최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0659280 (2015-03-16) |
등록번호 | US-9225686 (2015-12-29) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 5 인용 특허 : 699 |
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable o
A system, method, and computer program product are provided for identifying a first and second occurrence in connection with at least one of the networked device. In use, it is possible that it is determined that the at least one actual vulnerability of the at least one networked device is capable of being taken advantage of by the first occurrence identified in connection with the at least one networked device. Further, it is also possible that it is determined that the at least one actual vulnerability of the at least one networked device is not capable of being taken advantage of by the second occurrence identified in connection with the at least one networked device. To this end, the first occurrence and the second occurrence are reported differently.
1. A system, comprising: a firewall occurrence mitigation system component;an intrusion prevention system component; anda platform including at least one hardware processor that is configured to communicatively couple with the firewall occurrence mitigation system component, the intrusion prevention
1. A system, comprising: a firewall occurrence mitigation system component;an intrusion prevention system component; anda platform including at least one hardware processor that is configured to communicatively couple with the firewall occurrence mitigation system component, the intrusion prevention system component, and at least one data storage;said at least one hardware processor stores, in the at least one data storage, first information associated with a plurality of actual vulnerabilities, the first information being based on second information associated with a plurality of potential vulnerabilities as a result of a determination that one or more of a plurality of devices is actually vulnerable based on the second information and at least one of an operating system or an application;said at least one hardware processor, based on the first information, displays one or more options for selection by at least one user to selectively utilize a firewall-related occurrence mitigation action and an intrusion prevention system-related occurrence mitigation action in connection with one or more of the plurality of actual vulnerabilities;said firewall-related occurrence mitigation action including sending a firewall update resulting in utilization of the firewall occurrence mitigation system component for preventing an actual vulnerability addressed by the firewall update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update;said intrusion prevention system-related occurrence mitigation action including sending an intrusion prevention system update resulting in utilization of the intrusion prevention system component for preventing an actual vulnerability addressed by the intrusion prevention system update from being taken advantage of in response to identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update;said at least one hardware processor, in response to first user input, sends the firewall update utilizing at least one network;said firewall occurrence mitigation system component receives the firewall update and, after the receipt of the firewall update and in response to identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, prevents the actual vulnerability addressed by the firewall update from being taken advantage of;said at least one hardware processor, in response to second user input, sends the intrusion prevention system update utilizing the at least one network;said intrusion prevention system component receives the intrusion prevention system update and, after the receipt of the intrusion prevention system update and in response to identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update, prevents the actual vulnerability addressed by the intrusion prevention system update from being taken advantage of. 2. The system of claim 1, wherein the at least one hardware processor, in response to the first user input received in connection with at least one of the one or more options to selectively utilize the firewall-related occurrence mitigation action, sends the firewall update to the firewall occurrence mitigation system component utilizing the at least one network for installing a firewall rule on the firewall occurrence mitigation system component such that the firewall occurrence mitigation system component utilizes the firewall rule to prevent the actual vulnerability addressed by the firewall update from being taken advantage of by identification, via destination inspection, of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update; and the at least one hardware processor, in response to the second user input received in connection with at least one of the one or more options to selectively utilize the intrusion prevention system-related occurrence mitigation action, sends the intrusion prevention system update to the intrusion prevention system component utilizing the at least one network for installing an intrusion prevention system signature on the intrusion prevention system component such that the intrusion prevention system component utilizes the intrusion prevention system signature to prevent the actual vulnerability addressed by the intrusion prevention system update from being taken advantage of by identification, via payload inspection, of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update. 3. The system of claim 1, wherein the system is configured such that the one or more options is displayed based on the first information by displaying the one or more options only for the plurality of actual vulnerabilities so that, in order to avoid false positives, only relevant vulnerabilities prompt occurrence mitigation action user selection among the firewall-related occurrence mitigation action and the intrusion prevention system-related occurrence mitigation action. 4. The system of claim 1, wherein the system is configured such that: said firewall occurrence mitigation system component identifies the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, by: identifying at least one first occurrence packet, anddetermining whether the actual vulnerability addressed by the firewall update is capable of being taken advantage of, by: identifying at least one aspect of the at least one first occurrence packet, andutilizing the at least one aspect of the at least one first occurrence packet to determine whether the actual vulnerability addressed by the firewall update is capable of being taken advantage of;said firewall occurrence mitigation system component prevents the actual vulnerability addressed by the firewall update from being taken advantage of in response to the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, by reacting to the at least one first occurrence packet;said intrusion prevention system component identifies the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update, by: identifying at least one second occurrence packet, anddetermining whether the actual vulnerability addressed by the intrusion prevention system update is capable of being taken advantage of, by: identifying at least one aspect of the at least one second occurrence packet, andutilizing the at least one aspect of the at least one second occurrence packet to determine whether the actual vulnerability addressed by the intrusion prevention system update is capable of being taken advantage of;said intrusion prevention system component prevents the actual vulnerability addressed by the intrusion prevention system update from being taken advantage of in response to the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update, by reacting to the at least one second occurrence packet. 5. The system of claim 1, wherein the system is configured such that the firewall-related occurrence mitigation action and the intrusion prevention system-related occurrence mitigation action involve policy options that are capable of being automatically applied to user-selected multiple devices at once, and are further capable of being applied such that only the firewall-related occurrence mitigation action is automatically applied to first user-selected multiple devices, only the intrusion prevention system-related occurrence mitigation action is automatically applied to second user-selected multiple devices, and both the firewall-related occurrence mitigation action and the intrusion prevention system-related occurrence mitigation action are automatically applied to third user-selected multiple devices. 6. The system of claim 1, wherein the system is configured such that different user input is capable of being received for different devices, for allowing the firewall-related occurrence mitigation action and the intrusion prevention system-related occurrence mitigation action to be selectively applied by the user to the different devices for different actual vulnerabilities. 7. The system of claim 6, wherein the system is configured such that the one or more options include multiple options that are displayed via an intrusion prevention system interface of an intrusion prevention system that is supported by a single client agent that supports at least one aspect of the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system update, at least one aspect of receiving the intrusion prevention system update, and at least one aspect of preventing the actual vulnerability addressed by the intrusion prevention system update from being taken advantage of; wherein the system is configured such that the single client agent further supports at least one aspect of the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update, at least one aspect of receiving the firewall update, and at least one aspect of preventing the actual vulnerability addressed by the firewall update from being taken advantage of. 8. The system of claim 1, wherein the system is configured such that the displaying the one or more options includes displaying: a first option corresponding to the firewall-related occurrence mitigation action, and a second option corresponding to the intrusion prevention system-related occurrence mitigation action, wherein the system is further configured such that the first option is capable of being selected for a first actual vulnerability, the second option is capable of being selected for a second actual vulnerability, and both the first and second options are capable of being selected for a third actual vulnerability. 9. The system of claim 1, wherein the system is configured such that at least one of: said firewall update includes a firewall upgrade or a new firewall policy;said firewall update includes a firewall policy, a firewall rule, or a firewall setting;said firewall occurrence mitigation system component includes a firewall or another component with firewall functionality;said intrusion prevention system update includes an intrusion prevention system upgrade or a new intrusion prevention system policy;said intrusion prevention system update includes an intrusion prevention system policy, an intrusion prevention system rule, or an intrusion prevention system setting;said intrusion prevention system update and said firewall update are sent utilizing the same at least one network;said intrusion prevention system component includes an intrusion prevention system or another component with intrusion prevention system functionality;said firewall occurrence mitigation system component and the intrusion prevention system component each include hardware and software;at least one of said communicative couplings is afforded via the at least one network;said second information is received by at least one of: receiving at least one update from another data storage, pulling at least one update, or synchronizing with another data storage;said first information results from a vulnerability scan operation;said first information identifies the plurality of actual vulnerabilities;said first information includes at least one of a vulnerability identifier or information related to the plurality of actual vulnerabilities;said first information includes information related to the plurality of actual vulnerabilities including at least one of remediation information or vulnerability identifiers;said one or more options are displayed utilizing one or more user interface elements;said firewall-related occurrence mitigation action includes at least one of removing the actual vulnerability addressed by the firewall update, or preventing an effect of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall update;said firewall-related occurrence mitigation action includes at least one of: an action that results in occurrence mitigation utilizing firewall functionality, or an action that results in occurrence mitigation utilizing a firewall;said intrusion prevention system-related occurrence mitigation action includes at least one of: an action that results in occurrence mitigation utilizing intrusion prevention system functionality, or an action that results in occurrence mitigation utilizing an intrusion prevention system;one or more of said one or more options is capable of being selected before occurrence identification;said one or more options is displayed in connection with the first information;said occurrence mitigation actions include different remediation actions;said occurrences include at least one of a request, traffic, at least one packet, or a potential attack;said plurality of actual vulnerabilities include a subset of the plurality of potential vulnerabilities to which one or more of the plurality of devices is determined to be actually vulnerable based on at least one of the operating system or the application;said first information associated with the plurality of actual vulnerabilities is based on the second information associated with the plurality of potential vulnerabilities, at least in part as a result of the determination that one or more of a plurality of devices is actually vulnerable based on the second information and the operating system;said first information associated with the plurality of actual vulnerabilities is based on the second information associated with the plurality of potential vulnerabilities, at least in part as a result of the determination that one or more of a plurality of devices is actually vulnerable based on the second information and the application;said determination that one or more of a plurality of devices is actually vulnerable, is based on an automated process;said determination that one or more of a plurality of devices is actually vulnerable, is based on a vulnerability scan;said determination that one or more of a plurality of devices is actually vulnerable, is based on particular user input;said one or more options is displayed based on the first information by displaying the options only for the plurality of actual vulnerabilities;said one or more options is displayed for selection by the at least one user in connection with the same one or more of the plurality of actual vulnerabilities;said one or more options is displayed for selection by the at least one user in connection with different actual vulnerabilities;said at least one hardware processor and the at least one data storage are part of the same component;said at least one data storage is part of the platform;said firewall occurrence mitigation system component is a component of the platform;said intrusion prevention system component is a component of the platform;said system comprises the at least one data storage;said system comprises a display;said platform includes an anti-vulnerability platform; orsaid platform includes one or more computers; andwherein the system is further configured for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation, and wherein the system is configured for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices. 10. A computer program product embodied on a non-transitory computer readable medium, comprising: code that, utilizing at least one hardware processor, stores first information associated with a plurality of actual vulnerabilities in at least one data storage, the first information being based on second information associated with a plurality of potential vulnerabilities via a determination that one or more of a plurality of devices is actually vulnerable utilizing the second information and an identification of at least one of an operating system or an application, the at least one hardware processor being communicatively coupled to a firewall occurrence mitigation system component, an intrusion prevention system component, and the at least one data storage;code that, utilizing the at least one hardware processor, displays one or more options for selection by at least one user to selectively utilize a firewall-based occurrence mitigation action and an intrusion prevention system-based occurrence mitigation action in connection with one or more of the plurality of actual vulnerabilities;said firewall-based occurrence mitigation action including sending a firewall rule resulting in utilization of the firewall occurrence mitigation system component for preventing an actual vulnerability addressed by the firewall rule from being taken advantage of after identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule;said intrusion prevention system-based occurrence mitigation action including sending an intrusion prevention system rule resulting in utilization of the intrusion prevention system component for preventing an actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of after identification of an occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule;code that, utilizing the at least one hardware processor, sends the firewall rule utilizing at least one network, after first user input;code that utilizes the firewall occurrence mitigation system component to, after receipt of the firewall rule and after identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule, prevent the actual vulnerability addressed by the firewall rule from being taken advantage of;code that, utilizing the at least one hardware processor, sends the intrusion prevention system rule utilizing the at least one network, after second user input; andcode that utilizes the intrusion prevention system component to, after receipt of the intrusion prevention system rule and after identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule, prevent the actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of. 11. The computer program product of claim 10, wherein the computer program product is configured such that the one or more options is displayed based on the first information by displaying the one or more options for at least some of the plurality of actual vulnerabilities so that, in order to avoid at least some false positives, the at least some of the plurality of actual vulnerabilities prompt occurrence mitigation action user selection among the firewall-based occurrence mitigation action and the intrusion prevention system-based occurrence mitigation action. 12. The computer program product of claim 11, and further comprising: code that, utilizing the at least one hardware processor and after the first user input is received in connection with at least one of the one or more options to selectively utilize the firewall-based occurrence mitigation action, sends the firewall rule to the firewall occurrence mitigation system component utilizing the at least one network for installing the firewall rule on the firewall occurrence mitigation system component such that the firewall occurrence mitigation system component utilizes the firewall rule to prevent the actual vulnerability addressed by the firewall rule from being taken advantage of by identification, via destination inspection, of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule; andcode that, utilizing the at least one hardware processor and after the second user input is received in connection with at least one of the one or more options to selectively utilize the intrusion prevention system-based occurrence mitigation action, sends the intrusion prevention system rule to the intrusion prevention system component utilizing the at least one network for installing the intrusion prevention system rule on the intrusion prevention system component such that the intrusion prevention system component utilizes the intrusion prevention system rule to prevent the actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of by identification, via payload inspection, of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule. 13. The computer program product of claim 11, wherein the computer program product is configured such that: said firewall occurrence mitigation system component performs the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule, by: identifying at least one first occurrence packet, anddetermining whether the actual vulnerability addressed by the firewall rule is capable of being taken advantage of, by: identifying at least one aspect of the at least one first occurrence packet, andutilizing the at least one aspect of the at least one first occurrence packet to determine whether the actual vulnerability addressed by the firewall rule is capable of being taken advantage of;said firewall occurrence mitigation system component performs the prevention of the actual vulnerability addressed by the firewall rule from being taken advantage of after the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule, by reacting to the at least one first occurrence packet;said intrusion prevention system component performs the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule, by: identifying at least one second occurrence packet, anddetermining whether the actual vulnerability addressed by the intrusion prevention system rule is capable of being taken advantage of, by: identifying at least one aspect of the at least one second occurrence packet, andutilizing the at least one aspect of the at least one second occurrence packet to determine whether the actual vulnerability addressed by the intrusion prevention system rule is capable of being taken advantage of;said intrusion prevention system component performs the prevention of the actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of after the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule, by reacting to the at least one second occurrence packet. 14. The computer program product of claim 11, wherein the computer program product is configured such that different user input is capable of being received for different devices, for allowing the firewall-based occurrence mitigation action and the intrusion prevention system-based occurrence mitigation action to be selectively applied by the user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in: only the firewall-based occurrence mitigation action being selectively applied by the user to at least one first device, only the intrusion prevention system-based occurrence mitigation action being selectively applied by the user to at least one second device, and both the firewall-based occurrence mitigation action and the intrusion prevention system-based occurrence mitigation action being selectively applied by the user to at least one third device. 15. The computer program product of claim 11, wherein the computer program product is configured such that different user input is capable of being received for different devices, for allowing the firewall-based occurrence mitigation action and the intrusion prevention system-based occurrence mitigation action to be selectively applied by the user to the different devices for different actual vulnerabilities; the computer program product is configured such that the one or more options include multiple options that are displayed via an intrusion prevention system interface of an intrusion prevention system that is supported by a single client agent that supports at least one aspect of the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the intrusion prevention system rule, at least one aspect of receiving the intrusion prevention system rule, and at least one aspect of preventing the actual vulnerability addressed by the intrusion prevention system rule from being taken advantage of; and the computer program product is configured such that the single client agent further supports at least one aspect of the identification of the occurrence capable of taking advantage of the actual vulnerability addressed by the firewall rule, at least one aspect of receiving the firewall rule, and at least one aspect of preventing the actual vulnerability addressed by the firewall rule from being taken advantage of. 16. The computer program product of claim 11, wherein the computer program product is configured such that the displaying the one or more options includes displaying: a first option corresponding to the firewall-based occurrence mitigation action, and a second option corresponding to the intrusion prevention system-based occurrence mitigation action, wherein the computer program product is configured such that the first option is capable of being selected for a first actual vulnerability, the second option is capable of being selected for a second actual vulnerability, and both the first and second options are capable of being selected for a third actual vulnerability. 17. The computer program product of claim 10, wherein the computer program product is configured such that the one or more options is displayed based on the first information by only displaying the one or more options for the plurality of actual vulnerabilities so that, in order to avoid false positives, only relevant vulnerabilities prompt occurrence mitigation action user selection among the firewall-based occurrence mitigation action and the intrusion prevention system-based occurrence mitigation action. 18. A system, comprising: a firewall attack mitigation component;an intrusion prevention component; andat least one hardware processor that is configured to communicatively couple with the firewall attack mitigation component, the intrusion prevention component, and at least one data storage;said at least one hardware processor stores, in the at least one data storage, at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that: each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability,each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option,at least two of the mitigation techniques are capable of mitigating an effect of an attack that takes advantage of a first one of the vulnerabilities, andsaid at least two mitigation techniques include a first mitigation technique that utilizes a firewall action for at least mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities and a second mitigation technique that utilizes an intrusion prevention action for at least mitigating the effect of the attack that takes advantage of the first one of the vulnerabilities;said system: displays the at least two mitigation techniques for selection by a user via at least one user interface based on the first one of the vulnerabilities being identified from a set of potential vulnerabilities to be an actual vulnerability as a function of at least one of an operating system or an application identified in connection with at least one device;receives a selection of the first mitigation technique;automatically applies the first mitigation technique, after the selection of the first mitigation technique, by sending a first communication in connection with the firewall attack mitigation component;receives a selection of the second mitigation technique;automatically applies the second mitigation technique, after the selection of the second mitigation technique, by sending a second communication in connection with the intrusion prevention component;said firewall attack mitigation component, after the selection of the first mitigation technique, receives the first communication and at least mitigates the effect of the attack that takes advantage of the first one of the vulnerabilities in response thereto;said intrusion prevention component, after the selection of the second mitigation technique, receives the second communication and at least mitigates the effect of the attack that takes advantage of the first one of the vulnerabilities in response thereto. 19. The system of claim 18, wherein the system is configured such that the first one of the vulnerabilities is identified to be the actual vulnerability as a function of at least one of the operating system or the application identified in connection with the at least one device, so that, in order to avoid false positives, relevant one or more vulnerabilities prompt mitigation technique user selection among the at least two mitigation techniques. 20. The system of claim 18, wherein the system is configured such that the first communication and the second communication each includes at least one rule that is automatically installed for use thereof in identifying the attack in connection with at least one packet for at least mitigating the effect of the attack, by blocking the at least one packet. 21. The system of claim 18, wherein the system is configured such that the firewall action and the intrusion prevention action result from policy options that are capable of being applied to user-selected multiple devices at once, and are further capable of being applied such that only the firewall action is automatically performed at first user-selected multiple devices, only the intrusion prevention action is automatically performed at second user-selected multiple devices, and both the firewall action and the intrusion prevention action are automatically performed at third user-selected multiple devices.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.