Systems and methods for categorizing security incidents
US-10341377-B1 · Jul 2, 2019 · US
Real time application protection system risk identification and mitigation
US11558415B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-11558415-B1 |
| Application number | US-202017122681-A |
| Country | US |
| Kind code | B1 |
| Filing date | Dec 15, 2020 |
| Priority date | Feb 10, 2020 |
| Publication date | Jan 17, 2023 |
| Grant date | Jan 17, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to identify risks of the RTAP systems. For example, the device may compare a plurality of attack signatures, from configuration settings of an application protection system to a plurality of defects from a defect data store; determine that at least one configuration setting of the application protection system corresponding to an application does not include protections for at least one defect of the plurality of defects; and in response to determine that the at least one configuration setting of the application protection system does not include protections for the at least one defect, generate an alert corresponding to the at least one defect.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: comparing a plurality of attack signatures associated with a plurality of known attacks stored in a defect data store to configuration settings of an application protection system; determining the configuration settings of the application protection system do not include protections for at least one known attack of the plurality of known attacks; in response to determining the configuration settings of the application protection system do not include protections for the at least one known attack, generating an alert corresponding to the at least one known attack and adding the attack signature associated with the at least one known attack to the configuration settings of the application protection system; testing a plurality of applications to identify one or more application defects; correlating the identified one or more application defects to a plurality of defects from the defect data store; and in response to determining that at least one of the identified one or more application defects does not correlate to one of the plurality of defects from the defect data store, generating a new attack signature for the at least one of the one or more application defects, adding the new attack signature to the configuration settings of the application protection system, and storing the new attack signature in the defect data store. 2. The method of claim 1 , wherein the respective attack signature includes at least one rule to protect against the at least one defect. 3. The method of claim 1 , further comprising: receiving at least some of the plurality of attack signatures from a third party and adding the at least some of the plurality of attack signatures to the configuration settings. 4. The method of claim 1 , further comprising: obtaining at least some of the plurality of attack signatures from the defect data store and adding the at least some of the plurality of attack signatures to the configuration settings. 5. The method of claim 1 , further comprising: comparing the plurality of attack signatures to the plurality of defects while the application protection system is in a production mode and not in a protection mode. 6. The method of claim 1 , wherein generating the alert corresponding to the at least one defect comprises transmitting the alert to a secondary device. 7. A device comprising: a memory; and one or more processors implemented in circuitry and in communication with the memory, the one or more processors configured to: compare a plurality of attack signatures associated with a plurality of known attacks stored in a defect data store to configuration settings of an application protection system; determine the configuration settings of the application protection system do not include protections for at least one known attack of the plurality of known attacks in response to determining the configuration settings of the application protection system do not include protections for the at least one known attack, generate an alert corresponding to the at least one known attack and adding the attack signature associated with the at least one known attack to the configuration settings of the application protection system; testing a plurality of applications to identify one or more application defects; correlating the identified one or more application defects to a plurality of defects from the defect data store; and in response to determining that at least one of the identified one or more application defects does not correlate to one of the plurality of defects from the defect data store, generating a new attack signature for the at least one of the one or more application defects, adding the new attack signature to the configuration settings of the application protection system, and storing the new attack signature in the defect data store. 8. The device of claim 7 , wherein the respective signature includes at least one rule to protect against the at least one defect. 9. The device of claim 7 , wherein the one or more processors are further configured to: receive at least some of the plurality of attack signatures from a third party and add the at least some of the plurality of attack signatures to the configuration settings. 10. The device of claim 7 , wherein the one or more processors are further configured to: obtain at least some of the plurality of attack signatures from the defect data store and add the at least some of the plurality of attack signatures to the configuration settings. 11. The device of claim 7 , wherein the one or more processors are further configured to: compare the plurality of attack signatures to the plurality of defects while the application protection system is in a production mode and not in a protection mode. 12. The device of claim 7 , wherein the one or more processors are further configured to transmit the alert to a secondary device. 13. A non-transitory computer-readable medium storing instructions that, when executed by a computing system, cause one or more processors of the computing system to: compare a plurality of attack signatures associated with a plurality of known attacks stored in a defect data store to configuration settings of an application protection system; determine the configuration settings of the application protection system do not include protections for at least one known attack of the plurality of known attacks in response to determining the configuration settings of the application protection system do not include protections for the at least one known attack, generate an alert corresponding to the at least one known attack and adding the attack signature associated with the at least one known attack to the configuration settings of the application protection system; testing a plurality of applications to identify one or more application defects; correlating the identified one or more application defects to a plurality of defects from the defect data store; and in response to determining that at least one of the identified one or more application defects does not correlate to one of the plurality of defects from the defect data store, generating a new attack signature for the at least one of the one or more application defects, adding the new attack signature to the configuration settings of the application protection system, and storing the new attack signature in the defect data store. 14. The non-transitory computer-readable medium of claim 13 , wherein the respective signature includes at least one rule to protect against the at least one defect.
Assignees
Inventors
Classifications
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
- H04L63/1433Primary
Vulnerability analysis · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Event detection, e.g. attack signature detection · CPC title
Test or assess software · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11558415B1 cover?
- Techniques are described for improving real-time application protection (RTAP) systems (e.g., web application firewalls (WAFs), runtime application self-protection (RASP) systems). In particular, a device within a trusted network may be configured to identify risks of the RTAP systems. For example, the device may compare a plurality of attack signatures, from configuration settings of an applic…
- Who is the assignee on this patent?
- Wells Fargo Bank Na
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1433. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 17 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).