| 摘要 |
A system, method, and computer program product are provided for identifying operating system information associated with at least one of a plurality of networked devices, and an occurrence in connection with the at least one of the networked device. It is also determined whether at least one vulnerability capable being exploited by the occurrence is relevant to the at least one networked device based on the operating system information. To this send, the occurrence is reported in a first manner, if it is determined that the at least one vulnerability capable being exploited by the occurrence is relevant to the at least one networked device based on the operating system information. Further, the occurrence is reported in a second manner different from the first manner, if it is determined that the at least one vulnerability capable being exploited by the occurrence is not relevant to the at least one networked device based on the operating system information. |
| 主权项 |
1. A computer program product embodied on a non-transitory computer readable medium, comprising:
code for identifying at least one of an operating system and an application associated with at least one of a plurality of devices; code for accessing a data storage describing a plurality of mitigation techniques that mitigate at least one attack that takes advantage of a plurality of vulnerabilities; code for presenting a plurality of first options in connection with the plurality of mitigation techniques that each correspond with at least one of a subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device, the plurality of first options relating to an intrusion detection or prevention mitigation technique and a firewall mitigation technique that both each correspond with at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; code for receiving first user input selecting the intrusion detection or prevention mitigation technique that corresponds with at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; code for receiving second user input selecting the firewall mitigation technique that corresponds with at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; code for, based on the first user input, deploying the selected intrusion detection or prevention mitigation technique that corresponds with at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; code for, based on the second user input, deploying the selected firewall mitigation technique that corresponds with at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; code for identifying an occurrence including one or more packets communicated to the at least one device; code for determining whether the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; and code for preventing the occurrence from taking advantage of at least one of the subset of the plurality of the vulnerabilities, utilizing the selected intrusion detection or prevention mitigation technique based on the first input and utilizing the firewall mitigation technique based on the second input, by at least one of dropping or blocking the one or more packets of the occurrence that are communicated to the at least one device, and rejecting a connection request in connection with the at least one device; said computer program product operable such that the plurality of first options are presented and at least one of the first user input selecting the intrusion detection or prevention mitigation technique and the second user input selecting the firewall mitigation technique is received before the identification of the occurrence such that at least one of the intrusion detection or prevention mitigation technique and the firewall mitigation technique is deployed for preventing the occurrence from taking advantage of at least one of the subset of the plurality of the vulnerabilities, in response to the determination that the occurrence is capable of taking advantage of at least one of the subset of the plurality of the vulnerabilities posed by the identified at least one of the operating system and the application associated with the at least one device; said computer program product operable such that at least one of a plurality of second options is presented and at least one of a user input selecting a post-occurrence intrusion detection or prevention mitigation technique, a user input selecting a post-occurrence firewall mitigation technique, and a user input selecting a post-occurrence other mitigation technique is received after the identification of the occurrence such that at least one of the post-occurrence intrusion detection or prevention mitigation technique, the post-occurrence firewall mitigation technique, and the post-occurrence other mitigation technique is utilized, in response to at least one of the user input selecting the post-occurrence intrusion detection or prevention mitigation technique, the user input selecting the post-occurrence firewall mitigation technique, and the user input selecting the post-occurrence other mitigation technique. |
