Anti-vulnerability system, method, and computer program product
DCFirst Claim
1. A system, comprising:
- a firewall occurrence mitigation system component;
an intrusion prevention system component; and
a platform including at least one hardware processor that is configured to communicatively couple with the firewall occurrence mitigation system component, the intrusion prevention system component, and at least one data storage;
said at least one hardware processor stores, in the at least one data storage, first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities as a result of a determination that one or more of a plurality of devices is actually vulnerable based on the second information and at least one of an operating system or an application;
said at least one hardware processor, based on the first information, displays one or more options for selection by at least one user to selectively utilize a firewall-related occurrence mitigation action and an intrusion prevention system-related occurrence mitigation action in connection with one or more of the plurality of actual vulnerabilities;
said firewall-related occurrence mitigation action including sending a firewall update resulting in utilization of the firewall occurrence mitigation system component for preventing an actual vulnerability addressed by the firewall update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update;
said intrusion prevention system-related occurrence mitigation action including sending an intrusion prevention system update resulting in utilization of the intrusion prevention system component for preventing an actual vulnerability addressed by the intrusion prevention system update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update;
said at least one hardware processor, in response to first user input, sends the firewall update utilizing at least one network;
said firewall occurrence mitigation system component receives the firewall update and, after the receipt of the firewall update and in response to identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, prevents the actual vulnerability addressed by the firewall update from being taken advantage of;
said at least one hardware processor, in response to second user input, sends the intrusion prevention system update utilizing the at least one network;
said intrusion prevention system component receives the intrusion prevention system update and, after the receipt of the intrusion prevention system update and in response to identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update, prevents the actual vulnerability addressed by the intrusion prevention system update from being taken advantage of.
0 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
939 Citations
21 Claims
-
1. A system, comprising:
-
a firewall occurrence mitigation system component; an intrusion prevention system component; and a platform including at least one hardware processor that is configured to communicatively couple with the firewall occurrence mitigation system component, the intrusion prevention system component, and at least one data storage; said at least one hardware processor stores, in the at least one data storage, first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities as a result of a determination that one or more of a plurality of devices is actually vulnerable based on the second information and at least one of an operating system or an application; said at least one hardware processor, based on the first information, displays one or more options for selection by at least one user to selectively utilize a firewall-related occurrence mitigation action and an intrusion prevention system-related occurrence mitigation action in connection with one or more of the plurality of actual vulnerabilities; said firewall-related occurrence mitigation action including sending a firewall update resulting in utilization of the firewall occurrence mitigation system component for preventing an actual vulnerability addressed by the firewall update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update; said intrusion prevention system-related occurrence mitigation action including sending an intrusion prevention system update resulting in utilization of the intrusion prevention system component for preventing an actual vulnerability addressed by the intrusion prevention system update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update; said at least one hardware processor, in response to first user input, sends the firewall update utilizing at least one network; said firewall occurrence mitigation system component receives the firewall update and, after the receipt of the firewall update and in response to identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, prevents the actual vulnerability addressed by the firewall update from being taken advantage of; said at least one hardware processor, in response to second user input, sends the intrusion prevention system update utilizing the at least one network; said intrusion prevention system component receives the intrusion prevention system update and, after the receipt of the intrusion prevention system update and in response to identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update, prevents the actual vulnerability addressed by the intrusion prevention system update from being taken advantage of. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code that, utilizing at least one hardware processor, stores first information associated with a plurality of actual vulnerabilities in at least one data storage, the first information being based on second information associated with a plurality of potential vulnerabilities via a determination that one or more of a plurality of devices is actually vulnerable utilizing the second information and an identification of at least one of an operating system or an application, the at least one hardware processor being communicatively coupled to a firewall occurrence mitigation system component, an intrusion prevention system component, and the at least one data storage; code that, utilizing the at least one hardware processor, displays one or more options for selection by at least one user to selectively utilize a firewall-based occurrence mitigation action and an intrusion prevention system-based occurrence mitigation action in connection with one or more of the plurality of actual vulnerabilities; said firewall-based occurrence mitigation action including sending a firewall rule resulting in utilization of the firewall occurrence mitigation system component for preventing an actual vulnerability addressed by the firewall rule from being taken advantage of after identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule; said intrusion prevention system-based occurrence mitigation action including sending an intrusion prevention system rule resulting in utilization of the intrusion prevention system component for preventing an actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of after identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule; code that, utilizing the at least one hardware processor, sends the firewall rule utilizing at least one network, after first user input; code that utilizes the firewall occurrence mitigation system component to, after receipt of the firewall rule and after identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule, prevent the actual vulnerability addressed by the firewall rule from being taken advantage of; code that, utilizing the at least one hardware processor, sends the intrusion prevention system rule utilizing the at least one network, after second user input; and code that utilizes the intrusion prevention system component to, after receipt of the intrusion prevention system rule and after identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule, prevent the actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a firewall attack mitigation component; an intrusion prevention component; and at least one hardware processor that is configured to communicatively couple with the firewall attack mitigation component, the intrusion prevention component, and at least one data storage; said at least one hardware processor stores, in the at least one data storage, at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that; each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option, at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, and said at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes an intrusion prevention action for at least mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities; said system; displays the at least two mitigation techniques for selection by a user via at least one user interface based on the first one of the vulnerabilities being identified from a set of potential vulnerabilities to be an actual vulnerability as a function of at least one of an operating system or an application identified in connection with at least one device; receives a selection of the first mitigation technique; automatically applies the first mitigation technique, after the selection of the first mitigation technique, by sending a first communication in connection with the firewall attack mitigation component; receives a selection of the second mitigation technique; automatically applies the second mitigation technique, after the selection of the second mitigation technique, by sending a second communication in connection with the intrusion prevention component; said firewall attack mitigation component, after the selection of the first mitigation technique, receives the first communication and at least mitigates the effect of the attack that takes advantage of the first one of the vulnerabilities in response thereto; said intrusion prevention component, after the selection of the second mitigation technique, receives the second communication and at least mitigates the effect of the attack that takes advantage of the first one of the vulnerabilities in response thereto. - View Dependent Claims (19, 20, 21)
-
Specification