[0060] In some embodiments, periodically providing one or more records of a digital device to the security assessment system 202 may lead to detection and identification of vul- nerabilities before traditional scanning of network targets can be scheduled and conducted.

For example, the primary purpose of one or more of the logs may be to allow review of configurations, process efficiency, performance, backup, and/or error han- dling of application instances.

[0117] Some embodiments present an entirely new way of examining network devices for vulnerabilities—one that may leverage data from existing agents to eliminate the need for an active vulnerability scan as described in the prior art.

Applications config- ured to periodically send the logs to different network desti- nations may be further configured to provide an additional copy to the security assessment system 202.

[0145] Those skilled in the art will appreciate that the scan module 406 may periodically update or otherwise maintain a table or other data structure which includes locations and/or types of records of a digital device.

These improvements, originated from discussions with internal/external experts, helped increasing the efficiency in generating the report, collecting and disseminating the information and establishing better coherence among a variety of ENISA materials on cyberthreats.

These improvements, originated from discussions with internal/external experts, helped increasing the efficiency in generating the report, collecting and disseminating the information and establishing better coherence among a variety of ENISA materials on cyberthreats.

Looking at the details provided by this report and ETL in general, one can distinguish between the following information types and target groups: • The first part of the document found in chapter 2 is a description of the current state-of-play in cyberthreat intelligence (CTI).

2.2 Cyberthreat Intelligence Maturity Model The interest in CTI increased during the last five years, largely due to the need to have a better understanding about threats, adversary's behaviour, tools and techniques in anticipation of cyberattacks.

Part of the solution is to obtain data and information that allows them to analyse and investigate the intention, behaviour, tools, tactics and techniques of adversaries shifting from reactive to a proactive defence strategy.

Even when the security software is capable of detecting an attack, the security software is capable of detecting an attack, analysis and remediation may still require that a human analysis and remediation may still require that a human operator be dispatched to the affected client system, for operator be dispatched to the affected client system, for instance to apply a patch, recover lost data, etc.

0017 FIG. 4 shows an exemplary sequence of steps [0017] FIG. 4 shows an exemplary sequence of steps carried out by an installer application to set up computer carried out by an installer application to set up computer security on a client system according to some embodiments security on a client system according to some embodiments of the present invention.

An exemplary entry of database 17 may further comprise system profile data (e.g., including OS further comprise system profile data (e.g., including OS version, installed applications, various settings, owner, con version, installed applications, various settings, owner, con- tact information, etc.) for the respective client system/virtual tact information, etc.) for the respective client system/virtual machine.

In some embodiments, processor 12 comprises a physical device (e.g. a micropro processor 12 comprises a physical device (e.g. a micropro- cessor, a multi-core integrated circuit formed on a semicon cessor, a multi-core integrated circuit formed on a semicon- ductor Substrate, etc.) configured to execute computational ductor substrate, etc.) configured to execute computational and/or logical operations with a set of signals and/or data.

Although FIGS. 3-A-B show only one guest VM, in applications such as virtual show only one guest VM, in applications such as virtual desktop infrastructure (VDI) and server farming, client desktop infrastructure (VDI) and server farming, client system 12 may execute multiple such VMs (e.g., hundreds) system 12 may execute multiple such VMs (e.g., hundreds) concurrently.

The authors would also like to thank security experts Simon Burson, Anton Chuvakin (Gartner), Fred Cohen (Fred Cohen & Associates), Mariano M. del Rio (SIClabs), Jake Evans (Tripwire), (Gartner), Fred Cohen (Fred Cohen & Associates), Mariano M. del Rio (SIClabs), Jake Evans (Tripwire), Walter Houser (SRA), Panos Kampanakis (Cisco), Kathleen Moriarty (EMC), David Schwalenberg Walter Houser (SRA), Panos Kampanakis (Cisco), Kathleen Moriarty (EMC), David Schwalenberg (National Security Agency), and Wes Young (Research and Education Networking Information Sharing (National Security Agency), and Wes Young (Research and Education Networking Information Sharing and Analysis Center [REN-ISAC]), as well as representatives of the Blue Glacier Management Group, the and Analysis Center [REN-ISAC]), as well as representatives of the Blue Glacier Management Group, the Centers for Disease Control and Prevention, the Department of Energy, the Department of State, and the Centers for Disease Control and Prevention, the Department of Energy, the Department of State, and the Federal Aviation Administration for their particularly valuable comments and suggestions.

A special thanks goes to Brian Kim of Booz Allen Hamilton, who co-authored the original version; to Kelly Masone of Blue Glacier Management Group, who co-authored the first revision; original version; to Kelly Masone of Blue Glacier Management Group, who co-authored the first revision; and also to Rick Ayers, Chad Bloomquist, Vincent Hu, Peter Mell, Scott Rose, Murugiah Souppaya, Gary and also to Rick Ayers, Chad Bloomquist, Vincent Hu, Peter Mell, Scott Rose, Murugiah Souppaya, Gary Stoneburner, and John Wack of NIST; Don Benack and Mike Witt of US-CERT; and Debra Banning, Stoneburner, and John Wack of NIST; Don Benack and Mike Witt of US-CERT; and Debra Banning, Pete Coleman, Alexis Feringa, Tracee Glass, Kevin Kuhlkin, Bryan Laird, Chris Manteuffel, Ron Pete Coleman, Alexis Feringa, Tracee Glass, Kevin Kuhlkin, Bryan Laird, Chris Manteuffel, Ron Ritchey, and Marc Stevens of Booz Allen Hamilton for their keen and insightful assistance throughout the Ritchey, and Marc Stevens of Booz Allen Hamilton for their keen and insightful assistance throughout the development of the document, as well as Ron Banerjee and Gene Schultz for their work on a preliminary development of the document, as well as Ron Banerjee and Gene Schultz for their work on a preliminary draft of the document.

Introduction Introduction 1.1 Authority 1.1 Authority The National Institute of Standards and Technology (NIST) developed this document in furtherance of its The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347.

Besides the business reasons to establish an incident response capability, Federal departments and Besides the business reasons to establish an incident response capability, Federal departments and agencies must comply with law, regulations, and policy directing a coordinated, effective defense against agencies must comply with law, regulations, and policy directing a coordinated, effective defense against information security threats.

Chief among these are the following: ■ OMB's Circular No. A-130, Appendix III, 3 released in 2000, which directs Federal agencies to  OMB’s Circular No. A-130, Appendix III,3 released in 2000, which directs Federal agencies to "ensure that there is a capability to provide help to users when a security incident occurs in the system “ensure that there is a capability to provide help to users when a security incident occurs in the system and to share information concerning common vulnerabilities and threats.