US2017230405A1PendingUtilityA1

System and Method for Managed Security Assessment and Mitigation

46
Assignee: TRUSTWAVE HOLDINGS INCPriority: Mar 2, 2012Filed: Jan 9, 2017Published: Aug 10, 2017
Est. expiryMar 2, 2032(~5.6 yrs left)· nominal 20-yr term from priority
Inventors:Scott Parcel
G06F 2221/034G06F 21/577H04L 63/1433H04L 43/50H04L 63/1408H04L 67/10H04L 63/0227H04L 63/029G06F 21/55H04L 67/02G06F 2221/03G06F 21/70G06F 16/2358
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems and methods for managed security assessment and mitigation are disclosed. An example system includes a security management system (SMS), a network device in a system under test (SUT), wherein the network device is privy to traffic in the SUT, and wherein the SMS is privy to traffic that is known by the network device and/or to one or more traffic observations that is known by the network device.

Claims

exact text as granted — not AI-modified
1 . (canceled) 
     
     
         2 . A method comprising:
 transmitting captured traffic information for a network to a cloud-based scanning system outside an Internet firewall of the network;   in response to detecting a request received from the cloud-based scanning system via a tunnel of the Internet firewall, capturing a network communication sent from a destination of the request; and   transmitting the network communication to the cloud-based scanning system to scan the network communication for security vulnerabilities.   
     
     
         3 . A method as defined in  claim 2 , further including modifying an application delivery controller to install an extension to accept requests from the cloud-based scanning system that is external from the network. 
     
     
         4 . A method as defined in  claim 2 , wherein the network communication is transmitted within a system under test. 
     
     
         5 . A method as defined in  claim 4 , wherein the tunnel is setup by a network device in the system under test. 
     
     
         6 . A method as defined in  claim 4 , further including receiving the captured traffic information from a network device in the system under test. 
     
     
         7 . A method as defined in  claim 4 , wherein the system under test includes a firewall configured to filter traffic from the Internet to devices in the system under test and to block the request when the request is transmitted to a server in the system under test server by a device outside the system under test. 
     
     
         8 . A tangible computer readable storage medium comprising instructions that, when executed, cause a network device to at least:
 transmit captured traffic information for a network to a cloud-based scanning system outside an Internet firewall of the network;   in response to detecting a request received from the cloud-based scanning system via a tunnel of the Internet firewall, capture a network communication sent from a destination of the request; and   transmit the network communication to the cloud-based scanning system to scan the network communication for security vulnerabilities.   
     
     
         9 . A tangible computer readable storage medium as defined in  claim 8 , wherein the instructions, when executed, further cause the network device to modify an application delivery controller to install an extension to accept requests from the cloud-based scanning system that is external from the network. 
     
     
         10 . A tangible computer readable storage medium as defined in  claim 8 , wherein the network communication is transmitted within a system under test. 
     
     
         11 . A tangible computer readable storage medium as defined in  claim 10 , wherein the instructions, when executed, cause the network device to setup a tunnel in the system under test. 
     
     
         12 . A tangible computer readable storage medium as defined in  claim 10 , wherein the instructions, when executed, cause the network device to capture the traffic information within the system under test. 
     
     
         13 . A tangible computer readable storage medium as defined in  claim 10 , wherein the system under test includes a firewall configured to filter traffic from the Internet to devices in the system under test and to block the request when the request is transmitted to a server in the system under test server by a device outside the system under test. 
     
     
         14 . A system comprising:
 a cloud-based scanning system to scan a network communication; and   a network device within a network of a system under test to:
 transmit captured traffic information for the system under test to the cloud-based scanning system outside an Internet firewall of the network; 
 in response to detecting a request received from the cloud-based scanning system via a tunnel of the Internet firewall, capture a network communication sent from a destination of the request; and 
 transmit the network communication to the cloud-based scanning system to scan the network communication for security vulnerabilities. 
   
     
     
         15 . A system as defined in  claim 14 , wherein the network device is further to modify an application delivery controller to install an extension to accept requests from the cloud-based scanning system that is external from the network. 
     
     
         16 . A system as defined in  claim 14 , wherein the network communication is transmitted within the system under test. 
     
     
         17 . A system as defined in  claim 16 , wherein network device is to setup the tunnel in the system under test. 
     
     
         18 . A system as defined in  claim 16 , wherein the network device is to capture the traffic information within the system under test. 
     
     
         19 . A system as defined in  claim 16 , further including a firewall configured to filter traffic from the Internet to devices in the system under test and to block the request when the request is transmitted to a server in the system under test server by a device outside the system under test.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.