Patents Assigned to SecurityProfiling Inc.
-
Publication number: 20140109230Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: December 21, 2013Publication date: April 17, 2014Applicant: SecurityProfiling, Inc.Inventor: Brett M. Oliphant
-
Patent number: 8266699Abstract: A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user's selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.Type: GrantFiled: July 1, 2004Date of Patent: September 11, 2012Assignee: SecurityProfiling Inc.Inventor: Brett M. Oliphant
-
Publication number: 20070256132Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device's policy settings, and some that change one of the device's configuration files or registry.Type: ApplicationFiled: July 1, 2004Publication date: November 1, 2007Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20070118756Abstract: A database maintains security status information on each device in a network, based on whether the device's operating system, software, and patches are installed and configured to meet a baseline level of security. A network gateway proxy blocks connection attempts from devices for which the database indicates a substandard security status, but allows connections from other devices to pass normally. The database is preferably updated on a substantially real-time basis by client-side software run by each device in the network.Type: ApplicationFiled: July 1, 2004Publication date: May 24, 2007Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20070113100Abstract: A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user's selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.Type: ApplicationFiled: July 1, 2004Publication date: May 17, 2007Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20070113265Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: July 1, 2004Publication date: May 17, 2007Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20070113272Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: July 1, 2004Publication date: May 17, 2007Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20070112941Abstract: A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: July 1, 2004Publication date: May 17, 2007Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20060259779Abstract: Abstract of the Disclosure A security information management system is described, wherein a database of potential vulnerabilities is maintained, along with data describing remediation techniques (patches, policy settings, and configuration options) available to protect against them. At least one vulnerability is associated in the database with multiple available remediation techniques. In one embodiment, the system presents a user with the list of remediation techniques available to protect against a known vulnerability, accepts the user’s selection from the list, and executes the selected technique. In other embodiments, the system uses a predetermined prioritization schedule to automatically select among the available remediation techniques, then automatically executes the selected technique.Type: ApplicationFiled: July 1, 2004Publication date: November 16, 2006Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20060259775Abstract: Abstract of the Disclosure A database maintains security status information on each device in a network, based on whether the device’s operating system, software, and patches are installed and configured to meet a baseline level of security. A network gateway proxy blocks connection attempts from devices for which the database indicates a substandard security status, but allows connections from other devices to pass normally. The database is preferably updated on a substantially real-time basis by client-side software run by each device in the network.Type: ApplicationFiled: July 1, 2004Publication date: November 16, 2006Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20060259946Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: July 1, 2004Publication date: November 16, 2006Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20060259593Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: July 1, 2004Publication date: November 16, 2006Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20060259972Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The remediation techniques in the database include some that apply software patches, some that change the device’s policy settings, and some that change one of the device’s configuration files or registry.Type: ApplicationFiled: July 1, 2004Publication date: November 16, 2006Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant
-
Publication number: 20060230441Abstract: Abstract of the Disclosure A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof. A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.Type: ApplicationFiled: July 1, 2004Publication date: October 12, 2006Applicant: SecurityProfiling, Inc.Inventor: Brett Oliphant