Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili

Abstract: A vulnerability countermeasure device stores configuration information associating multiple computers connected via a network and software possessed by each computer, vulnerability information associating the software with information related to the vulnerability of the software, and countermeasure policy information associating the software with a countermeasure policy to be executed if there is a vulnerability in the software; calculates the computer that data will reach based on information related to a route of the data included in the data received from a used terminal; acquires software existing in the computer based on the calculated computer and configuration information; assesses whether or not there is a vulnerability in the acquired software based on the acquired software and the vulnerability information; and is provided with countermeasure unit for executing a countermeasure to a vulnerability in accordance with a countermeasure policy with respect to the software assessed to have the vulnerabili

Abstract: A security level of each service is calculated and visualized. The device includes a security level calculation unit and a security level visualization unit. The security level calculation unit receives information regarding security of the service from a plurality of sensors as observation information, and calculates a security level of each service based on the received observation information and a security level calculation policy. The security level visualization unit outputs the security level of each service, based on the security level calculated by the security level calculation unit and configuration information of the service. Further, the security level calculation policy has a service, a user using the service, and an observation item to be observed in the service. The security level calculation unit calculates the security level in association with the user of the service and the service, based on the security level calculation policy.

Abstract: An encrypted traffic test system is disclosed which tests whether or not traffic involving packets over a network is encrypted, the encrypted traffic test system including: a test data acquisition portion configured to receive each of the packets on the network so as to acquire test data from the received packet; an encrypted traffic test portion configured to evaluate the test data acquired by the test data acquisition portion for randomness using a random number testing scheme and, if the test data is evaluated to have randomness, to further determine that the traffic involving the packets including the test data is encrypted traffic; and a test result display portion configured to display a test result from the encrypted traffic test portion on a test result display screen.

Abstract: Provided is a system whereby information on activities obtained by way of monitoring system access to input and output devices and storage devices in a terminal as well as information on activities executed by way of a terminal and obtained by way of monitoring communications through a network are associated with processes in the terminal that generated the activities, and if the activities are predetermined activities executed by the same or related processes, the system detects that unauthorized processes are running on the terminal.

Abstract: A technique for collecting information concerning those files distributed on a file sharing network and for detecting an information leak file to take corrective measures is provided. Supervised information is generated by adding as attributes a file type, a speech-part appearance frequency of words making up a file name and a result of human-made judgment as to whether a file being inspected is the information leak file to key information collected from the file sharing network. Next, the supervised information is input to a decision tree leaning algorithm, thereby causing it to learn an information leak file judgment rule and then derive a decision tree for use in information leak file judgment. Thereafter, this decision tree is used to detect the information leak file from key information flowing on the file sharing network, followed by alert transmission and key information invalidation, thereby preventing damage expansion.

Abstract: An analysis unit which effectively detects incidents on the basis of events detected by a security unit such as an intrusion detection system (IDS) or a firewall (FW) installed in a network stores statistical information that is frequency-distributed information of event information obtained from the collection unit, frequency component information obtained by frequency-analyzing the statistical information and the result obtained by making analysis on the basis of the frequency component. The collection unit collects and normalizes event log information outputted by IDS or FW to be stored in an event database (DB). An alert notification unit includes an alert database (DB) for storing an alert instruction transmitted from the analysis unit and an alert notification destination and reports occurrence of incidents to a manager or the like in accordance with the instruction.

Abstract: An attack node set determination apparatus obtains an event log basic parameter extracted from collected event logs and attribute information based on the event log basic parameter. The attack node set determination apparatus performs a clustering on a space having dimensions of part or all of the obtained attribute information and event log basic parameter, computes a cluster, and transmits information on the cluster and a countermeasure against the cluster to a firewall. Upon detecting an attack packet from an attack node set, the firewall identifies a cluster including the attack packet and conducts a countermeasure against the whole identified cluster.

Abstract: A storage unit 104 of an address management apparatus 100 stores translation information 104C that associates, one-to-one, a value that can be taken by data in a block of a translation object address, with its post-translation value. An address translation unit 1032 reads, from the translation information 104C, a post-translation value associated with a value indicated by data of each block defined in the translation object IP address. Data of each block of the translation object address is translated based on the read post-translation value. This improves security in cases where access log data is provided to a third party.

Abstract: An analysis unit which effectively detects incidents on the basis of events detected by a security unit such as an intrusion detection system (IDS) or a firewall (FW) installed in a network stores statistical information that is frequency-distributed information of event information obtained from the collection unit, frequency component information obtained by frequency-analyzing the statistical information and the result obtained by making analysis on the basis of the frequency component. The collection unit collects and normalizes event log information outputted by IDS or FW to be stored in an event database (DB). An alert notification unit includes an alert database (DB) for storing an alert instruction transmitted from the analysis unit and an alert notification destination and reports occurrence of incidents to a manager or the like in accordance with the instruction.