최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0499237 (2014-09-28) |
등록번호 | US-8984644 (2015-03-17) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 8 인용 특허 : 672 |
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable o
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
1. A computer program product embodied on a non-transitory computer readable medium, comprising: code for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage that is used
1. A computer program product embodied on a non-transitory computer readable medium, comprising: code for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage that is used to identify a plurality of potential vulnerabilities, by including:at least one first potential vulnerability, andat least one second potential vulnerability;said actual vulnerability information generated utilizing the potential vulnerability information, in response to code execution by at least one processor, by: identifying at least one configuration associated with a plurality of devices including a first device, a second device, and a third device, anddetermining that the plurality of devices is actually vulnerable to at least one actual vulnerability based on the identified at least one configuration, utilizing the potential vulnerability information that is used to identify the plurality of potential vulnerabilities;code for identifying an occurrence in connection with at least one of the plurality of devices;code for determining that the at least one actual vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence identified in connection with the at least one of the plurality of devices, utilizing the actual vulnerability information; andcode for providing a user with one or more options to selectively utilize different occurrence mitigation actions of diverse occurrence mitigation types, including a firewall-based occurrence mitigation type and an intrusion prevention system-based occurrence mitigation type, across the plurality of devices for occurrence mitigation by preventing advantage being taken of actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices. 2. The computer program product of claim 1, wherein the computer program product is operable for providing at least two options via a user interface including a firewall-type option for preventing at least one occurrence packet, and an intrusion prevention-type option for preventing a connection request; the computer program product is further operable such that, in response to user input received prior to receipt of the at least one occurrence packet, the firewall-type option is capable of being applied to the plurality of devices by sending a first signal over at least one network to at least one first component with firewall-type functionality such that the at least one occurrence packet is prevented across the plurality of devices; and the computer program product is further operable such that, in response to additional user input after the receipt of the at least one occurrence packet in connection with a particular single device of the plurality of devices, the intrusion prevention-type option is capable of being applied to the particular single device by sending a second signal over the at least one network to at least one second component with intrusion prevention-type functionality such that the connection request is prevented at the particular single device. 3. The computer program product of claim 1, wherein the computer program product is operable such that the provided one or more options includes at least two options including a firewall-type option, and an intrusion prevention-type option for preventing a connection request; the computer program product is further operable such that, in response to user input prior to receipt of the at least one occurrence packet, the intrusion prevention-type option is capable of being applied to the plurality of devices for preventing the connection request across the plurality of devices after the receipt of the at least one occurrence packet; and the computer program product is further operable such that, in response to user input after the receipt of the at least one occurrence packet in connection with a particular single device of the plurality of devices, the firewall-type option is capable of being applied to the particular single device. 4. The computer program product of claim 1, wherein the computer program product is operable such that the at least one actual vulnerability is determined as a function of at least one of an operating system or an application identified in connection with the plurality of devices based on the identified at least one configuration, so that, in order to avoid false positives, only relevant vulnerabilities prompt user selection among the different occurrence mitigation actions of the diverse occurrence mitigation types in connection therewith. 5. The computer program product of claim 1, wherein the computer program product is operable such that which of the different occurrence mitigation actions for which the one or more options are provided, is based on one or more of the actual vulnerabilities to which the plurality of devices is actually vulnerable so that only relevant occurrence mitigation actions are available for selection by the user. 6. The computer program product of claim 1, wherein the computer program product is operable such that the at least one actual vulnerability is determined as a function of at least one of an operating system or an application identified in connection with the plurality of devices and at least one some of the different occurrence mitigation actions are specific to the at least one actual vulnerability. 7. The computer program product of claim 1, wherein the computer program product is operable such that different user input is capable of being received prior to the occurrence for different devices, for allowing completion of the different occurrence mitigation actions, in a manner that the different user input is capable of resulting in: only a first occurrence mitigation action of the firewall-based occurrence mitigation type being user-selectively completed at the first device in response to the occurrence, only a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being user-selectively completed at the second device in response to the occurrence, and both the first occurrence mitigation action and the second occurrence mitigation action being user-selectively completed at the third device in response to the occurrence. 8. The computer program product of claim 7, wherein the computer program product is operable such that additional user input is capable of being received after a reporting of the occurrence, for causing completion of the different occurrence mitigation actions, in a manner that the additional user input is capable of resulting in: the first occurrence mitigation action of the firewall-based occurrence mitigation type being supplemented by the second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type at the first device. 9. The computer program product of claim 7, wherein the computer program product is operable such that additional user input is capable of being received after a reporting of the occurrence, for prompting a rollback of one or more of the different occurrence mitigation actions, in a manner that the additional user input is capable of resulting in: the second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type being rolled back at the third device. 10. The computer program product of claim 1, wherein the computer program product is operable such that the one or more options are provided to the user so that the user is capable of selectively utilizing both of the different occurrence mitigation actions of the diverse occurrence mitigation types in connection with the at least one actual vulnerability which includes a single actual vulnerability, such that both of the different occurrence mitigation actions are associated with the single actual vulnerability. 11. The computer program product of claim 1, and further comprising: code for: determining the occurrence to have a first severity if it is determined that the at least one actual vulnerability of the at least one of the plurality of devices is susceptible to being taken advantage of by the occurrence, and further determining the occurrence to have a second severity if it determined that the at least one actual vulnerability of the at least one of the plurality of devices is not susceptible to being taken advantage of by the occurrence; and code for reporting the occurrence differently based on whether the occurrence is determined to have the first severity or the second severity. 12. The computer program product of claim 1, wherein the computer program product is operable such that the different occurrence mitigation actions of the diverse occurrence mitigation types include: a first occurrence mitigation action of the firewall-based occurrence mitigation type including at least one of setting a configuration option, setting of a policy, or an installation of a patch; and a second occurrence mitigation action of the intrusion prevention system-based occurrence mitigation type including at least one of setting the configuration option, the setting of the policy, or the installation of the patch that is different than that included in connection with the first occurrence mitigation action. 13. The computer program product of claim 1, wherein the computer program product is operable such that the one or more options include multiple options that are provided by being displayed via an intrusion prevention system interface of an intrusion prevention system that is supported by a single client agent that supports at least one aspect of the identifying the occurrence, at least one aspect of automatically completing a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type in response to a selection of a first one of the multiple options, and at least one aspect of automatically completing a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type in response to a selection of a second one of the multiple options. 14. The computer program product of claim 1, and further comprising: code for displaying the one or more options, utilizing at least one user interface; code for receiving a first user input selecting a first one of the options, utilizing the at least one user interface; code for, based on the first user input, automatically applying a first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type; code for receiving a second user input selecting a second one of the options, utilizing the at least one user interface; and code for, based on the second user input, automatically applying a second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type. 15. The computer program product of claim 14, wherein the computer program product is operable such that the automatic application of the first one of the different occurrence mitigation actions of the firewall-based occurrence mitigation type includes sending a first signal to at least one component with firewall functionality; and the automatic application of the second one of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type includes sending a second signal to at least one component with intrusion prevention system functionality. 16. The computer program product of claim 1, wherein the computer program product is operable such that the different occurrence mitigation actions of the diverse occurrence mitigation types are capable of being automatically applied to different occurrences with different severities in real-time in response the identification of the different occurrences based on a user selection of the one or options before the identification of the different occurrences. 17. The computer program product of claim 1, and further comprising code for, based on user input, automatically blocking the occurrence, to prevent an attack from taking advantage of the at least one actual vulnerability while there is no installation of a patch that removes the at least one actual vulnerability. 18. The computer program product of claim 1, wherein the code for identifying the occurrence is capable of: identifying at least one first occurrence packet of a first occurrence directed to the first device, and identifying at least one second occurrence packet of a second occurrence directed to the second device; the code for determining that the at least one actual vulnerability of the at least one of the plurality of devices is susceptible is capable of: identifying at least one aspect of the at least one first occurrence packet and utilizing the at least one aspect of the at least one first occurrence packet to determine whether a first actual vulnerability of the first device identified by the actual vulnerability information is capable of being taken advantage of by the at least one first occurrence packet, and identifying at least one aspect of the at least one second occurrence packet and utilizing the at least one aspect of the at least one second occurrence packet to determine whether a second actual vulnerability of the second device identified by the actual vulnerability information is capable of being taken advantage of by the at least one second occurrence packet; and the code for providing the user with the one or more options includes code for displaying the one or more options via a graphical user interface and receiving user input via the graphical user interface; wherein the computer program product is operable such that, based on the user input, a first occurrence mitigation action of the different occurrence mitigation actions of the firewall-based occurrence mitigation type is completed by sending a first signal over at least one network to a first component with a firewall type functionality and preventing the first occurrence including the at least one first occurrence packet from taking advantage of the first actual vulnerability in connection with the first device; and wherein the computer program product is further operable such that a second occurrence mitigation action of the different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type is completed by sending a second signal to a second component with an intrusion prevention system type functionality and preventing the second occurrence including the at least one second occurrence packet, in automatic response thereto, from taking advantage of the second actual vulnerability in connection with the second device. 19. The computer program product of claim 18, wherein the computer program product is operable such that at least one of: said at least one first data storage includes at least one first database;said at least one second data storage includes at least one second database;said potential vulnerability information is received from the at least one second data storage by at least one of:receiving at least one update therefrom; pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said actual vulnerability information is generated via a vulnerability scan operation;said first device, said second device, and said third device are part of the same group;said at least one configuration includes at least one of configuration data, configuration information, or a configuration status;said at least one configuration includes at least one of a configuration option, a policy setting, or a patch;said at least one configuration is capable of being utilized for identifying at least one of an operating system or an application;said at least one configuration is identified utilizing information regarding at least one of an operating system or an application;said at least one configuration is identified via user input in connection with at least one setting;said user is provided with the one or more options via presentation utilizing one or more user interface elements;said occurrence mitigation by preventing advantage being taken includes at least one of removing the at least one actual vulnerability, or reducing an effect of any occurrence that is capable of taking advantage of the at least one actual vulnerability;said firewall-based occurrence mitigation type includes at least one of: a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said intrusion prevention system-based occurrence mitigation type includes at least one of: a type that mitigates the occurrence utilizing intrusion prevention system functionality, or a type that mitigates the occurrence utilizing an intrusion prevention system;said user is provided with the one or more options to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one actual vulnerability after the occurrence;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one actual vulnerability in connection with at least one of the plurality of devices;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first actual vulnerability and utilizing a second one of the different occurrence mitigation actions for a second actual vulnerability;said at least one actual vulnerability includes an operating system;said actual vulnerabilities include the at least one actual vulnerability;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one actual vulnerability which includes an operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the operating system;one or more of said one or more options are capable of being selected after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types;one or more of said one or more options are capable of being selected before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types;said different occurrence mitigation actions include different remediation actions;said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions;said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack;further comprising the code for execution by the at least one processor;said at least one aspect of the at least one first occurrence packet involves at least one of apayload thereof or an IP address;said at least one aspect of the at least one first occurrence packet is utilized to determine whether the first actual vulnerability of the first device identified by the actual vulnerability information is capable of being taken advantage of by the at least one first occurrence packet, by utilizing the at least one aspect in connection with at least one of a cross-referencing operation or a look-up operation;said user input includes separate user input for selecting the first occurrence mitigation action and the second occurrence mitigation action;said first signal and thee second signal include at least one of response signals, or signals sent in response to a query signal;said first component with the firewall type functionality includes at least one of a firewall, a gateway with the firewall type functionality, a router with the firewall type functionality, a sensor with the firewall type functionality, or a multiple-security product system with the firewall type functionality;said second component with the intrusion prevention system type functionality includes at least one of an intrusion prevention system, an intrusion detection system with the intrusion prevention system type functionality, a gateway with the intrusion prevention system type functionality, a router with the intrusion prevention system type functionality, a sensor with the intrusion prevention system type functionality, or a multiple-security product system with the intrusion prevention system type functionality;said preventing includes at least one of rejecting a request, disallowing an attempt, dropping at least one packet, blocking a potential attack, redirecting a request, setting a policy, affecting a service, changing a configuration option, or installing a patch; orsaid automatic response includes a real-time response. 20. The computer program product of claim 1, wherein the computer program product is operable such that each of: said at least one first data storage includes at least one first database;said at least one second data storage includes at least one second database;said potential vulnerability information is received from the at least one second data storage by at least one of: receiving at least one update therefrom; pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said actual vulnerability information is generated via a vulnerability scan operation;said actual vulnerability information identifies at least one actual vulnerability;said actual vulnerability information includes at least one of a vulnerability identifier or information associated with one or more of the actual vulnerabilities;said first device, said second device, and said third device are part of the same group;said at least one configuration includes at least one of configuration data, configuration information, or a configuration status;said at least one configuration includes at least one of a configuration option, a policy setting, or a patch;said at least one configuration is capable of being utilized for identifying at least one of an operating system or an application;said at least one configuration is identified utilizing information regarding at least one of an operating system or an application;said at least one configuration is identified via user input in connection with at least one setting;said user is provided with the one or more options via presentation utilizing one or more user interface elements;said occurrence mitigation includes at least one of removing the at least one actual vulnerability, or reducing an effect of any occurrence that is capable of taking advantage of the at least one actual vulnerability;said firewall-based occurrence mitigation type includes at least one of: a type that mitigates the occurrence utilizing firewall functionality, or a type that mitigates the occurrence utilizing a firewall;said intrusion prevention system-based occurrence mitigation type includes at least one of: a type that mitigates the occurrence utilizing intrusion prevention system functionality, or a type that mitigates the occurrence utilizing an intrusion prevention system;said user is provided with the one or more options to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices to mitigate the occurrence by preventing the occurrence from taking advantage of the at least one actual vulnerability after the occurrence;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions on one of the plurality of devices and utilizing a second one of the different occurrence mitigation actions on another one of the plurality of devices;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions and a second one of the different occurrence mitigation actions on each of the plurality of devices;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes completing a selected at least one of a first one of the different occurrence mitigation actions or a second one of the different occurrence mitigation actions to address the at least one actual vulnerability in connection with at least one of the plurality of devices;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first actual vulnerability and utilizing a second one of the different occurrence mitigation actions for a second actual vulnerability;said at least one actual vulnerability is an operating system;said preventing advantage being taken of the actual vulnerabilities utilizing the different occurrence mitigation actions of the diverse occurrence mitigation types across the plurality of devices, includes utilizing a first one of the different occurrence mitigation actions for a first aspect of the at least one actual vulnerability which is an operating system and utilizing a second one of the different occurrence mitigation actions for a second aspect of the operating system;one or more of said one or more options are capable of being selected after the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types;one or more of said one or more options are capable of being selected before the occurrence to selectively utilize the different occurrence mitigation actions of the diverse occurrence mitigation types;said different occurrence mitigation actions include different remediation actions;said different occurrence mitigation actions of the diverse occurrence mitigation types utilized at the plurality of devices include the same set of said different occurrence mitigation actions;said occurrence includes at least one of a request, traffic, at least one packet, or a potential attack;said at least one actual vulnerability includes at least one of the potential vulnerabilities to which the plurality of devices is determined to be actually vulnerable based on the identified at least one configuration;said at least one configuration includes at least one of: service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of an operating system, identification of a software version, or identification of software;said determining that the plurality of devices is actually vulnerable to the at least one actual vulnerability includes at least one of: matching the identified at least one configuration with a guideline associated with at least one update, or cross-referencing an identifier with the identified at least one configuration;said computer program product is embodied on a single non-transitory computer readable medium;one or more of said different occurrence mitigation actions, after a user selection, is automatically applied at a later time;one or more of said different occurrence mitigation actions puts a policy in place for being utilized at a later time;one or more of said different occurrence mitigation actions, after an automatic application thereof, is utilized at a later time for the occurrence mitigation;one of said different occurrence mitigation actions of the intrusion prevention system-based occurrence mitigation type utilizes an intrusion prevention system to deploy a patch;one of said different occurrence mitigation actions of the firewall-based occurrence mitigation type utilizes a firewall to deploy a patch utilizing an update component; andwherein the computer program product is further operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation, and wherein the computer program product is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.