This invention pertains in general to a computer network security system and, more specifically, to profiling a network for vulnerabilities and monitoring exploitations of those vulnerabilities.
Computer networks are vulnerable to many threats that can inflict damage resulting in significant losses. These threats can stem from a number of sources including malicious acts, environmental hazards, hardware and software failure, and user error. A goal of network security is to protect the confidentiality, integrity, and availability of information stored electronically in a network from these threatening sources.
Several conventional resources are available to protect a network from information losses. Firewalls are used to enforce a boundary between two or more networks by filtering network traffic passing through the firewall according to a security policy. Vulnerability detection tools perform examinations of a network to determine weaknesses that might allow attacks. Also, separate intrusion detection tools monitor a network for malicious traffic.
One problem with conventional resources is that firewalls are inadequate to fully protect a network since they traditionally only provide protection against malicious traffic passing through the firewall. The network may still be vulnerable through entry points that do not pass through the firewall.
Furthermore, vulnerability detection tools and intrusion detection tools are inherently complicated to configure and typically lack interoperability. Consequentially, security engineers need to know what types of attack signatures to look for, how to look for them, and how to respond to a detected attack. Vulnerability detection tools inaccurately assess system vulnerabilities due to limited information about the system. Likewise, intrusion detection tools generate many false positives and operate inefficiently by failing to leverage off of the limited information gathered by the vulnerability detection tools.
Therefore, there is a need for network protection that does not suffer from these problems. Preferably, the solution to this need will include vulnerability detection aspects to non-invasively detect vulnerabilities and allow the intrusion detection aspects to leverage off of the vulnerability assessment aspects.