Anti-vulnerability system, method, and computer program product

摘要

A system, method, and computer program product are provided including client and server code configured to cooperate, resulting in display, via at least one user interface, of a plurality of user options for causing different actions of different types in connection with at least one of the networked devices that is actually vulnerable to at least one of a plurality of actual vulnerabilities for at least mitigating an occurrence. The user options include a first user option for causing a first action for dropping packets in connection with the at least one networked device for mitigating the occurrence and a second user option for causing a second action for installation of a patch on the at least one networked device for removing the at least one vulnerability from the at least one networked device. Based on receipt of first user input selecting the first option via the at least one user interface, the first action is caused for dropping packets in connection with the at least one networked device for mitigating the occurrence. Based on receipt of second user input selecting the second option via the at least one user interface, the second action is caused for installation of the patch on the at least one networked device, utilizing the client code, for removing the at least one vulnerability from the at least one networked device.

主权项

1. A computer program product embodied on a non-transitory computer readable medium, comprising:
code for: identifying at least one aspect of at least one networked device; accessing at least one data structure including particular weakness information related to a plurality of particular weaknesses, a portion of the particular weakness information related to the particular weaknesses being associated with at least one of a plurality of techniques capable of removing a corresponding particular weakness from the at least one networked device when the at least one networked device actually has the corresponding particular weakness, such that:
a first portion of the particular weakness information related to a first particular weakness is associated with a first technique for completing an installation of software for removing the first particular weakness,a second portion of the particular weakness information related to a second particular weakness is associated with a second technique for affecting a service for removing the second particular weakness, anda third portion of the particular weakness information related to a third particular weakness is associated with a third technique for changing a configuration for removing the third particular weakness; the first technique, the second technique, and the third technique being different from each other; determining whether the at least one networked device actually has one or more of the particular weaknesses, based on the at least one data structure and the at least one aspect of the at least one networked device; performing one or more actions based on the determination, such that:
when it is determined that the at least one networked device actually has the first particular weakness:
the first technique is applied on the at least one networked device by automatically completing the installation of the software on the at least one networked device for removing the first particular weakness from the at least one networked device;when it is determined that the at least one networked device actually has the second particular weakness:
the second technique is applied on the at least one networked device by automatically affecting the service in connection with the at least one networked device for removing the second particular weakness from the at least one networked device;when it is determined that the at least one networked device actually has the third particular weakness:
the third technique is applied on the at least one networked device by automatically changing the configuration of the at least one networked device for removing the third particular weakness from the at least one networked device; generating status information that is based on a completion of the one or more actions; communicating the status information; said computer program product further operable for: identifying a request for a network resource by the at least one networked device; receiving the status information from the at least one networked device; after the identification of the request for the network resource, determining a reaction to the request for the network resource, based the status information; and causing the reaction; wherein the computer program product is operable such that the request for the network resource includes a connection request, and the reaction includes allowing or blocking the connection request; wherein the computer program product is operable such that, in addition to being capable of supporting at least one aspect of both the identification of the at least one aspect of the at least one networked device and the performance of the one or more actions, a single client agent is further capable of supporting at least one aspect of the communication of the status information such that, in response to the identification of the request for the network resource by the at least one networked device, the reaction to the request for the network resource is capable of being determined, based the status information, which is received in connection with the request for the network resource.