Multi-path remediation
DCFirst Claim
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for accessing at least one data storage associating a plurality of device vulnerabilities, each device vulnerability having a vulnerability identifier, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities;
such that;
each of the device vulnerabilities is associated with at least one remediation technique;
each remediation technique associated with a device vulnerability remediates that device vulnerability;
each remediation technique has a remediation type including at least one of a patch, a policy setting, and a configuration option; and
a first one of the device vulnerabilities is associated with at least two alternative remediation techniques including a firewall remediation technique for reacting to packets and an intrusion prevention system remediation technique for inspecting packet payloads;
code for causing at least one operation in connection with a plurality of devices, the at least one operation configured for;
identifying at least one aspect associated with at least one of an operating system and an application of the plurality of devices, anddetermining that the plurality of devices is actually vulnerable to the first one of the device vulnerabilities, based on the identified at least one aspect;
code for displaying a result of the at least one operation;
code for storing information associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable for use in connection with selection among the at least two alternative remediation techniques;
code for receiving a first signal in connection with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the first signal capable of being received after displaying the information associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable and the first signal including an identifier for use in connection with a second signal;
code for sending the second signal, automatically generated in response to the first signal, for displaying the at least two alternative remediation techniques associated with the first one of the device vulnerabilities, for selection by a user via a user interface, such that, in order to, at least in part, avoid false positives, only a relevant vulnerability prompts remediation technique user selection among the at least two alternative remediation techniques, which include both the firewall remediation technique and the intrusion prevention system remediation technique for providing diverse remediation technique options in connection with attack mitigation;
code for receiving, prior to detecting an attack associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the selection by the user of at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads; and
code for automatically applying, prior to detecting the attack associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the selected at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads, to the plurality of devices for the attack mitigation at any of the plurality of devices;
said computer program product further operable such that, in response to another selection by the user of at least one of the at least two alternative remediation techniques after the attack in connection with at least one of the plurality of devices, applying the at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique and the intrusion prevention system remediation technique to the at least one of the plurality of devices;
said computer program product further operable for automatically applying, after the attack, the at least one of the at least two alternative remediation techniques selected via the another selection by the user.
0 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.
939 Citations
21 Claims
-
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for accessing at least one data storage associating a plurality of device vulnerabilities, each device vulnerability having a vulnerability identifier, with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities; such that; each of the device vulnerabilities is associated with at least one remediation technique; each remediation technique associated with a device vulnerability remediates that device vulnerability; each remediation technique has a remediation type including at least one of a patch, a policy setting, and a configuration option; and a first one of the device vulnerabilities is associated with at least two alternative remediation techniques including a firewall remediation technique for reacting to packets and an intrusion prevention system remediation technique for inspecting packet payloads; code for causing at least one operation in connection with a plurality of devices, the at least one operation configured for; identifying at least one aspect associated with at least one of an operating system and an application of the plurality of devices, and determining that the plurality of devices is actually vulnerable to the first one of the device vulnerabilities, based on the identified at least one aspect; code for displaying a result of the at least one operation; code for storing information associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable for use in connection with selection among the at least two alternative remediation techniques; code for receiving a first signal in connection with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the first signal capable of being received after displaying the information associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable and the first signal including an identifier for use in connection with a second signal; code for sending the second signal, automatically generated in response to the first signal, for displaying the at least two alternative remediation techniques associated with the first one of the device vulnerabilities, for selection by a user via a user interface, such that, in order to, at least in part, avoid false positives, only a relevant vulnerability prompts remediation technique user selection among the at least two alternative remediation techniques, which include both the firewall remediation technique and the intrusion prevention system remediation technique for providing diverse remediation technique options in connection with attack mitigation; code for receiving, prior to detecting an attack associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the selection by the user of at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads; and code for automatically applying, prior to detecting the attack associated with the first one of the device vulnerabilities to which the plurality of devices is actually vulnerable, the selected at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads, to the plurality of devices for the attack mitigation at any of the plurality of devices; said computer program product further operable such that, in response to another selection by the user of at least one of the at least two alternative remediation techniques after the attack in connection with at least one of the plurality of devices, applying the at least one of the at least two alternative remediation techniques including at least one of the firewall remediation technique and the intrusion prevention system remediation technique to the at least one of the plurality of devices; said computer program product further operable for automatically applying, after the attack, the at least one of the at least two alternative remediation techniques selected via the another selection by the user. - View Dependent Claims (2, 3)
-
-
4. A computer program product embodied on a non-transitory computer readable medium, the computer program product comprising:
-
code for; accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, where; each mitigation technique is for mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, and a configuration option, and at least two of the mitigation techniques are for mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, the at least two mitigation techniques including a firewall option for reacting to packets and an intrusion prevention system option for inspecting packet payloads; code for causing, in connection with a plurality of devices; identification of at least one aspect associated with at least one of an operating system and an application of the plurality of devices, and determination that the plurality of devices is actually vulnerable to the first one of the vulnerabilities, based on the identified at least one aspect; code for displaying a result of the determination; code for storing information associated with the first one of the vulnerabilities to which the plurality of devices is actually vulnerable for use in connection with selection among the at least two mitigation techniques; code for receiving a first signal prompted by a user via a user interface, the first signal capable of being received after displaying the information associated with the first one of the vulnerabilities to which the plurality of devices is actually vulnerable, the first signal including an identifier for use in connection with a second signal; code for sending, in response to the first signal, the second signal for causing display of the at least two mitigation techniques for mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities to which the plurality of devices is determined to be actually vulnerable, for selection by the user via the user interface, such that, in order to reduce false positives, a relevant vulnerability prompts mitigation technique user selection among the at least two mitigation techniques, which include both the firewall option and the intrusion prevention system option for providing diverse mitigation options for attack mitigation; code for receiving, prior to detecting an attack involving the first one of the vulnerabilities to which the plurality of devices is actually vulnerable, the selection by the user of at least one of the at least two mitigation techniques; and code for applying, prior to detecting the attack involving the first one of the vulnerabilities to which the plurality of devices is actually vulnerable, the selected at least one of the at least two mitigation techniques including at least one of the firewall remediation technique for reacting to packets and the intrusion prevention system remediation technique for inspecting packet payloads, to the plurality of devices for the attack mitigation at any of the plurality of devices; said computer program product further operable such that, in response to another selection by the user of at least one of a plurality of post-attack mitigation techniques after at least one attack in connection with at least one device, applying the at least one of the post-attack mitigation techniques including at least one of the firewall option, the intrusion prevention system option, and a different mitigation option to the at least one device; said computer program product further operable for automatically applying, after the attack, the selected at least one of the post-attack mitigation techniques. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
an intrusion prevention system component of an intrusion prevention system that includes a hardware processor and memory, the intrusion prevention system component for accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that; each mitigation technique is for mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, and a configuration option, at least two of the mitigation techniques are for mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, and said at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes a real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities; said intrusion prevention system component configured for; causing, in connection with a plurality of devices; identification of at least one aspect associated with at least one of an operating system and an application of the plurality of devices, and determination that the plurality of devices is actually vulnerable to the first one of the vulnerabilities, based on the identified at least one aspect; storing information associated with the first one of the vulnerabilities to which the plurality of devices is actually vulnerable for use in connection with selection among the at least two mitigation techniques; displaying at least a portion of the information; receiving a first signal relating to the first one of the vulnerabilities, the first signal capable of being received after displaying the information associated with the first one of the vulnerabilities to which the plurality of devices is actually vulnerable, the first signal including an identifier for use in connection with a second signal; sending the second signal, in response to the first signal, for causing a display of the at least two mitigation techniques for mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities, for selection by a user via at least one user interface, such that, in order to reduce false positives, a relevant vulnerability prompts mitigation technique user selection among the at least two mitigation techniques, which include both the first mitigation technique that utilizes the firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and the second mitigation technique that utilizes the real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities; receiving, prior to detecting an attack involving the first one of the vulnerabilities to which the plurality of devices is actually vulnerable, the selection of at least one of the at least two mitigation techniques including at least one of the first mitigation technique that utilizes the firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and the second mitigation technique that utilizes the real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities; and automatically applying, prior to detecting the attack involving the first one of the vulnerabilities to which the plurality of devices is actually vulnerable, the selected at least one of the at least two mitigation techniques including at least one of the first mitigation technique that utilizes the firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and the second mitigation technique that utilizes the real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities, utilizing a communication with client code supporting the intrusion prevention system component; said system further operable such that, in response to another selection by the user of at least one of a plurality of post-attack mitigation techniques after at least one attack in connection with at least one device, applying the at least one of the post-attack mitigation techniques including at least one of the first mitigation technique, the second mitigation technique, and a third mitigation technique to the at least one device; said system further operable for automatically applying, after the attack, the selected at least one of the post-attack mitigation techniques. - View Dependent Claims (19, 20, 21)
-
Specification