최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0816931 (2015-08-03) |
등록번호 | US-10050988 (2018-08-14) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 719 |
A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vu
A system, method, and computer program product are provided for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability. Further, each remediation technique has a remediation type are selected from the type group consisting of patch, policy setting, and configuration option. Still yet, a first one of the device vulnerabilities is associated with at least two alternative remediation techniques.
1. An apparatus, comprising: at least one data storage;at least one platform communicatively coupled to the at least one data storage; andat least one agent capable of being communicatively coupled to the at least one platform;said at least one data storage configured to store data on a plurality of
1. An apparatus, comprising: at least one data storage;at least one platform communicatively coupled to the at least one data storage; andat least one agent capable of being communicatively coupled to the at least one platform;said at least one data storage configured to store data on a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, where: each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;said at least one platform configured to: cause display of at least one mitigation technique for mitigating an effect of at least one attack that takes advantage of at least one vulnerability, andallow receipt of user input for selecting the at least one mitigation technique to be applied for mitigating the effect of the at least one attack that takes advantage of the at least one vulnerability;said at least one agent configured to identify information in connection with at least one of a plurality of devices for use in identifying an attack in connection with the at least one device that takes advantage of the at least one vulnerability, so that the at least one mitigation technique is capable of being applied;said apparatus configured such that one or more of the plurality of mitigation techniques is capable of being identified based on an identification of an operating system. 2. The apparatus of claim 1, wherein the apparatus is configured such that the at least one mitigation technique includes at least two mitigation techniques including a firewall option for preventing at least one attack packet of the attack by terminating or dropping the same, and an intrusion detection or prevention option; the apparatus is further configured such that, in response to first user input received prior to the attack, the firewall option is capable of being applied to a plurality of different devices for preventing the at least one attack packet at any of the different devices; and the apparatus is further configured such that, in response to additional user input after the attack in connection with a particular single device of the plurality of different devices, the intrusion detection or prevention option is capable of being applied to the particular single device. 3. The apparatus of claim 1, wherein the apparatus is configured such that the at least one mitigation technique includes at least two mitigation techniques including a firewall option for preventing at least one attack packet of the attack by terminating or dropping the same, and an intrusion detection or prevention option; the apparatus is further configured such that, in response to first user input prior to the attack, the intrusion detection or prevention option is capable of being applied to a plurality of different devices at the plurality of different devices; and the apparatus is further configured such that, in response to second user input after the attack in connection with a particular single device of the plurality of different devices, the firewall option is capable of being applied to the particular single device for preventing the at least one attack packet at the particular single device. 4. The apparatus of claim 1, wherein the apparatus is configured such that the one or more of the plurality of mitigation techniques is capable of being identified based on the identification of the operating system in connection the displaying of the at least one mitigation technique, so that, in order to avoid false positives, relevant vulnerabilities prompt mitigation technique user selection among at least two of the mitigation techniques, which involve both firewall and intrusion prevention system actions, for providing diverse mitigation options in connection with the relevant vulnerabilities. 5. The apparatus of claim 1, wherein the apparatus is configured such that the one or more of the plurality of mitigation techniques is capable of being identified based on the identification of the operating system prior to causing the display of the at least one mitigation technique, so that which of the one or more of the mitigation techniques that is caused to be displayed is based on one or more actual vulnerabilities to which the at least one device is actually vulnerable so that only relevant one or more mitigation techniques are displayed for selection by a user for attack mitigation. 6. The apparatus of claim 1, wherein the apparatus is configured such that the user input is capable of being received via at least one user interface of the at least one platform for different devices, for allowing different attack mitigation actions including at least one intrusion prevention action and at least one firewall action to be selectively applied to the different devices for different actual vulnerabilities determined to be actually relevant based on the identification of the operating system in connection with the different devices. 7. The apparatus of claim 1, wherein the apparatus is configured such that the at least one mitigation technique includes at least two mitigation techniques including a first mitigation technique that utilizes a firewall action and a second mitigation technique that utilizes an intrusion prevention action. 8. The apparatus of claim 7, wherein the apparatus is configured such that different user input is capable of being received via the at least one platform for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by a user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in: only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, and both the first mitigation technique and the second mitigation technique being selectively applied by the user to at least one third device. 9. The apparatus of claim 7, wherein the apparatus is configured such that the at least one mitigation technique further includes a third mitigation technique that utilizes a policy compliance action, wherein the apparatus is configured such that different user input is capable of being received via the at least one platform for different devices, for allowing different mitigation techniques including the first mitigation technique, the second mitigation technique, and the third mitigation technique to be selectively applied by a user to the different devices for different actual vulnerabilities, such that the different user input is capable of resulting in: only the first mitigation technique being selectively applied by the user to at least one first device; only the second mitigation technique being selectively applied by the user to at least one second device; and the first mitigation technique, the second mitigation technique, and the third mitigation technique being selectively applied by the user to at least one third device. 10. The apparatus of claim 7, wherein the apparatus is configured such that the first mitigation technique is automatically applied utilizing a first communication from an integrated firewall/intrusion prevention system platform component of the at least one platform to firewall-supporting code of the at least one agent, and the second mitigation technique is automatically applied utilizing a second communication from the integrated firewall/intrusion prevention system platform component of the at least one platform to intrusion prevention system-supporting code of the at least one agent, where the firewall- supporting code and the intrusion prevention system-supporting code are part of the at least one agent. 11. The apparatus of claim 1, wherein the apparatus is configured such that the identification of the operating system is a result of a vulnerability assessment scan caused by the at least one platform. 12. The apparatus of claim 1, wherein the at least one platform includes intrusion prevention functionality for supporting a first mitigation technique and firewall functionality for supporting a second mitigation technique, such that the intrusion prevention functionality and the firewall functionality are both supported by the at least one agent that also supports the identification of the attack in connection with the at least one device, the at least one platform further capable of receiving actual vulnerability information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of mitigation techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant mitigation techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality. 13. The apparatus of claim 1, wherein the at least one platform utilizes router-based functionality for supporting a first mitigation technique and firewall functionality for supporting a second mitigation technique. 14. The apparatus of claim 13, wherein the apparatus is configured for receiving actual vulnerability information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of mitigation techniques to allow selective utilization of the router-based functionality and the firewall functionality, so that only relevant mitigation techniques are displayed for selection to reduce false positives in connection with both the router-based functionality and the firewall functionality. 15. The apparatus of claim 1, wherein at least one of: said at least one data storage includes at least one database;said at least one data storage is accessed utilizing an operation including at least one of: receiving at least one update therefrom; pulling at least one update therefrom, communicating therewith, or synchronizing therewith;said mitigation techniques include remediation techniques;each mitigation technique has a mitigation type including the patch;each mitigation technique has a mitigation type including the policy setting;each mitigation technique has a mitigation type including the configuration option;each mitigation technique is capable of mitigating the effect of the attack that takes advantage of the corresponding vulnerability, by dropping packets associated with the attack or removing the corresponding vulnerability;said information is capable of being used to determine an intended destination of a connection request; orsaid information includes a vulnerability identifier; wherein the apparatus is operable for use with at least one network operations center (NOC) server, a data warehouse, and a software development kit (SDK) for allowing access to information associated with at least one vulnerability and at least one remediation technique; and wherein the apparatus is operable for determining which devices have vulnerabilities by directly querying a firmware or operating system of the devices. 16. An apparatus, comprising: at least one data storage configured to store at least one data structure identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, where: each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option; andat least one platform communicatively coupled to the at least one data storage, the at least one platform configured to: based on user selection, automatically apply at least two of the plurality of mitigation techniques including at least one first mitigation technique of a first mitigation type and at least one second mitigation technique of a second mitigation type;receive information in connection with at least one of a plurality of devices, identify an attack on the at least one device that takes advantage of at least one of the vulnerabilities, based on the information, andmitigate an effect of the attack on the at least one device that takes advantage of the at least one vulnerability, based on the automatic application of the at least two of the plurality of mitigation techniques including the at least one first mitigation technique of the first mitigation type and the at least one second mitigation technique of the second mitigation type to the at least one device;wherein the apparatus is configured such that the at least two of the plurality of mitigation techniques are made available for the user selection, based on an identification of an operating system. 17. The apparatus of claim 16, wherein the apparatus is configured such that the at least one first mitigation technique of the first mitigation type and the at least one second mitigation technique of the second mitigation type utilize different underlying security technology types that are both supported by at least one agent that is capable of identifying the attack and preventing the attack from taking advantage of the at least one vulnerability after the at least two mitigation techniques are automatically applied. 18. The apparatus of claim 17, wherein the apparatus is configured such that the at least one agent is further capable of supporting a vulnerability assessment scan for the identification of the operating system. 19. The apparatus of claim 16, wherein the apparatus is configured such that the first mitigation technique is automatically applied utilizing a first communication from the at least one platform to firewall-supporting code of at least one agent, and the second mitigation technique is automatically applied utilizing a second communication from the at least one platform to intrusion prevention system-supporting code of the at least one agent; wherein the at least one platform includes intrusion prevention functionality for supporting the first mitigation technique and firewall functionality for supporting the second mitigation technique, such that the intrusion prevention functionality and the firewall functionality are both supported by the at least one agent that also supports the identification of the attack in connection with the at least one device, the at least one platform further capable of receiving actual vulnerability information to conditionally make available for the user selection, as a function of an existence of one or more actual vulnerabilities, the at least two of the plurality of mitigation techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant mitigation techniques are made available for the user selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality; wherein the apparatus is further configured such that different user selections are capable of being received for different devices, for allowing different mitigation techniques including the first mitigation technique and the second mitigation technique to be selectively applied by a user to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in: only the first mitigation technique being selectively applied by the user to at least one first device, only the second mitigation technique being selectively applied by the user to at least one second device, and both the first mitigation technique and the second mitigation technique being selectively applied by the user to at least one third device. 20. An apparatus, comprising: means for identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities associated with an operating system, where: each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, andeach mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option;means for:causing display of at least two of the mitigation techniques for mitigating an effect of at least one attack that takes advantage of at least one vulnerability, andallowing receipt of at least one user input in connection with one or more of the at least two mitigation techniques; andmeans for applying the one or more of the at least two of the plurality of mitigation techniques including at least one first mitigation technique of a first mitigation type and at least one second mitigation technique of a second mitigation type to the at least one device;said apparatus configured such that the at least two mitigation techniques are displayed based on an identification of an operating system. 21. The apparatus of claim 20, wherein the apparatus is configured such that the at least one first mitigation technique is automatically applied utilizing a first communication to firewall-supporting code, and the at least one second mitigation technique is automatically applied utilizing a second communication to intrusion prevention system-supporting code; wherein the apparatus includes intrusion prevention functionality for supporting the at least one first mitigation technique and firewall functionality for supporting the at least one second mitigation technique, such that the intrusion prevention functionality and the firewall functionality are both supported by at least one component that also supports identification of attacks in connection with the at least one device, the apparatus further capable of receiving actual vulnerability information to conditionally make available for user selection, as a function of an existence of one or more actual vulnerabilities, the at least two of the mitigation techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant mitigation techniques are made available for the user selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality; wherein the apparatus is further configured such that different user selections are capable of being received for different devices, for allowing different mitigation techniques including the at least one first mitigation technique and the at least one second mitigation technique to be selectively applied to the different devices for different actual vulnerabilities, such that the different user selections are capable of resulting in: only the at least one first mitigation technique being selectively applied to at least one first device, only the at least one second mitigation technique being selectively applied to at least one second device, and both the at least one first mitigation technique and the at least one second mitigation technique being selectively applied to at least one third device. 22. The apparatus of claim 1, wherein the apparatus is configured such that one or more of the plurality of mitigation techniques is capable of being identified based on an identification of an application.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.