121 results about "Vulnerability assessment" patented technology

Providing a user with assurance that a computer is secure based on a vulnerability assessment completed by a browser-compatible scanner operating on the computer. If the scanner finds a vulnerability, the scanner can inform the user that the machine is or may be compromised, or repair the vulnerability. For example, the scanner may be able to repair the vulnerability of the workstation. In the alternative, the scanner can provide the scan results to a network server. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can decline to provide network services to the workstation.

The present invention provides a system and method for predicting and preventing unauthorized intrusion in a computer configuration. Preferably, the invention comprises a communication network to which at least two computing devices connect, wherein at least one of the computing devices is operable to receive data transmitted by the other computing device. The invention further comprises a database that is accessible over the network and operable to store information related to the network. A vulnerability assessment component is provided that is operable to execute a command over the communication network, and a data monitoring utility operates to monitor data transmitted over the communication network as the vulnerability assessment component executes commands. Also, an intrusion detection component is included that is operable to provide a simulated copy of the network, to generate a first data transmission on the simulated copy of the network that represents a second data transmission on the communication network, and to compare the first data transmission with a second data transmission. The vulnerability assessment component preferably interfaces with the intrusion detection component to define rules associated with the first and second data transmissions, to store the rules in the database, and to retrieve the rules from the database in order to predict and prevent unauthorized intrusion in the computer configuration.

A system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.

A system and method for a vulnerability assessment mechanism that serves to actively scan for vulnerabilities on a continuous basis and interpret the resulting traffic in context of policy is provided. Vulnerability information is presented within an enterprise manager system enabling the user to access vulnerability information, recommended remediation procedures, and associated network traffic. A studio mechanism is used to add scanners to the appropriate policies and control the scope and distribution of scans within the target network.

A scalable method, system, and apparatus for non-intrusively auditing and improving security assessments includes capturing, storing, presenting, displaying, inspecting, monitoring, and analyzing data flow in client-server security assessments and/or network/infrastructure security assessments. The invention provides interested parties with a mechanism to non-intrusively audit in real-time the vulnerability test effort, as well as review, replay, and analyze all aspects of the security assessment during and after the test. For web application assessments, the data capture includes one of the following or some combination: an intermediary with all data passing through the intermediary; a sniffer that can passively extract all data being communicated between the application and tester; and a plurality of computing modules (e.g., software, appliances, etc.) installed in the tester environment or within the application system environment (e.g., software installed on the tester's computer, or on the computer where the intermediary is running, or software installed on the application systems proxy or web server, or an appliance in either environment) for storing, processing, analyzing, reporting, and displaying the data.

Providing a user with assurance that a networked computer is secure, typically before completion of the log-in operation. This can be accomplished by extending the local log-in process to perform a host assessment of the workstation prior to requesting the user's credentials. If the assessment finds a vulnerability, the log-in process can inform the user that the machine is or may be compromised, or repair the vulnerability, prior to completion of the log-in operation. By performing vulnerability assessment at the level of the workstation, a network server is able to determine whether the workstation is a “trusted” platform from which to accept authentication requests. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can elect to fail the authentication on the grounds that the workstation cannot be trusted. Optionally, a vulnerability assessment tool may be able to repair the vulnerability of the workstation, and then allow the authentication to proceed.

The inventive device includes a dashboard or graphical user interface (GUI), a security access control (AUTH) and secure communications sub-system (SEC-COMM), network and asset discover and mapping system (NAADAMS), an asset management engine (AME), vulnerability assessment engine (CVE-DISCOVERY), vulnerability remediation engine (CVE-REMEDY), a reporting system (REPORTS), a subscription, updates and licensing system (SULS), a countermeasure communications system (COUNTERMEASURE-COMM), a logging system (LOGS), a database integration engine (DBIE), a scheduling and configuration engine (SCHED-CONFIG), a wireless and mobile devices/asset detection and management engine (WIRELESS-MOBILE), a notification engine (NOTIFY), a regulatory compliance reviewing and reporting system (REG-COMPLY), client-side (KVM-CLIENT) integration with KVM over IP or similar network management equipment, authentication-services (KVM-AUTH) integration with KVM over IP or similar network management equipment and server-side (KVM-SERVER) integration with KVM over IP or similar network management equipment.

To answer the security needs of the market, a preferred embodiment was developed. A preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests can emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment can be performed over the Internet, both domestic and worldwide corporations benefit. A preferred embodiment's physical subsystems combine to form a scalable holistic system that can be able to conduct tests for thousands of customers any place in the world. The security skills of experts can be embedded into a preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time. A preferred embodiment can reduce the work time required for security practices of companies from three weeks to less than a day, as well as significantly increase their capacity. Component subsystems typically include a Database, Command Engine, Gateway, multiple Testers, Report Generator, and an RMCT.

A method, apparatus and program storage device for providing automated tracking of security vulnerabilities is disclosed. Security problems are reported, aged and tracked. A time to fix the vulnerability identified by the vulnerability assessment of the system is based on the determined vulnerability score. The vulnerability factor is based upon consideration of a plurality of identified parameters.

Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.

Provided is a security risk evaluation method for threat management. According to the present invention, new threats or vulnerabilities for a network which should be protected (target network) are collected, and a threat management environment is assessed by checking whether or not to apply attack-attempt detection rules and vulnerability assessment rules for assets related to the threats or vulnerabilities. Based on the assessment result, the range and level of response are previously checked and complemented, and corresponding risk evaluation is provided. Therefore, the threat management environment can be managed effectively.

The present invention provides a means of providing computer security vulnerability information to a plurality of organizations such that the vulnerability information provided to each organization is customized to its network environment. Each organization has an Enterprise Server. An asset management module in each organization's Enterprise Servers sends device configuration information to a system at a Co-Location Facility. The Co-Location Facility system aggregates this data. Information concerning vulnerabilities is also gathered from computer equipment vendors on an ongoing basis. This vulnerability information is compared to the aggregated data from the organizations' Enterprise Servers, and only the vulnerability information relevant to each organization is delivered back to that organization. The delivered information is then used to customize the vulnerability assessment and management activities, including scanning, for each organization such that their activities are limited to vulnerabilities that are directly related to their environment.

According to embodiments of the present invention, host platform device includes an embedded firmware agent that may detect an attempt by the host platform device to fully connect to a network. The firmware agent may restrict traffic between the host platform device and the network to bootstrap traffic, test the device to determine device vulnerability, may temporarily stop access to other peripheral devices, and transmit a report of the device vulnerability to a remote policy server. After the test(s) are performed, the firmware agent may receive an indication from the remote policy server as to whether the device is permitted to fully connect to the network and, if so, whether there are any further restrictions on traffic flow, for example, and if the peripheral device access may be allowed.

The invention discloses a bug repair method based on hierarchical bug threat assessment. The method comprises the following steps: (1) extracting a plurality of information security attributes of the target system, a bug to be tested, and required attack conditions for the bug in the utilized process; (2) attacking the bug, and recording the value of the required attack conditions for the bug in the utilized process and the degree of damage after the bug is successfully utilized; (3) obtaining the qualitative grade score of the bug according to the degree of damage; (4) obtaining the attack utilization score of the bug according to the value of the required attack conditions; (5) obtaining the quantitative grade score according to the attack utilization value and the qualitative grade score; (6) and after determining the bug processing sequence according to the quantitative grade score of the bug to be tested, and repairing the bug. The method combines the advantages of qualitative and quantitative bug assessment methods, and divides the bugs as detailed as possible on the basis of visually giving out the bug threat degree, thereby helping the user to repair a great deal of bugs.

Systems and methods of assessing Wi-Fi network vulnerability and enforcing policy based thereon in a cloud-based security system include obtaining and storing security risk scores for a plurality of Wi-Fi networks based in part on analysis performed by user equipment in range of each of the plurality of Wi-Fi networks; detecting user equipment associated with the cloud-based security system either desiring to connect to or already connected to a Wi-Fi network; obtaining a security risk score of the Wi-Fi network; and enforcing policy for the user equipment based on the obtained security risk score of the Wi-Fi network.

Techniques are disclosed for analyzing a wireless communications device. The techniques include, for instance, assessing vulnerability of the device, including its susceptibility to jamming, by applying one or more interfering signals to the device and observing the device's response. The techniques further include identifying one or more vulnerabilities that can be exploited in defeating malicious behavior involving use of the device (e.g., such as using the device for remote detonation of explosives). Applying one or more interfering signals to the device may include, for instance, applying a trigger signal and a jamming signal to the device, and adjusting the jamming signal until the trigger signal is rendered ineffective in acting as a trigger signal. Identifying one or more vulnerabilities that can be exploited in defeating malicious behavior may include, for instance, reporting parameters of the one or more interfering signals that result in defeating the malicious behavior.

A device, method, and program product are disclosed which are configured to receive, at a risk analysis engine, one or more business service models from a configuration management database, wherein the one or more business service models each comprises a set of configuration items, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item; send the set of configuration items to a vulnerability assessment tool; receive, from the vulnerability assessment tool, one or more vulnerability assessment scores for each configuration item within the set of configuration items; determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability assessment scores received from the vulnerability assessment tool; and output electronically the overall business service vulnerability score.