ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT
First Claim
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
- code for accessing information associated with a plurality of mitigation techniques that mitigate a plurality of attacks that take advantage of a plurality of vulnerabilities, for retrieving a plurality of options in connection with a portion of the mitigation techniques that correspond with a subset of the plurality of the vulnerabilities resulting from at least one of an operating system or an application indicated to be on at least one device;
code for presenting the plurality of options in connection with the portion of mitigation techniques that correspond with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device, the plurality of options relating to an intrusion prevention mitigation technique and a firewall mitigation technique;
code for receiving first user input selecting the intrusion prevention mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device;
code for receiving second user input selecting the firewall mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device;
code for, based on the first user input, applying the selected the intrusion prevention mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device, for occurrence mitigation;
code for, based on the second user input, applying the selected firewall mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device, for occurrence mitigation;
code for identifying an occurrence including one or more packets directed to the at least one of the device;
code for determining whether the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device; and
code for preventing the occurrence from taking advantage of the at least one of the subset of the plurality of the vulnerabilities, utilizing at least one of the intrusion prevention mitigation technique or the firewall mitigation technique based on the application thereof, based on the determination whether the occurrence is capable of taking advantage of the at least one of the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device.
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
18 Citations
30 Claims
-
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for accessing information associated with a plurality of mitigation techniques that mitigate a plurality of attacks that take advantage of a plurality of vulnerabilities, for retrieving a plurality of options in connection with a portion of the mitigation techniques that correspond with a subset of the plurality of the vulnerabilities resulting from at least one of an operating system or an application indicated to be on at least one device; code for presenting the plurality of options in connection with the portion of mitigation techniques that correspond with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device, the plurality of options relating to an intrusion prevention mitigation technique and a firewall mitigation technique; code for receiving first user input selecting the intrusion prevention mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device; code for receiving second user input selecting the firewall mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device; code for, based on the first user input, applying the selected the intrusion prevention mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device, for occurrence mitigation; code for, based on the second user input, applying the selected firewall mitigation technique in connection with the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device, for occurrence mitigation; code for identifying an occurrence including one or more packets directed to the at least one of the device; code for determining whether the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device; and code for preventing the occurrence from taking advantage of the at least one of the subset of the plurality of the vulnerabilities, utilizing at least one of the intrusion prevention mitigation technique or the firewall mitigation technique based on the application thereof, based on the determination whether the occurrence is capable of taking advantage of the at least one of the subset of the plurality of the vulnerabilities resulting from at least one of the operating system or the application indicated to be on the at least one device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities; said first information associated with the plurality of actual vulnerabilities being based on the second information associated with the plurality of potential vulnerabilities, at least in part as a result of a determination that one or more of a plurality of networked devices is actually vulnerable based on the second information; code for determining whether an attack is capable of taking advantage of at least one of the plurality of actual vulnerabilities to which at least one of the plurality of the networked devices is actually vulnerable, at least in part as a function of the first information; code for displaying one or more user options to selectively utilize different attack mitigation actions of diverse attack mitigation types, including a firewall-based attack mitigation type and an intrusion prevention system-based attack mitigation type, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device, such that the at least one actual vulnerability is determined as a function of the at least one of the operating system or the application of the at least one networked device and the different attack mitigation actions are specific to the at least one actual vulnerability, so that only relevant actual vulnerabilities prompt user selection of relevant attack mitigation actions of the diverse attack mitigation types; and code for conditionally completing the different attack mitigation actions of the diverse attack mitigation types, including the firewall-based attack mitigation type and the intrusion prevention system-based attack mitigation type, based on a user input in connection with the displayed one or more user options, for preventing the attack from taking advantage of the at least one actual vulnerability at the at least one networked device. - View Dependent Claims (9, 10)
-
-
11. A computer program product embodied on a non-transitory computer readable medium, comprising:
-
code for receiving first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities; said first information associated with the plurality of actual vulnerabilities being based on the second information associated with the plurality of potential vulnerabilities, at least in part as a result of a determination that one or more of a plurality of devices is actually vulnerable based on the second information and at least one of an operating system or an application; and code for, based on or in connection with the first information, displaying one or more options for selection by at least one user to selectively utilize one or more different occurrence mitigation actions in connection with one or more of the plurality of actual vulnerabilities, the different occurrence mitigation actions including; a firewall-related occurrence mitigation action that includes sending a firewall update resulting in utilization of a firewall feature for preventing an actual vulnerability addressed by the firewall update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, and an intrusion detection or prevention system-related occurrence mitigation action that includes sending an intrusion detection or prevention system update resulting in utilization of an intrusion detection or prevention system feature for preventing an actual vulnerability addressed by the intrusion detection or prevention system update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion detection or prevention system update. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system, comprising:
-
an intrusion prevention system component capable of accessing at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that; each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option, at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, and said at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes a real-time intrusion prevention action for at least mitigating the attack that takes advantage of the first one of the vulnerabilities; said intrusion prevention system component configured for; causing a display of the at least two mitigation techniques for selection by a user via at least one user interface; receiving a selection of at least one of the at least two mitigation techniques; and automatically applying the selected at least one of the at least two mitigation techniques utilizing a communication between a server and client code supporting the intrusion prevention system component. - View Dependent Claims (30)
-
Specification