최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0499234 (2014-09-28) |
등록번호 | US-9350752 (2016-05-24) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 669 |
A system, method, and computer program product are provided for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage. The actual vulnerability information is generated uti
A system, method, and computer program product are provided for receiving actual vulnerability information from at least one first data storage that is generated utilizing potential vulnerability information from at least one second data storage. The actual vulnerability information is generated utilizing the potential vulnerability information. Further, the actual vulnerability information from the at least one first data storage is capable of identifying the plurality of actual vulnerabilities to which the plurality of networked computers are actually vulnerable. In use, an action may be caused to be automatically completed in connection with at least one of the networked devices.
1. A computer program product embodied on a non-transitory computer readable medium, comprising: code for identifying a plurality of aspects of at least one of a plurality of devices that are the bases for a plurality of weaknesses and applying a plurality of mitigation techniques that mitigate the
1. A computer program product embodied on a non-transitory computer readable medium, comprising: code for identifying a plurality of aspects of at least one of a plurality of devices that are the bases for a plurality of weaknesses and applying a plurality of mitigation techniques that mitigate the weaknesses based on at least one data structure identifying the mitigation techniques that mitigate the weaknesses, where:each of at least a portion of the mitigation techniques has a mitigation type including at least one of an installation of software, a policy setting, or a configuration;said at least one data structure identifies: a first mitigation technique that mitigates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second mitigation technique that mitigates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third mitigation technique that mitigates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness;code for identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness;code for determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device;code for conditionally applying at least one of the first mitigation technique, the second mitigation technique, or the third mitigation technique to the at least one device, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness; andcode for reporting to at least one server at least one of first information relating to the application of the first mitigation technique, second information relating to the application of the second mitigation technique, or third information relating to the application of the third mitigation technique;wherein the computer program product is operable such that the at least one first aspect of the at least one device includes at least one first operating system-related aspect associated with a framework that dictates how data is communicated, and the first mitigation technique is conditionally applied to the at least one device for at least mitigating the first particular weakness, based on the at least one first operating system-related aspect associated with the framework that dictates how data is communicated, and the computer program product is further operable such that the at least one second aspect of the at least one device includes at least one second operating system-related aspect associated with the framework that dictates how data is communicated, and the second mitigation technique is conditionally applied to the at least one device for at least mitigating the second particular weakness, based on the at least one second operating system-related aspect associated with the framework that dictates how data is communicated, and the computer program product is even further operable such that the at least one third aspect of the at least one device includes at least one third operating system-related aspect associated with the framework that dictates how data is communicated, and the third mitigation technique is conditionally applied to the at least one device for at least mitigating the third particular weakness, based on the at least one third operating system-related aspect associated with the framework that dictates how data is communicated. 2. The computer program product of claim 1, wherein at least one of: said at least one data structure is accessed by at least one client agent by at least one of: communication of data therewith, or synchronization of data therewith;said at least one data structure includes at least one database;said framework include at least one of an initialization file, configuration data, or a configuration registry;at least one of said at least one first operating system-related aspect, the at least one second operating system-related aspect, or the at least one third operating system-related aspect include at least one of: a password, a system access policy, a log configuration, an audit setting, a privilege right, a general service setting, a service permission, a registry value, a registry permission, a file permission, an element of a file, a part of a configuration file, or a part of an initialization file;said at least one first operating system-related aspect, the at least one second operating system-related aspect, and the at least one third operating system-related aspect relate to the same operating system;said third mitigation technique mitigates the third particular weakness by automatically changing the configuration for at least mitigating the third particular weakness;said third mitigation technique mitigates the third particular weakness by automatically changing an option in connection with the configuration for at least mitigating the third particular weakness;said third mitigation technique mitigates the third particular weakness by automatically changing the policy setting for at least mitigating the third particular weakness;at least one of said mitigation techniques mitigates at least one of the weaknesses by at least mitigating the basis therefor;at least one of said mitigation techniques mitigates at least one of the weaknesses by remediating the basis therefor;said at least portion of the mitigation techniques includes one of the mitigation techniques;said at least portion of the mitigation techniques has the mitigation type including the installation of software;said at least portion of the mitigation techniques has the mitigation type including the policy setting;said at least portion of the mitigation techniques has the mitigation type including the configuration;at least one of said mitigation techniques includes a remediation technique that includes at least one of:removes at least one of the weaknesses; or mitigates an affect of an attack that takes advantage of the at least one weakness;at least of one of said weaknesses being capable of being exploited by at least one attack;at least of one of said weaknesses includes an vulnerability;at least of one of said weaknesses is a performance-related weakness;at least of one of said weaknesses is a version-related weakness;said software includes a patch;said determining is carried out in response to a signal;said determining is carried out utilizing logic;a client agent is capable of accessing the at least one data structure while the at least one data structure is residing on the at least one server;at least one of said first information, the second information, or the third information includes an identifier; orsaid first information, the second information, and the third information are reported via a single log; andwherein the computer program product is operable for use with at least one NOC server, a data warehouse, and an SDK for allowing access to information associated with at least one vulnerability and at least one remediation technique; and wherein the computer program product is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices. 3. A computer program product of claim 1, wherein the computer program product is operable such that at least one client agent is capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the mitigation techniques that mitigate the weaknesses, so that the at least one client agent is capable of applying the mitigation techniques in immediate response to the identification of the aspects. 4. A computer program product of claim 1, wherein the computer program product is operable such that the at least one data structure resides on the at least one device for the determination whether: the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness; such that a query does not necessarily have to be sent over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness. 5. A computer program product of claim 1, wherein the computer program product is operable such that the weaknesses include performance-related weaknesses. 6. A computer program product of claim 1, wherein the computer program product is operable such that at least one client agent is capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the mitigation techniques that mitigate the weaknesses, so that the at least one client agent is capable of applying the mitigation techniques utilizing a platform of a single party, without requiring third-party software for performing the identification of the aspects of the devices. 7. A computer program product of claim 1, wherein the computer program product is operable such that a single client agent is capable of both the identification of the aspects of the devices and the application of the mitigation techniques without requiring third-party software, and both the at least one data structure and the single client agent reside on the at least one device for the determination whether the at least one device is subject to the first particular weakness, the second particular weakness, or the third particular weakness, such that the single client agent is capable of avoiding sending a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the second particular weakness, or the third particular weakness, so that the single client agent is capable of applying at least one of the mitigation techniques in immediate response to the identification of at least one of the aspects. 8. A computer program product of claim 1, wherein the computer program product is operable for supporting at least one aspect of: identifying a request for a network resource by the at least one device including a connection request; andafter the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information. 9. A computer program product embodied on a non-transitory computer readable medium, comprising: code for identifying a plurality of aspects of at least one of a plurality of devices that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure identifying the remediation techniques that remediate the weaknesses, utilizing at least one client agent, where:each of at least a portion of the remediation techniques has a remediation type including at least one of an installation of software, a policy setting, or a configuration;said at least one data structure identifies: a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness;code for identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness;code for determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device;code for conditionally applying at least one of the first remediation technique, the second remediation technique, or the third remediation technique to the at least one device, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness; andcode for reporting to at least one server at least one of first information relating to the application of the first remediation technique, second information relating to the application of the second remediation technique, or third information relating to the application of the third remediation technique;wherein the computer program product is operable such that the at least one data structure further identifies: a plurality of security-related remediation techniques that remediate a plurality of particular weaknesses including security vulnerabilities; anda plurality of non-security-related remediation techniques that remediate a plurality of particular non-security-related weaknesses; and further comprising:code for: identifying at least one security-related aspect of the at least one device that is a basis for at least one of the security vulnerabilities, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one security vulnerability, based on the at least one security-related aspect of the at least one device and the at least one data structure,conditionally applying at least one of the security-related remediation techniques to the at least one device for at least mitigating the at least one security vulnerability utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one security vulnerability,identifying at least one non-security-related aspect of the at least one device that is a basis for at least one of the non-security-related weaknesses, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one non-security-related weakness, based on the at least one non-security-related aspect of the at least one device and the at least one data structure, andconditionally applying at least one of the non-security-related remediation techniques to the at least one device for at least mitigating the at least one non-security-related weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one non-security-related weakness. 10. A computer program product of claim 9, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is capable of applying the remediation techniques in immediate response to the identification of the aspects. 11. A computer program product of claim 9, wherein the computer program product is operable such that the at least one data structure and the at least one client agent reside on the at least one device for the determination whether: the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, and the at least one device is subject to the third particular weakness; such that the at least one client agent does not necessarily have to send a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness. 12. A computer program product of claim 9, wherein the computer program product is operable such that the at least one client agent includes a vulnerability management portion for identifying the aspects of the devices that are the bases for the weaknesses and a remediation deployment portion for applying the remediation techniques that remediate the weaknesses. 13. A computer program product of claim 9, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is capable of applying the remediation techniques utilizing a platform of a single party, without requiring third-party software for performing the identification of the aspects of the devices. 14. A computer program product of claim 9, wherein the computer program product is operable such that, in addition to being capable of identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is further capable of supporting at least one aspect of: identifying a request for a network resource by the at least one device including a connection request; andafter the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information. 15. A computer program product embodied on a non-transitory computer readable medium, comprising: code for identifying a plurality of aspects of at least one of a plurality of devices that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure identifying the remediation techniques that remediate the weaknesses, utilizing at least one client agent, where:each of at least a portion of the remediation techniques has a remediation type including at least one of an installation of software, a policy setting, or a configuration;said at least one data structure identifies: a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness;code for identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness;code for determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device;code for conditionally applying at least one of the first remediation technique, the second remediation technique, or the third remediation technique to the at least one device, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness; andcode for reporting to at least one server at least one of first information relating to the application of the first remediation technique, second information relating to the application of the second remediation technique, or third information relating to the application of the third remediation technique;wherein the computer program product is operable such that the at least one data structure further identifies: a plurality of security-related remediation techniques that remediate a plurality of particular weaknesses including security vulnerabilities; anda plurality of performance-related remediation techniques that remediate a plurality of particular performance-related weaknesses; and further comprising:code for: identifying at least one security-related aspect of the at least one device that is a basis for at least one of the security vulnerabilities, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one security vulnerability, based on the at least one security-related aspect of the at least one device and the at least one data structure,conditionally applying at least one of the security-related remediation techniques to the at least one device for at least mitigating the at least one security vulnerability utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one security vulnerability,identifying at least one performance-related aspect of the at least one device that is a basis for at least one of the performance-related weaknesses, utilizing the at least one client agent,determining whether the at least one device is subject to the at least one performance-related weakness, based on the at least one performance-related aspect of the at least one device and the at least one data structure, andconditionally applying at least one of the performance-related remediation techniques to the at least one device for at least mitigating the at least one performance-related weakness utilizing the at least one client agent, based on the determination whether the at least one device is subject to the at least one performance-related weakness. 16. A computer program product of claim 15, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent, which is a single client agent, is capable of applying the remediation techniques in immediate response to the identification of the aspects. 17. A computer program product of claim 16, wherein the computer program product is operable such that the at least one data structure resides on the at least one device with the single client agent for the determination whether: the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness; such that the single client agent does not necessarily have to send a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness, so that the single client agent is further capable of applying the remediation techniques in immediate response to the identification of the aspects. 18. A computer program product of claim 17, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the single client agent is capable of applying the remediation techniques utilizing a platform of a single party, without requiring third-party software for performing the identification of the aspects of the devices. 19. A computer program product of claim 18, wherein the computer program product is operable such that, in addition to being capable of identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the single client agent is further capable of supporting at least one aspect of: identifying a request for a network resource by the at least one device including a connection request; andafter the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information. 20. A computer program product embodied on a non-transitory computer readable medium, comprising: code for identifying a plurality of aspects of at least one of a plurality of devices that are the bases for a plurality of weaknesses and applying a plurality of remediation techniques that remediate the weaknesses based on at least one data structure identifying the remediation techniques that remediate the weaknesses, utilizing at least one client agent, where:each of at least a portion of the remediation techniques has a remediation type including at least one of an installation of software, a policy setting, or a configuration;said at least one data structure identifies: a first remediation technique that remediates a first particular weakness by automatically installing software for at least mitigating the first particular weakness,a second remediation technique that remediates a second particular weakness by automatically affecting a service for at least mitigating the second particular weakness, anda third remediation technique that remediates a third particular weakness by automatically changing a configuration or policy setting for at least mitigating the third particular weakness;code for identifying at least one of a first aspect, a second aspect, or a third aspect of the at least one device that is a basis for at least one of the first particular weakness, the second particular weakness, or the third particular weakness;code for determining whether the at least one device is subject to at least one of the first particular weakness, the second particular weakness, or the third particular weakness, based on the at least one data structure and at least one of the first aspect, the second aspect, or the third aspect of the at least one device;code for conditionally applying at least one of the first remediation technique, the second remediation technique, or the third remediation technique to the at least one device, based on the determination whether the at least one device is subject to the at least one of the first particular weakness, the second particular weakness, or the third particular weakness; andcode for reporting to at least one server at least one of first information relating to the application of the first remediation technique, second information relating to the application of the second remediation technique, or third information relating to the application of the third remediation technique;wherein the computer program product is operable such that at least one of the at least one first aspect of the at least one device, the at least one second aspect of the at least one device, or the at least one third aspect of the at least one device includes at least one operating system-related aspect associated with a framework that dictates how data is communicated; and the at least one client agent is capable of applying the remediation techniques without requiring third-party software for performing the identification of the aspects of the devices and the at least one data structure resides on the at least one device with the at least one client agent while it is determined whether: the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness, such that the at least one client agent is capable of avoiding sending a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness, so that the at least one client agent is capable of applying at least one of the remediation techniques in immediate response to the identification of at least one of the aspects. 21. A computer program product of claim 20, wherein the computer program product is operable such that, in addition to being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is further capable of supporting at least one aspect of: identifying a request for a network resource by the at least one device including a connection request, and, after the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information. 22. A computer program product of claim 20, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent, which is a single client agent, is capable of applying the remediation techniques in immediate response to the identification of the aspects. 23. A computer program product of claim 20, wherein the computer program product is operable such that the at least one data structure resides on the at least one device with the at least one client agent while it is determined whether: the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness; such that the at least one client agent does not necessarily have to send a query over a network to access the at least one data structure, in order to determine whether the at least one device is subject to the first particular weakness, the at least one device is subject to the second particular weakness, or the at least one device is subject to the third particular weakness. 24. A computer program product of claim 20, wherein the computer program product is operable such that the at least one client agent includes a weakness management portion for identifying the aspects of the devices that are the bases for the weaknesses and a remediation deployment portion for applying the remediation techniques that remediate the weaknesses. 25. A computer program product of claim 20, wherein the computer program product is operable such that, by being capable of both identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is capable of applying the remediation techniques utilizing a platform of a single party, without requiring third-party software for performing the identification of the aspects of the devices. 26. A computer program product of claim 20, wherein the computer program product is operable such that, in addition to being capable of identifying the aspects of the devices that are the bases for the weaknesses and applying the remediation techniques that remediate the weaknesses, the at least one client agent is further capable of supporting at least one aspect of: identifying a request for a network resource by the at least one device including a connection request; andafter the identification of the request for the network resource, blocking the connection request based on at least one of the first information, the second information, or the third information. 27. A computer program product of claim 20, wherein the computer program product is operable such that the non-security-related remediation techniques include performance-related remediation techniques; and each code is a component of the at least one agent which includes a single agent.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.