Due to the ever-increasing amounts of unwanted data computer systems must be protected against, software updates for security programs have become a growing necessity. Specifically, unwanted data such as viruses, worms, Trojan horses, spyware, etc. is constantly being developed by attackers to intrude and sometimes even destroy computer systems. For example, the results of unwanted data has ranged from mild interference with a program, such as the display of an unwanted political message in a dialog box, to the complete destruction of data on a hard drive, and even the theft of personal information.
Many security programs have been created in order to provide the protection required by modern computer systems. For example, firewalls, intrusion detection software, scanners, etc. have been used alone and in combination in order to best guard computer vulnerabilities against all types of unwanted data. However, with increasing amounts of unwanted data constantly being developed by attackers to circumvent such security programs, continuous updates have become necessary for providing ample protection.
One type of update commonly provided by manufacturers of security programs includes patching. Patching is a method by which software updates for security programs are provided to computer systems utilizing such security programs, in order to protect the computer systems against newly discovered vulnerabilities. These patches generally include executable programs (or data that may be used by installation programs) that are run on the computer systems utilizing the security programs.
Due to the large number of updates needed to keep up with constantly discovered newfound computer system vulnerabilities, patching can become quite cumbersome. In particular, patching generally requires that all computer systems running the associated security program individually execute, or install, the patch. This results in an extremely time-consuming process. First, once a vulnerability is discovered, a patch must be created to protect the vulnerability. Then, the patch must be tested to make sure that it, in fact, protects the vulnerability. Finally, the patch must be distributed to all pertinent computer systems which must each install the patch individually and then reboot in order for the patch to operate.
For large corporations utilizing security software, the patching process may require the distribution and execution of a single patch to thousands of computers. In view of the vast number of patches that are created almost daily, this process becomes very inefficient. In addition, a network of computers, such as within a company or even over the Internet, will most likely be at risk for quite some time since full protection against the vulnerability is not provided until all computer systems install the patch. Furthermore, patches generally build on one another such that a latest patch requires all previous patches to have been installed. This may cause problems in and of itself if users of computer systems are not diligent in installing all patches.
To overcome the problems associated with patching, intrusion prevention systems have been created that employ behavioral blocking techniques. In these types of systems, continuous patching is not needed since signatures for matching specific processes and data are not used. However, since intrusion prevention systems only rely on recognized behaviors, protection is limited such that many vulnerabilities go unprotected.
Due to the inefficiencies of the foregoing patching and intrusion prevention methods, a more efficient method is needed which is capable of addressing vulnerability issues more quickly and effectively. There is thus a need for overcoming these and/or other problems associated with the prior art.