - 8. The computer program product of claim 7, wherein the computer program product is operable such that the first technique is enabled by the firewall that utilizes firewall signatures and the second technique is enabled by the intrusion prevention system that analyzes packet payloads.
  - 9. The computer program product of claim 1, wherein the computer program product is operable such that the networked devices include at least one non-security networked device including at least one of a client or a server, and the policy involves at least one of a non-security application setting or an operating system setting.

10. A computer program product embodied on at least one non-transitory computer readable medium, comprising:
- code for receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one aspect associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one aspect and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  code for displaying an indication of the at least one networked device and the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information;
  
  code for displaying, via at least one user interface, a plurality of techniques including a first technique for setting a policy for occurrence mitigation, and a second technique for setting an option for occurrence mitigation;
  
  code for receiving user input causing selection of the first technique for setting the policy for occurrence mitigation;
  
  code for, based on the user input causing selection of the first technique for setting the policy for occurrence mitigation, automatically applying the first technique for setting the policy for occurrence mitigation, such that an identification of a particular actual vulnerability to which the at least one networked device is actually vulnerable is capable of being used in connection with the first technique, by virtue of a capability of mitigating a particular occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the particular actual vulnerability and the particular actual vulnerability is capable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device, and further by virtue of a capability of not mitigating the particular occurrence if the particular actual vulnerability is incapable of being taken advantage of by the particular occurrence identified in connection with the at least one networked device;
  
  code for receiving user input causing selection of the second technique for setting the option for occurrence mitigation;
  
  code for, based on the user input causing selection of the second technique for setting the option for occurrence mitigation, automatically applying the second technique for setting the option for occurrence mitigation, such that the identification of a certain actual vulnerability to which the at least one networked device is actually vulnerable is capable of being used in connection with the second technique, by virtue of a capability of mitigating a certain occurrence identified in connection with the at least one networked device if the at least one networked device is actually vulnerable to the certain actual vulnerability and the certain actual vulnerability is capable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device, and further by virtue of a capability of not mitigating the certain occurrence if the certain actual vulnerability is incapable of being taken advantage of by the certain occurrence identified in connection with the at least one networked device;
  
  code for identifying;
  
  in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;
  
  code for determining;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  wherein the computer program product is operable such that the at least one first occurrence packet of the first occurrence is reacted to in response to the identification of the first occurrence, to prevent the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device;
  
  wherein the computer program product is operable such that at least one of;
  
  said at least one first data storage includes at least one first database;
  
  said at least one first data storage is a component of a network operations center (NOC) server;
  
  said at least one second data storage includes at least one second database;
  
  said first information from the at least one first data storage is accessed by at least one of;
  
  receiving at least one update therefrom;
  
  pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
  
  said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in an application or an operating system that are capable of being exploited by an attack or a virus;
  
  said at least one operation includes a vulnerability scan operation;
  
  said at least one aspect includes at least one configuration including at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, an aspect of an operating system, or registry information;
  
  said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability, is carried out by utilizing at least one of a vulnerability identifier or a profile;
  
  said first occurrence includes an incident and said second occurrence includes an event;
  
  said second occurrence is reported differently than the first occurrence by not being reported;
  
  said policy is associated with at least one of a policy template, a custom policy, or standardized template;
  
  said second technique for setting the option is carried out utilizing a firewall;
  
  said occurrence mitigation includes at least one of removing the at least one actual vulnerability, or reducing an effect of a detected occurrence;
  
  said occurrence mitigation is carried out for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server, and the at least one particular aspect includes at least one of an operating system or an application;
  
  said particular actual vulnerability is at least one of the actual vulnerabilities;
  
  said certain actual vulnerability is at least one of the actual vulnerabilities;
  
  said particular actual vulnerability is the certain actual vulnerability;
  
  said particular occurrence is the certain occurrence;
  
  said particular occurrence includes the first occurrence;
  
  said certain occurrence includes the first occurrence;
  
  said first and second techniques include remediation techniques;
  
  said first occurrence includes an attack;
  
  said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the second information and at least one of the plurality of techniques;
  
  orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability is carried out by directly querying a firmware or an operating system.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer program product of claim 10, wherein the computer program product is operable such that the plurality of techniques are displayed via an intrusion prevention system that includes integrated intrusion prevention functionality and firewall functionality that are both supported by a security component that in turn supports at least one aspect of the identification of the first occurrence including the at least one first occurrence packet directed to the at least one networked device and the identification of the second occurrence including the at least one second occurrence packet directed to the at least one networked device, and further includes logic that receives actual vulnerability-related data and utilizes the actual vulnerability-related data to effect the display of the plurality of techniques to selectively utilize the intrusion prevention functionality and the firewall functionality as a function of an existence of one or more actual vulnerabilities to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality;
    - wherein the computer program product is operable such that the plurality of techniques includes sending a firewall update resulting in utilization of the firewall functionality for occurrence mitigation, and sending an intrusion prevention system update resulting in utilization of the intrusion prevention functionality for occurrence mitigation.
  - 12. The computer program product of claim 10, wherein the computer program product is operable such that said occurrence mitigation is carried out utilizing a proxy device that sits in front of one or more of the networked devices for protecting an application thereon by analyzing a characterization of attacks.
  - 13. The computer program product of claim 10, wherein the computer program product is operable such that said at least one operation includes a vulnerability scan operation, and the vulnerability scan operation is automated for supporting a presentation of a plurality of actual vulnerability-relevant options for being user-selectively applied to one or more non-security networked devices that are determined to include one or more corresponding actual vulnerabilities based on the automated vulnerability scan.
  - 14. The computer program product of claim 10, wherein the computer program product is operable such that the first technique and the second technique are enabled by different underlying security technologies selected from the group consisting of a firewall, an intrusion prevention system, or a router-based security application.
  - 15. The computer program product of claim 14, wherein the computer program product is operable such that the first technique is enabled by the firewall that utilizes firewall signatures and the second technique is enabled by the intrusion prevention system that analyzes packet payloads.
  - 16. The computer program product of claim 10, wherein the computer program product is operable such that the networked devices are non-security networked devices, the indication is displayed in connection with the plurality of techniques, and the option includes at least one of a non-security application option or an operating system option.

17. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for receiving actual vulnerability information from at least one first data structure that is generated utilizing potential vulnerability information from at least one second data structure that is capable of being used to identify a plurality of potential vulnerabilities, by including;
  
  at least one first potential vulnerability, andat least one second potential vulnerability;
  
  said actual vulnerability information being generated utilizing the potential vulnerability information by;
  
  identifying at least one aspect associated with at least one of a plurality of networked devices, the at least one aspect relating to at least one of an operating system or an application of the at least one networked device, anddetermining that at least one networked device is actually vulnerable to at least one actual vulnerability based on the identified at least one aspect, utilizing the potential vulnerability information that is capable of being used to identify the plurality of potential vulnerabilities;
  
  said actual vulnerability information from the at least one first data structure capable of being used for identifying the at least one actual vulnerability to which at least one networked device is actually vulnerable;
  
  code for displaying, via at least one user interface, one or more options for applying one or more different attack mitigation actions of diverse attack mitigation types;
  
  code for receiving user input selecting the one or more options for applying the one or more different attack mitigation actions of the diverse attack mitigation types;
  
  code for determining whether an attack is capable of taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  code for, based on the user input, applying the one or more different attack mitigation actions of the diverse attack mitigation types, including at least one of a firewall-based attack mitigation type, an intrusion prevention system-based attack mitigation type, a router-based attack mitigation type, or a compliance attack mitigation type, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device, based on the determination whether the attack is capable of taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, the at least one actual vulnerability being a function of the at least one of the operating system or the application of the at least one networked device and the one or more different attack mitigation actions corresponding to the at least one actual vulnerability, thereby resulting in one or more relevant attack mitigation actions being selectively applied;
  
  wherein the computer program product is operable such that the identification of the least one actual vulnerability to which the at least one networked device is actually vulnerable is used in connection with the display of the one or more options for applying the one or more different attack mitigation actions of the diverse attack mitigation types, resulting in mitigation of the attack in connection with the at least one networked device if the at least one networked device is actually vulnerable to the least one actual vulnerability and the least one actual vulnerability is capable of being taken advantage of by the attack in connection with the at least one networked device, and further resulting in an avoidance, at least in part, of mitigation of the attack if the least one actual vulnerability is incapable, at least in part, of being taken advantage of by the attack identified in connection with the at least one networked device;
  
  wherein the computer program product is operable such that at least one of;
  
  said at least one first data structure is stored in at least one data storage that includes at least one database;
  
  said at least one second data structure is stored in at least one data storage that is a component of a network operations center (NOC) server;
  
  said at least one second data structure is stored in at least one data storage that includes at least one database;
  
  said potential vulnerability information from the at least one second data structure is accessed by at least one of;
  
  receiving at least one update therefrom, pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
  
  said potential vulnerabilities and the actual vulnerabilities include software vulnerabilities in the application or the operating system that are capable of being exploited by an attack or a virus;
  
  said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability is carried out in connection with a vulnerability scan operation;
  
  said at least one aspect includes at least one configuration involving at least one of service pack information, elements contained in files including at least one of an *.ini or *.conf file, or registry information;
  
  said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability, is carried out by utilizing at least one of a vulnerability identifier or a profile;
  
  said one or more different attack mitigation actions are applied for protecting at least one particular aspect of one or more of the networked devices, where the one or more of the networked devices include at least one of a client or a server;
  
  said one or more different attack mitigation actions involve one or more remediation techniques;
  
  said computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to the actual vulnerability information and the one or more different attack mitigation actions;
  
  orsaid computer program product is operable such that said determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability is carried out by directly querying a firmware or the operating system.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein the computer program product is operable such that the one or more options is displayed via an intrusion prevention system that includes integrated intrusion prevention functionality for supporting one of the different attack mitigation actions of the intrusion prevention system-based attack mitigation type and firewall functionality for supporting one of the different attack mitigation actions of the firewall-based attack mitigation type, wherein the computer program product is further operable such that the intrusion prevention functionality and the firewall functionality are both supported by a security component that in turn supports at least one aspect of the determination whether the attack is capable of taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, and further includes logic that receives actual vulnerability data and utilizes the actual vulnerability data in connection with the display of the one or more options to allow selective utilization of the intrusion prevention functionality and the firewall functionality as a function of an existence of one or more actual vulnerabilities to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 19. The computer program product of claim 17, wherein the computer program product provides router-based application capable of being subject to one of the different attack mitigation actions of the router-based attack mitigation type and firewall-based application capable of being subject to one of the different attack mitigation actions of the firewall-based attack mitigation type, wherein the computer program product is operable for utilizing actual vulnerability data related to the router-based application and the firewall-based application in connection with the display of the one or more options to allow selective utilization of at least one of the different attack mitigation actions of the router-based attack mitigation type or the firewall-based attack mitigation type, as a function of an existence of one or more actual vulnerabilities in connection with at least one of the router-based application or the firewall-based application.
  - 20. The computer program product of claim 17, wherein the computer program product is operable such that one or more additional options is displayed for applying the one or more different attack mitigation actions selectively to a subset of the plurality of networked devices that is determined based on the actual vulnerability information, where the one or more different attack mitigation actions is applied by at least one of sending an intrusion prevention system update, a firewall update, or a compliance system update, for use in connection with the determination as to whether the attack is capable of taking advantage of the at least one actual vulnerability.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/499,246
Publication Number

US 20150033287A1
Time in Patent Office

330 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/245   Query processing

G06F 21/50   Monitoring users, programs ...

G06F 21/554   involving event detection a...

G06F 8/65   Updates security arrangemen...

H04L 63/02   for separating internal fro...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Anti-vulnerability system, method, and computer program product

First Claim

0 Assignments

Litigations

0 Petitions

Accused Products

Abstract

927 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Anti-vulnerability system, method, and computer program product

First Claim

0 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

927 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others