CPC G06F 21/577 (2013.01) [H04L 63/08 (2013.01); H04L 63/1433 (2013.01)] | 17 Claims |
1. A method comprising:
performing, by one or more computing devices:
maintaining a database of known vulnerabilities associated with respective software packages;
gathering data about hosts in a network, including a list of one or more externally exposed services provided by a host;
determining a software package installed on the host that is used to provide a service in the list, comprising:
determining a process on the host that is providing the service,
determining an open file that is opened by the process, and
determining that the open file is associated with the software package;
determining that the service is vulnerable based on a matching of the software package to information in the database of known vulnerabilities; and
executing a remedial action in response to determining that the service is vulnerable.
|