US20070143851A1 - Method and systems for controlling access to computing resources based on known security vulnerabilities - Google Patents

Method and systems for controlling access to computing resources based on known security vulnerabilities Download PDF

Info

Publication number
US20070143851A1
US20070143851A1 US11/451,950 US45195006A US2007143851A1 US 20070143851 A1 US20070143851 A1 US 20070143851A1 US 45195006 A US45195006 A US 45195006A US 2007143851 A1 US2007143851 A1 US 2007143851A1
Authority
US
United States
Prior art keywords
computing system
endpoint
policy
compliance
conditions
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/451,950
Inventor
Blair Nicodemus
Billy Stephens
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Daedalus Blue LLC
Original Assignee
Fiberlink
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=38175342&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=US20070143851(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Fiberlink filed Critical Fiberlink
Priority to US11/451,950 priority Critical patent/US20070143851A1/en
Assigned to FIBERLINK reassignment FIBERLINK ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NICODEMUS, BLAIR, STEPHENS, BILLY E.
Priority to EP06847879A priority patent/EP1917757A2/en
Priority to PCT/US2006/048720 priority patent/WO2007075850A2/en
Publication of US20070143851A1 publication Critical patent/US20070143851A1/en
Assigned to FIBERLINK COMMUNICATIONS CORPORATION reassignment FIBERLINK COMMUNICATIONS CORPORATION CORRECTIVE ASSIGNMENT TO CORRECT THE NAME OF ASSIGNEE PREVIOUSLY RECORDED ON REEL 017970 FRAME 0634. ASSIGNOR(S) HEREBY CONFIRMS THE TRANSFERENCE OF ENTIRE RIGHT, TITLE AND INTEREST TO FIBERLINK COMMUNICATIONS CORPORATION.. Assignors: NICODEMUS, BLAIR, STEPHENS, BILLY E.
Assigned to FIBERLINK COMMUNICATIONS CORPORATION reassignment FIBERLINK COMMUNICATIONS CORPORATION CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNMENT DOCUMENT SHOWING FIBERLINK AS THE ASSIGNEE BUT SHOULD ACTUALLY SHOW FIBERLINK COMMUNICATIONS CORPORATION PREVIOUSLY RECORDED ON REEL 023596 FRAME 0956. ASSIGNOR(S) HEREBY CONFIRMS THE FIBERLINK COMMUNICATIONS CORPORATION IS ASSIGNEE AND HAVE INITIALED CORRECTION MADE TO ASSIGNMENT DOCUMENT FOR VERIFICATION.. Assignors: NICODEMUS, BLAIR, STEPHENS, BILLY E.
Assigned to SILICON VALLEY BANK reassignment SILICON VALLEY BANK SECURITY AGREEMENT Assignors: FIBERLINK COMMUNICATIONS CORPORATION
Priority to US13/587,505 priority patent/US8955038B2/en
Assigned to FIBERLINK COMMUNICATIONS CORPORATION reassignment FIBERLINK COMMUNICATIONS CORPORATION RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: SILICON VALLEY BANK
Priority to US14/618,685 priority patent/US9608997B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FIBERLINK COMMUNICATIONS CORPORATION
Priority to US15/470,509 priority patent/US9923918B2/en
Assigned to DAEDALUS GROUP LLC reassignment DAEDALUS GROUP LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INTERNATIONAL BUSINESS MACHINES CORPORATION
Assigned to DAEDALUS GROUP, LLC reassignment DAEDALUS GROUP, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INTERNATIONAL BUSINESS MACHINES CORPORATION
Assigned to DAEDALUS BLUE LLC reassignment DAEDALUS BLUE LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DAEDALUS GROUP, LLC
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/34Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
    • G06F11/3466Performance evaluation by tracing or monitoring
    • G06F11/3495Performance evaluation by tracing or monitoring for systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the present invention relates generally to electronic computer security, and more specifically to methods and systems for controlling access to computing resources based on known computing security vulnerabilities.
  • Electronic communication is becoming the industry standard for business communications. Increasingly, office files, design documents, employee work products, company information, and most other important business information is being created and stored electronically on desktop computers, laptop computers, handheld computing devices (collectively ‘personal computing device’ or ‘computing device’) and company networks. At work, employees access such networks, along with their associated corporate computing resources from their local computing device, on a daily basis in order to perform their jobs. Away from work, employees similarly access such networks and resources, typically through remote connections. Numerous types of electronic connections are ubiquitous in the industry and well known to the reader, for example: dial-up connections, wireless connections, high-speed connections of various types, virtual private network connections, and others.
  • Endpoint access controls have followed an incremental, evolutionary path. Prior to the storage of sensitive data and the recognition of the security issues associated therewith, there were no endpoint access controls. However, security issues such as data theft, unauthorized access, fraud, etc., and the resulting concerns, created an industry-wide demand for security solutions.
  • the first generation of endpoint access control included operating system services that controlled user access to one or more system resources, such as applications, data files, configuration settings, etc. Users were permitted or denied access to these resources based on a variety of factors, such as their login ID (which was authenticated using a secret) and a secured profile of policy settings identifying permissions and/or restrictions. These permissions were generally static in that they were not context sensitive in any other dimension than the user ID. There was no consideration of environmental factors. This static nature of security services embedded into the operating system remains relatively unchanged in many environments, to the present day.
  • point solutions that address point security concerns by providing point access control capabilities.
  • point solutions include: personal firewalls that restrict inbound and/or outbound access to specified applications, ports, addresses and/or communication protocols; antivirus agents, anti-spyware agents and application white-list management agents that monitor, detect and/or restrict access to specific system resources such as memory, registry keys, etc.; software update agents that automatically update an application if it is not a specified version; data encryption agents that encrypt specific files, the complete contents of specific folders, etc.; and physical access control agents that restrict access to floppy drives, USB drives, CD-ROM drives, etc.
  • These security agents are one-dimensional in that they look at a single aspect of the endpoint's security posture and make decisions on that basis. There is no integration of data across these security agents—all of these security solutions operate autonomously and completely independent of each other, with little or no communications between them or awareness of the state of other applications running on the endpoint. As with operating system security services, these point solutions are also static. The business logic and configurations of these point solutions are not context sensitive. They typically apply the same rules regardless of the user ID, user location, time of day, presence or absence of other security applications on the endpoint, configuration and state of other security or management applications on the endpoint, etc. While providing relatively stable and secure access control, such static endpoint controls remain inflexible and not adaptable to user and business needs. They are very much in use today in many environments.
  • context awareness has been introduced into the field of endpoint security control.
  • Functional examples of context awareness capabilities on the market today include: if a named application is not running or is not of a specified minimum version, access to network connectivity or certain applications will be restricted or blocked altogether; if a user is in location X (as determined by an assigned IP address, reachability of a network host, or some other method of automated location determination), the user is permitted outbound access using application X and Y to network servers on subnet Z, however if the user is in location Y (alternatively an unknown location), the user is permitted outbound access using application X and W to network servers on subnet V.
  • access to a resource in the first case an application, in the second case the network and communications protocols
  • access privilege is conditional on the current state of the endpoint (in the first case a certain application running, in the second case the current location).
  • these solutions are limited in that they are only able to assess a limited set of inputs and affect a narrow set of access privileges.
  • the decision is rarely revisited over the life of the user's connection or access session, i.e. they could come out of compliance subsequent to granting of access and will still retain access.
  • Today's access control solutions still lack significant functions and capabilities. As one example, they lack the ability to form context-based access control decisions using as decision inputs state information provided by point solutions that are not context aware. Further lacking is the ability to collect endpoint state information from multiple point solutions, collect endpoint state information from the environment itself (e.g. information obtained from the operating system), and integrate the collected information to form a higher-level holistic and intelligent view of the overall endpoint state.
  • one exemplary method comprising: the computing system running software subject to at least one security vulnerability; establishing a policy based on the status of the at least one security vulnerability including at least one rule and an analysis method for determining compliance with the rule; receiving information relating to the status of the at least one security vulnerability of the software program; processing the information relating to the status using the analysis method; determining, based on the processing, the compliance of the at least one security vulnerability in relation to the rule; and controlling, based on the determining, the operation of the computing system.
  • an exemplary method comprising: identifying within at least one of the endpoint and host systems a plurality of conditions, each condition having a state; operating on at least one of the host computing system and the endpoint computing system a software program subject to at least one security vulnerability; establishing a policy based on the status of the at least one security vulnerability and the state of each of the plurality of conditions, the policy including at least one rule and an analysis method for determining compliance with the rule; receiving information relating to the status of the at least one known security vulnerability of the software program; receiving information relating to the state of each of the plurality of conditions; processing the information relating to the status of the at least one known security vulnerability and the state of each of the plurality of conditions using the analysis method; determining, based on the processing, the compliance of the at least one security vulnerability and the plurality of conditions with the rule; and controlling, based on the determining, access of the
  • an exemplary method comprising: collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system; collecting a status of a known security vulnerability for a software program operating on at least one of the host computing system and the endpoint computing system; identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule; processing, using the analysis method, the state of each of the plurality of conditions and the status of the known security vulnerability; determining, based upon the processing, if the conditions and the known security vulnerability are in compliance with the rule; and generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource.
  • an exemplary method comprising: identifying a plurality of conditions in at least one of the endpoint computing system and the host computing system, each of the plurality of conditions including an associated state, at least one of the plurality of conditions relating to a risk of a known security vulnerability; and developing a policy for determining the access of the endpoint computing system to the resource, the policy including a rule and at least one analysis method for processing the states of the plurality of conditions to determine if the plurality of conditions are in compliance with the rule.
  • FIG. 1 is a block diagram showing features of a security compliance system in accordance with one embodiment of the present invention
  • FIG. 2 is a flow chart showing a process for managing security compliance in accordance with an embodiment of the invention
  • FIG. 3 is a functional block diagram showing the interaction of agents, managers, monitors and compliance engine in a security compliance system
  • FIG. 4 is a flow chart showing the flow of information between agents, managers, monitors, and the policy management system
  • FIG. 5 is a block diagram showing an alternate embodiment of the invention wherein various components of the policy management system are incorporated with in the other computing systems;
  • FIG. 6 is a flow chart showing a process for integrating known security risks into a compliance system.
  • FIG. 7 is a flow chart showing the operation of the analysis engine to analyze agent data and develop a compliance policy.
  • the present invention provides new and improved methods and systems for flexibly monitoring, evaluating, and initiating actions to enforce security compliance policies.
  • benefits and advantages of the present invention include:
  • a system 100 including a host system 102 , an endpoint system 104 , and a policy management system 106 .
  • host system 102 comprises a secure, access-controlled processing system where-to remote systems such as endpoint system 104 connect to access data, processing capacity and host-accessible resources.
  • Policy management system 106 provides rules and policies concerning the connection of remote endpoint systems 104 to host system 102 .
  • Host system 102 , endpoint system 104 , and policy management system 106 are interconnected to communicate through a conventional electronic network 108 , such as the Internet.
  • host system 102 the system is seen to include, in a conventional manner, a processor and user & communications interface 102 A, as well as conventional storage components 102 B, operating systems and software (typically contained in storage and operated by the processor) and other conventional components.
  • resources indicated at 102 G, accessible directly or indirectly through the host, including, for example: user data, user applications, physical ports, data storage devices, dial adaptors, network interfaces, and other resources as will be apparent to the reader.
  • a plurality of conditions 102 F are monitored by agents 102 E, the agents collecting and transmitting information to agent managers 102 D for aggregation by agent monitor 102 F.
  • Host 102 may comprise, for example, a processing system of the type typically owned, managed and/or operated by a business to support the operation of its employees. It may comprise a server, enterprise system, personal computer, laptop, personal digital assistant, mobile communications device such as a ‘smart’ telephone, or any other type of remotely accessible system. In a conventional manner, host system 102 may include conventional security features for controlling access to the data and resources thereon.
  • Host system 102 may be consolidated at a single location or comprise a plurality of systems dispersed over multiple locations.
  • endpoint system 104 comprises any processing system capable of interconnecting with host system 102 , for example: a laptop computer, personal computer, server system, enterprise system, personal digital assistant, cellular telephone, ‘smart’ telephone or other personal device, or any other processing system capable of remotely accessing host system 102 for the purpose of accessing the resources available there on.
  • Endpoint system 104 is seen to include, in a conventional manner, a processor and user & communications interface 104 A, as well as conventional storage components 104 B, operating systems and software (typically contained in storage and operated by the processor) and other conventional components.
  • Further contained within host 104 are a plurality of conditions 104 F. These conditions are monitored by agents 104 E, the agents collecting and transmitting information to agent managers 104 D for aggregation by agent monitor 104 F. The various conditions, as well as the agent functions, are described in detail herein below.
  • the system comprises a conventional processing system, for example a server computer, enterprise computer, personal computer or a notebook computer. Accordingly, the system is seen to include, in a conventional manner, a processor and user & communications interface 106 A, as well as conventional storage components 106 B, operating systems and software (typically contained in storage and operated by the processor) and other conventional components.
  • policy management system 106 is seen to include a compliance analysis engine 106 C as well as various policy information stored within storage system 106 B.
  • compliance analysis engine 106 C typically comprising software in data store 106 B running on hardware 106 A, functions to receive system condition information and process that condition information in accordance with the security policies, such as are stored within data storage 106 B, in order to generate security rules.
  • Analysis engine 106 C can comprise a portion of the capacity of processor 106 A and/or one or more dedicated and/or shared separate processor(s).
  • the policy data stored within data store 106 B can contain multiple sets of policy data for use by different endpoint systems 104 , for use by different host systems 102 and for use by the policy management system 106 itself.
  • policy management system 106 may be contained i) within endpoint system 104 , ii) within host system 102 , iii) as a stand-alone network device otherwise connected to network 108 , and/or iv) distributed in various combinations of the foregoing. See, for example, FIG. 5 wherein a compliance analysis engine 106 C is shown in each of endpoint systems 104 (engine 106 C′) and host system 102 (engine 106 C′′).
  • policy management system 106 may be performed by the existing components of the endpoint and host systems, or otherwise duplicated, replicated, or omitted within those systems as required to perform the appropriate functions as described herein. Further, as used here in, references to the policy management system includes where appropriate only those components and functions necessary to perform the described functions.
  • host system 102 is used to control access to a network, for example a private network.
  • host 102 comprises a gateway or other type of access control system to a network such as a private network.
  • host 102 functions to make compliance and access assessments in accordance with the present invention, and forwards the results of such assessments to another access controller.
  • the present invention is used to control access by an endpoint such as endpoint system 104 , to a network, limiting or permitting endpoint system 104 to access specific network resources based on its current level of compliance.
  • FIG. 2 there is shown a process 200 in accordance with the present invention for controlling the access of a user such as endpoint system to a computing resource.
  • the present invention may be used to control access between different systems such as an endpoint system and a host system, or within a system, such as to particular resources available within the system.
  • agents operate to determine the status of particular conditions in a system, as described herein the host system 102 and endpoint system 104 . It will be understood by the reader that the invention is equally applicable to controlling access to resources within a single system as to between systems. For purposes of explanation, the invention will be described with respect to controlling the access of endpoint system 104 to host system 102 . However, as described above, the invention is equally applicable to controlling access within host system 102 and/or endpoint system 104 , as well as other computing systems.
  • an “agent manager” operates to control the function of as well as to aggregate data collected by the various agents.
  • An “agent monitor” functions to aggregate the data collected by various agent managers.
  • the various agents, managers and monitors can be implemented in hardware, software, and/or combinations thereof.
  • step 202 Considering first the selection of conditions to monitor within endpoint 104 (step 202 ), there are many different data sources and data elements that can be examined to assess the state of the endpoint, form compliance assessments, and ultimately make policy-based access control decisions regarding local and remote computing resources.
  • Individual configuration data elements such as antivirus heuristics scanning status, and state data elements such as ‘is antivirus currently operating’, can be obtained by establishing an interface to an agent specifically designed to collect and report that piece of information.
  • Such configuration states and data elements are indicated in the drawing FIG. 1 as conditions 104 F.
  • the agents 104 E can comprise a component of the endpoint system or an external service provided by third party software.
  • the endpoint system includes one or more agent managers 104 D. These agent managers collect state information from individual agents 104 E or the general computing environment, including the operating system version, registry settings, and others as will now be apparent to the reader.
  • An agent monitor 104 C functions to collect and process information from the various agent managers 104 D, in the manner described below.
  • a given inspection agent may provide a granular or broad means to indirectly assess configuration state and data elements and may provide numerous pieces of state configuration and state information to the endpoint's agent managers 104 D. For example the response to a query regarding the state of a configuration setting might simply be true or false, whereas the response to a query regarding what viruses are currently being monitored for could be an enumerated list of thousands of virus names.
  • Agents running on endpoint 104 and performing related or similar functions can generally be grouped into categories. For example, an antivirus client/agent, an anti-spyware agent, a content filtering agent and an applications white-list agent can be grouped into a ‘security agent’ category.
  • endpoint 104 is configured so as to be able to add, modify, or remove agents on a per user basis and to further customize or adapt a given configuration of the endpoint's software components over time.
  • Illustrative conditions 104 F that are available and may be used for assessing endpoint state information are as follows. Note that not all of these conditions will be needed at any one point in time, i.e. when different system events occur, different pieces of endpoint state information become relevant. It will be understood that different items of interest may be monitored at different times, and different users will have different items they are interested in monitoring.
  • User state information includes:
  • Authentication state information includes:
  • Endpoint hardware Information includes:
  • Endpoint Operating System Information includes:
  • Operating System Services Information includes:
  • Network Services Information includes:
  • Number of requests to a given IP address or address rangeFile System Information includes:
  • Application Information includes:
  • Application-Specific Information includes:
  • Data Information includes:
  • Data Backup Information includes:
  • Antivirus Agent Information includes:
  • Personal Firewall Agent Information includes:
  • VPN Client Information includes:
  • Anti-Spyware Agent Information includes:
  • Data Encryption Agent Information includes:
  • Content Filtering Agent Information includes:
  • Asset Management Agent Information includes:
  • Location Information includes:
  • Time-Based Information includes:
  • Wireless Connection Information includes:
  • Available Connection Information includes:
  • Active connection information includes:
  • the various agents 104 E and agent managers 104 D and agent monitor(s) 104 C are identified and configured for monitoring those various conditions (step 204 ).
  • an agent manager 104 D may be configured to query a vendor-specific API exposed by a third party antivirus agent, may be configured to query an operating system service periodically to determine if the endpoint has an active network interface and if so, the IP address of that interface, etc.
  • Multiple managers 104 D may be separately configured to monitor multiple agents 104 E and multiple monitors 104 C configured to aggregate manager data.
  • agent managers are configured to monitor the conditions of interest such as one or more of those described above.
  • Agents can be free standing external software applications, system services provided by the operating system or dedicated, special-purpose monitoring processes that are part of the monitored system itself. Agents can monitor both software activity and hardware activity. A typical method for monitoring hardware information is through the use of hardware device drivers and other similar operating system services. Examples of freestanding agents are antivirus client, personal firewall, anti-spyware, anti-phishing agents, data backup agents, etc. Agent monitor 104 C can comprise software, hardware and/or a combination thereof, and is functional to collect or aggregate the input from the various agents, through the agent managers, and communicate that data for processing as described herein.
  • FIG. 3 there is illustrated diagrammatically an exemplary series of agents 104 E connected to monitor exemplary endpoint conditions 104 F such as those listed above.
  • the agent monitors 104 C perform overall endpoint monitoring through the use of individual agent mangers 104 D, each of which monitors one or more specific agents 104 E, the individual agent managers 104 D aggregated by an agent management service 104 D′.
  • agent management service 104 D′ As previously mentioned, different configurations and policies will require the use of different individual agent managers and different specific agents.
  • FIG. 3 is the communication of the agent data to the compliance analysis engine 106 C for processing in accordance with the methods described herein below.
  • step 206 subsequent to the identification of the conditions to be monitored and the establishment of the various agents, agent managers and agent monitors as described above, there are next established rules and policies for controlling the access to local resources on the endpoint system 104 or remote host system 102 (step 206 ).
  • Endpoint inspection management policies including:
  • Compliance Engine Management including:
  • Action Management information including:
  • Enumerated State Policies information including:
  • Endpoint Data Storage Device Access Policies information including:
  • the solution provides the ability to add support for additional policies in the future.
  • the invention includes a graphical user interface application accessible through 106 A that allows an administrator to: view available options for endpoint inspection using centralized policy management system 106 , view compliance policies and policy enforcement actions, specify the policies of interest to them, and specify specific values for each policy of interest. All changes made by the administrator are saved to the policy database 106 B and made available for all endpoint systems 104 or host systems 102 in the policy group to which those policy settings apply. Alternatively, this functionality could be included in a graphical user interface application on the endpoint system 104 or a graphical user interface application on the host system 102 , when users or local administrators of those computing devices are responsible for configuring their own policy settings locally.
  • One additional function of the policy management system 106 is the ability to receive and respond to policy update requests from endpoints 104 and hosts 102 .
  • the endpoint system 104 and/or host system 102 are configured via a policy setting to periodically query one or more remote policy database(s) 106 B residing on the policy management system 106 and retrieve updated information about new policies and updated policy settings.
  • the processor then stores this information in a local data repository.
  • the policy management system user interface 106 A can provide a control that allows an administrator to effectively summarize on a sliding scale, e.g. 1-5, High/Medium/Low, 1-100, etc. their desired security posture, or conversely their security posture noncompliance tolerance.
  • a set of data tables in the policy management database maps each setting on this sliding scale to the enablement and/or disablement of specific policies and policy actions, as well as specific compliance thresholds or scores. This greatly simplifies the administrator's task when establishing and configuring policies.
  • a ‘Custom’ or comparable user interface control is also made available that allows an administrator to bypass the summary control and directly access the complete set of granular policy settings.
  • the values in the data tables used to map a summary security level to specific policies and compliance thresholds are of course able to be changed by the database administrator at any time.
  • references to software and software programs to describe a security vulnerability are to be interpreted in their broadest sense, including software such as application programs, operating systems and drivers, combinations of software and hardware and hardware.
  • information that may be published about each vulnerability includes information such as descriptive parameters that describe the hardware or software at risk (e.g. Intel-based hardware running Windows XP Service Pack 2), possible system impacts (e.g. memory buffer overflow, unauthorized remote control of the computer, etc), severity type, severity level, sources of more information, date vulnerability was first reported, etc.
  • descriptive parameters that describe the hardware or software at risk (e.g. Intel-based hardware running Windows XP Service Pack 2)
  • possible system impacts e.g. memory buffer overflow, unauthorized remote control of the computer, etc
  • severity type e.g., severity level
  • sources of more information e.g., date vulnerability was first reported, etc.
  • Vendors often use this information to prioritize their responses to vulnerabilities in their products. Responses typically take the form of customer notifications, often accompanied by specific interim remedial actions to take (e.g. disable a service, shut down a TCP port, etc.) and/or information on currently available patches that can be applied to eliminate the vulnerability.
  • the vendor When there is no current software available to eliminate the vulnerability, the vendor will normally begin scheduling internal activities to develop a solution to the vulnerability and make the solution available to customers and product users as a ‘patch’ or ‘update’. Once this becomes available, customers may receive notification, and/or find notification information on a vendor's web site.
  • IT managers also referred to herein as administrators, access vulnerability information by either receiving a notification from a vendor or industry group, going to the vendor or industry web site and querying the vulnerability database, or by establishing an electronic communications link with the remote database and electronically receiving vulnerability database updates on a periodic basis.
  • IT managers typically use a combination of industry risk assessment and vendor risk assessment information to prioritize which vulnerabilities and patches to focus on first, and to prioritize remediation activities relative to other routine IT operating activities and other IT projects.
  • an exploit window i.e. a window of time in which a security attack that specifically, opportunistically targets that publicized vulnerability can be created and used to probe endpoints to find vulnerable ones that can be attacked.
  • the exploit window the endpoints remain exposed to a security attack unless some temporary securing action is taken to protect the endpoint.
  • Attack exposure may be from the local machine only, from a remote machine, or both, depending on the nature of the vulnerability.
  • the attack may utilize only the new exploit or more commonly utilize a combination of exploits to gain control of the system, gain reliable access to the system, take an action on the local system, or have the local system initiate a communications
  • a vulnerability policy directory including but not limited to the following information: Description of hardware and/or software that is vulnerable, descriptive attributes (e.g. whether it is exploitable locally or remotely, whether it impacts data confidentiality, data integrity or computing resource availability, etc.) specific remedial or corrective actions to take to eliminate the vulnerability (e.g. halt an operating service, block a port, block an application, disable a network interface, etc.), and the vulnerability severity level (e.g. high/medium/low, 4 out of 5, 7.5 out of 10, 65%, etc.).
  • the present invention uses this information in accordance with the process shown and described with respect to FIG. 6 .
  • the present invention is able to provide almost immediate protection for any computing device against vulnerability-specific exploits or security attacks during the period of time between when the security attack is created and used, and when the IT manager or end user has received the software patch from the software vendor and applied that same patch/repair to the computing device.
  • the security risk information is stored on a data repository, for example within policy management system 106 , that is accessible to remote endpoints via communications links, e.g. the Internet (step 602 ).
  • the client software is configured via a policy setting to periodically query one or more remote vulnerability policy database(s) and retrieve updated information about new vulnerabilities and updated information about existing vulnerabilities (step 604 ). The client then stores this information in a local data repository (step 606 ).
  • the client software is configured via policy settings to examine each vulnerability stored in the local data repository on a periodic basis, or whenever a particular system or policy compliance event warrants (step 608 ).
  • the client software can subsequently utilize this information in one or more of several different ways to diminish this security risk (step 610 ), depending on how its policy settings are configured:
  • the client can inspect the one or more vulnerability characteristics present in the collective set of information, such as the access vector, (e.g. is the vulnerability exploitable locally or remotely, does it effect confidentiality, integrity or availability, etc.) and compare that to a policy-defined list of characteristics to be on the lookout for, and corresponding policy-defined actions to take when a vulnerability with the specified characteristic is found:
  • the access vector e.g. is the vulnerability exploitable locally or remotely, does it effect confidentiality, integrity or availability, etc.
  • the various condition data described above is collected by the agent managers through the agents (step 208 ) and then analyzed (step 210 ).
  • FIG. 4 there is shown in block diagram format the functional aspects 400 of collecting agent data from various exemplary agents 104 E, collected through various exemplary agent managers 104 D, aggregated by the agent monitoring service 104 C for processing by analysis engine 106 C, subsequently resulting in one or more actions being taken by various exemplary agents 104 E.
  • the output of analysis engine 106 C is a series of actions to take, block and/or permit, the actions communicated back to the agents through the various managers.
  • the aggregated set of actions is passed to the agent management service as a set of instructions.
  • the agent management service parses the instructions, identifies for each instruction the appropriate individual agent manager 104 D capable of executing the instruction and passes selected instructions to the appropriate agent manager 104 D.
  • the agent manager 104 D passes the instructions to the particular agent 104 E it relies on to take a particular action.
  • the actions taken by the various agents 104 E for example the control system services, system resources, system hardware, system applications and system data, in endpoint system 104 or host system 102 , depend on where the various security functionalities of the invention are installed
  • the data collected from various exemplary agents 104 E and aggregated by the agent monitoring service 104 C can be communicated over a data communications network to the policy management system 106 which can also process the collected data using the compliance analysis engine 106 C.
  • the policy management system 106 can also process the collected data using the compliance analysis engine 106 C.
  • One embodiment (call it embodiment 1) has all data collected at the end point analyzed by a compliance analysis engine residing on the end point, (whether that end point be a laptop or a host system web server).
  • An alternative embodiment has all data collected at the end point analyzed by a compliance analysis engine residing on the policy management server. In this latter embodiment, the question is what happens when the policy management server completes the compliance analysis and determines that some policy violations exist and one or more policy compliance actions must be taken.
  • Embodiment 2A Policy management server sends policy action instructions (block this application, permit that application, etc.) back to end point for execution. Note that a best practice would be to digitally sign the instructions sent to the end point using the policy management server's digital certificate. The end point must validate the digital signature before considering the policy action instructions
  • Embodiment 2B Policy management server sends instructions (block this end point, permit that end point, limit that end point to only host systems residing on the 192.168.10.x subnet, etc.) to a network access control device for execution.
  • Embodiment 2C Policy management server sends instructions (block this end point, permit that end point, limit that end point to only the following applications or application transactions) to a host system for execution.
  • the host system will as a result of these instructions add an Access Control List (ACL) entry to its session management table that subsequently effects what applications or application transactions residing on that host system may be accessed or used by the end point when the end point is requesting services from that host system.
  • ACL Access Control List
  • the policy management server creates a list of permitted host systems, applications, and/or application transactions that the end point is permitted to contact, based on its current degree of compliance. Policy management server then digitally signs the ‘permitted actions list’ and returns the permitted actions list to the end point.
  • end point wants to access a host system
  • the end point presents the digitally signed permitted actions list to the host system.
  • the host validates the policy manager's digital signature on the signed permitted actions list and then creates an ACL that allows the end point to access specific resources (e.g. files, folders, types of transactions) on the host system.
  • An alternative and complementary embodiment is that when packets from the end point have to pass through a network access control device residing between the end point and the host system, the end point must authenticate to the network access control device. As part of the authentication process at the network access control device, the end point must present the digitally signed permitted actions list to the network access control device. The network access control device then validates the policy manager's digital signature on the signed permitted actions list and then creates an ACL that allows the end point to access specific host systems (e.g. a single or range of IP addresses) and/or to use specific communication protocols (e.g. FTP, HTTP, SMTP, etc).
  • specific host systems e.g. a single or range of IP addresses
  • specific communication protocols e.g. FTP, HTTP, SMTP, etc.
  • the policy management system 106 shown connected to the Internet, can be implemented alongside a network access control device, e.g. a router, switch VPN server, etc. or can remotely communicate with the network access control device via a data communications network.
  • the policy management system 106 is able to communicate access permission and/or access restrictions to the network access control device, restricting what host systems 102 the endpoint system 104 is able to access, restricting what endpoint systems 104 are able to access host systems 102 , and/or restricting what remote systems host system 102 is able to access.
  • the policy management system 106 when it has received aggregated information from the agent monitor 104 C on endpoint system 104 is also able to send access instructions to host system 102 identifying what permissions or restrictions should be applied to an endpoint system 104 when endpoint system 104 tries to access host system 102 via the network 108 .
  • this last embodiment does not require the system 104 to have or be running security-related software such as this invention. Rather, the host system 102 can be protected and/or restrict access with respect to any endpoint 104 that tries to communicate with it.
  • Analysis engine 106 C ( FIG. 1 ) contains one or more analytical methods or models and enables the selection of the optimum model or models for a given set of conditions 104 F as determined by the various agents 104 E.
  • a feature and advantage of analysis engine 106 C is its support for multiple models, its extensibility to support future models, and the ability to use multiple different models simultaneously either in parallel or in series while performing compliance analysis of conditions 104 F.
  • the analysis engine analytical model compares current condition information 104 F, policies regarding those conditions 106 B and makes action decisions resulting from those conditions and policies, using one or more analytical models.
  • Analysis engine 106 C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on additional policies that identified permitted and/or denied actions when a noncompliance condition exists.
  • Analytical model selections are based on one or more policy-based configuration settings stored in the policy store 106 B. These policies, or rules, may alternatively and/or additionally be locally stored on the endpoint system 104 and/or host system 102 , accessed by an endpoint system 104 or a host system 102 from a remote policy management system 106 via a data communications network, or a combination of the two. As with all other policies, the policy setting controlling what analytical models are used and when they are used can be dynamically changed at any time by changing the values of the policy settings in accordance with the processes described above.
  • Policy management system 106 is designed to allow analytical models operated by analysis engine 106 C to be added in the future, individually upgraded or modified, or removed.
  • Conventional software distribution methods are used to communicate new or modified analytical models and new versions of the analysis engine 106 C.
  • analysis engine 106 C is also architected to allow the inputs and/or actions associated with a given policy to be modified or customized as required.
  • Conventional software distribution methods are used to communicate new or modified policies or policy values.
  • Policies incorporating combination rules are also supported through the logical combining of multiple individual rules using conventional logic clauses such as AND, OR, NOT, ELSE, IF, WHEN, UNLESS, etc.
  • the analysis engine 106 C is the central and primary destination for all collected or received condition state information collected by the local endpoint system 104 .
  • Some or all condition state information to be collected may be requested by the analysis engine on a periodic basis, requested by the analysis engine as a direct result of a detected event, requested by the analysis engine as a direct result of completed analysis of previously received condition state information, sent to the analysis engine by agents and agent managers on a periodic basis, and/or sent from agents or agent managers to the analysis engine as a direct result of a detected event. This holds true for instances of local analysis of condition state information on the endpoint system 104 as well as remote analysis of condition state information on the policy management system 106 .
  • Capabilities of the analysis engine also include the ability to query the policy data store 106 B ( FIG. 1 ) to collect compliance policies and their associated value(s). This query could occur on a fixed periodic basis or be based on a specified system event, for example system startup, client startup, application start event, network interface event, authentication event, notification of received policy updates, receipt of a specific endpoint data element, receipt of a specific endpoint data element having a specific value, etc.
  • Capabilities of the analysis engine further include the ability to query the policy data store 106 B to collect action policies and their associated value(s). This query occurs whenever needed by the analysis engine.
  • Capabilities of the analysis engine further include the ability to output status and event messages to local processes or remote computers accessible across a network. These messages may be used to trigger the display of a message to a user on the local endpoint system 104 user interface, the display of a message on the policy management system 106 , the updating of status information on an already open display or may be logged to a local or remote data store for use in reports.
  • condition data regarding the status of conditions 104 F are collected through the above described system of agent managers and monitors, and input into analysis engine 106 C through the processor and communications interface 106 A (step 702 ).
  • a compliance assessment process, or algorithm is selected to process the condition data (step 704 ).
  • numeric risk values can be assigned to non-numeric condition state data and numeric weightings applied to numeric values (step 705 ).
  • the effective and appropriate security policy is retrieved from data storage 106 B (step 706 ), the condition data is processed using the selected compliance process (step 708 ), and the results of the processed condition data compared to the compliance policy (step 710 ).
  • the details of this process, including the various algorithms, are described in detail herein below.
  • the policy action rules comprise a number of endpoint states that must be assessed, because there is a desire to be able to manage and change many policy settings using a finite number of data values and because of the number of possible combinations of endpoint states that could warrant invocation of the defined action, a simple rules based approach to processing this information may be unwieldy and not scale well.
  • an algorithmic approach is provided by the present invention. As part of step 706 above, the algorithmic approach involves treating the non-numeric endpoint state information as real time values that are converted to numerical risk weightings, e.g. 1-100.
  • Non-numeric endpoint state information listed above, includes those states not communicated as a number, e.g. is an application running, what level of anti-virus program is running, etc.
  • the policy data store 106 B contains a numeric value to assign to each non-numeric endpoint condition 104 F.
  • the analysis engine 106 C receives endpoint condition state information 104 F from the agent monitors 104 C, the analysis engine 106 C makes one or more queries to the policy data store 106 B for each endpoint condition and retrieves the numeric value to assign to that particular endpoint condition.
  • the process is repeated as needed for each non-numeric endpoint condition data element the analysis engine must convert from a non-numeric value to a numeric weighting. This process may also be repeated as needed for each numeric endpoint condition data element the analysis engine must convert from a raw numeric value to a normalized numeric weighting, e.g. converting the number of calendar days since antivirus was last updated (e.g. 0-365 days) to a normalized value in the e.g. 0-100 range.
  • One analytical model operable by analysis engine 106 C involves treating endpoint condition state information 104 F as a matrix of numeric values where as mentioned above and as implied in each of the subsequent analytical models described herein, the real time state information is converted to numerical values or risk weightings, e.g. 1-100.
  • the standalone and business intelligence rules can be treated as a second matrix where rules are given relative importance ratings.
  • the analysis engine 106 C generates a third matrix as the result.
  • This third matrix contains numerical compliance scores that can be converted to security compliance ratings for different enforcement actions.
  • Each rating can subsequently be compared to a predefined score threshold stored in the policy data store 106 B for each possible enforcement action to determine whether or not to invoke the action. If the derived score is above the threshold, the endpoint is deemed sufficiently (while not necessarily completely) compliant with those particular endpoint configuration policies.
  • the security score thresholds, the input matrix elements, the input matrix security scores and the items to be included in the endpoint inputs list are all data values stored in the policy data store 106 B and as such are configurable and extensible so as to allow tailoring to an individual user's need. Configuration is performed using a user interface 106 A, from which new or revised matrix elements, thresholds, weightings and factors can be created and modified. When implemented in a distributed fashion, changes to these data values made in the policy management system 106 can be distributed to the software agent residing on the endpoint system 104 using conventional software distribution methods. Examples of different matrix analysis methods are shown herein below.
  • One analytical model operable by analysis engine 106 C in accordance with the present invention utilizes descriptive business rules.
  • the rules specify a specific action to take if specified prerequisite conditions are true.
  • different actions will be initiated.
  • the universe of possible actions will expand and evolve over time, as will the tests used to determine whether a given action should be initiated. For example, new operating system services may come available, new categories of security or endpoint management applications may emerge, security point solutions may become integrated, transport technologies will continue to evolve, features of security point solutions will evolve, etc. Additionally, different operational needs will warrant creating new actions and new tests.
  • This analytical model is extensible and allows the addition, removal, tailoring, and/or changing the values of prerequisite conditions or actions for different customers and policy groups. Note that this rules-based analysis may or may not require the assignment of numeric risk scores to non-numeric conditions, depending on the desired rules.
  • Another analytical model operable by analysis engine 106 C in accordance with the present invention utilizes a table of Boolean logic rules.
  • This will be understood to be an extension of the business rules-based model described above, with the inclusion of Boolean logic combinations.
  • the rules specify specific actions to take when specified conditions are true. The universe of possible actions will expand and evolve over time, as will the tests used to determine whether a given action should be initiated. Additionally, different users may prefer different rules, new actions and/or new conditions to determine.
  • This analytical model is extensible both in terms of inputs and actions and allows a user to add, remove, tailor, and/or change the values of inputs and/or actions for different systems.
  • Endpoint state information collected by the agent can be assigned relative importance weightings or quantitative scores, as described above, to develop a composite security ‘score’ for the security dimension or dimensions associated with that endpoint attribute.
  • the score can subsequently be used as a proxy for a numeric endpoint security health metric for a particular aspect of the endpoint's configuration or health.
  • an antivirus agent monitors the endpoint from a virus protection dimension and has certain attributes that must be in place to provide effective antivirus protection. Examples of attributes the antivirus agent must have in order to provide effective end point security and that is desired to be externally assessable state information to the invention includes:
  • Each of these attributes of the antivirus agent can be assigned an absolute score or a relative weighting by a user, based on the relative importance of that particular attribute to that user. For example as is shown in Table 2: TABLE 2 Agent Attribute Points Weight Antivirus agent active and running 60 60% Antivirus agent version current or current minus 15 15% one rev Antivirus agent signature files updated within the last 100 100% 212 days All antivirus scan options enabled 15 15% Total 100 100%
  • Different operators may have different views on the relative importance of these attributes and/or may wish to use different or more granular attributes in their scoring model. For example, a different user may want to replace the version attribute with a real-time file system monitoring enabled attribute or add this as an additional attribute in their scoring model. Similarly, another user may assign more relative importance, hence assign a higher weight or score to how recently the antivirus signature files were updated. Another user might want to assign each of 4 specific configuration settings 5 ‘points’ if the setting is enabled, for a total of 20 possible points when all antivirus scans options of interest to that user are enabled.
  • These attributes may be different for different users depending on the capabilities of their particular endpoint security solution. For example, if a particular commercially available antivirus agent has no configurable options to enable/disable, this attribute would not be relevant and would not be a consideration in the scoring process. In fact, one of the attributes could easily be the specific product being used, if a user has high confidence in 1-2 specific antivirus agents and much lower confidence in other antivirus agents. Support for variability across different end points having different hardware/software configurations is managed using policy settings as previously described.
  • Attributes and weightings can be similarly established for each of the endpoint security agents previously identified.
  • the approach can similarly be adapted to other existing and future endpoint security solutions using this same approach.
  • the total score obtained by querying the agent and/or its externally viewable attributes can be used as a trigger for one or more general or context-specific predefined actions to be taken. For example, assuming the following is the list of actions to be taken if the antivirus agent score does not meet or exceed a threshold of 81 points or 81%:
  • a different operator may wish to take additional or alternative predefined actions, for example:
  • a wide range of alternative system level corrective actions or user notifications are possible and may be more or less appropriate, depending on the situation and the user's needs. More complex conditional actions including IF, THEN, ELSE, AND, OR type logic may also be defined.
  • the corrective actions may vary by agent.
  • the corrective actions when the firewall agent score is below the firewall threshold might be:
  • the corrective actions when the antivirus agent score is below the antivirus threshold might be:
  • an antivirus agent was the single agent under evaluation. Multiple agents can be simultaneously assessed in a similar fashion and the individual agent scores combined in different ways to create a holistic view of the endpoint state from multiple perspectives. For example, a user could define the following agent score combination logic as the basis for determining whether the end point is or is not in compliance:
  • the individual agents of interest would be periodically queried or assessed at a configurable interval, individual agent scores calculated and then this business logic applied to determine if a noncompliance exists and if any predefined corrective, restrictive and/or notification actions (such as those previously defined) are required.
  • the composite score is 79.95 points or 79.95%.
  • the composite score would then be compared to a predefined composite threshold residing as a data value in the policy data store 106 B to determine if any predefined corrective, restrictive and/or notification actions (such as those previously defined) are required.
  • Different users may have different views on the relative importance of individual agents and may wish to use fewer, additional or different agents in their composite scoring model. For example, a different user may want to replace the content filtering agent with a patch management agent in their composite scoring model or add the patch management agent to the above composite scoring model. Similarly, another user may assign more or less relative importance, hence assign a higher or lower relative weight to the personal firewall. Such differences are accommodated by the invention through the use of policy settings and values that specify the agents of interest, the compliance thresholds, the relative weightings and other relevant considerations.
  • composite corrective actions can be defined independently of individual agent corrective actions (e.g. antivirus agent corrective actions, personal firewall corrective actions, etc.) if defined values exist in the policy data store 106 B.
  • the previous composite example can be expanded as follows in Table 6: TABLE 6 Agent Raw score Threshold Relative Adjusted score Agent (points) (points) Weighting (points) Antivirus agent 65 75 15% 9.75 Personal firewall 93 90 70% 65.1 agent Antispyware agent 0 70 100% 0 Content filtering 100 60 5% 5 agent Composite Score 79.95 Composite 75.00 Threshold
  • the overall composite score exceeds the composite threshold, thereby not requiring invocation of previously defined composite corrective actions.
  • the individual score for the antivirus agent is below the antivirus threshold, thus requiring invocation of previously defined agent-specific antivirus corrective actions. Examples of corrective actions were previously defined above.
  • the individual raw scores for antivirus, personal firewall, anti-spyware agent, and content filtering must be fed into the composite scoring software process in order for the composite score to be determined.
  • the composite scoring software routine assumes the individual agent thresholds have been met, (e.g. the antivirus agent score is 75, the personal firewall agent score is 90, the anti-spyware agent score is 70 and the content filtering agent score is 60) unless informed otherwise.
  • the exception when reported is used to update the composite score data set and a revised composite score is calculated. This exception-based approach is also supported by the invention.
  • the methods can be combined when so enabled via a policy setting.
  • the composite scoring software routine assumes that the antivirus agent score is 75 points and assumes the personal firewall agent score is assumed to be 90, unless otherwise notified.
  • the composite scoring software routine makes no assumption regarding the anti-spyware agent score or the content filtering agent score and requires that the antivirus compliance scoring software routine as well as the content filtering compliance scoring software routine both report actual raw compliance scores. Combinations of this type are also supported by the invention.
  • Relative weights regarding the importance of compliance for each attribute can be assigned for each monitored condition.
  • the collection of information can then be represented in tabular form in anticipation of making the data available for matrix algebra or other linear and nonlinear analysis methods.
  • Table 7 shows how one operator has identified 3 data sources of interest, identified 3 attributes of interest, and assigned levels of relative importance to each data source/attribute pairing.
  • These data sources, attributes and values are stored in the policy data store.
  • the policy data store also contains the specific target values or thresholds for each of these attributes, e.g.
  • the desired antivirus agent is product XYZ
  • the maximum age in days of the most recent anti-spyware agent is 30 days
  • the required configuration settings and values for the personal firewall are: no inbound access permitted, outbound access using HTTP protocol permitted, etc.
  • the resulting matrix that represents the current state of the endpoint is as follows: Required Agent From Updated Configuration Approved Vendor Within Settings Data Source Currently Running 21 Days Enabled Total Antivirus agent 80 15 0 95 Personal firewall 60 20 20 100 agent Antispyware 0 25 5 212 agent
  • the determinant derived from assessing the current state of the endpoint can be compared against a minimum threshold defined in the policy data store 106 B that must be met in order for the endpoint to be considered in compliance.
  • the matrix method described above can be further extended by assigning relative weightings to the data sources, treating the resulting values as a row or column vector matrix, and performing matrix multiplication of the data source relative importance matrix and the current state matrix. This allows the evaluation of compliance in a given dimension or attribute across a number of data sources, factoring in the relative compliance importance of the different data sources.
  • the endpoint is out of compliance with regards to currently running security agents and their vendor, in compliance with regards to current configuration settings, and in compliance with regard to configuration settings.
  • scores, thresholds, weightings, etc. may be scaled up or down using a global weighting adjustment or discrete weighting adjustments stored as policy values in the policy data store.
  • situation-specific policy-based adjustments can be made to scores and thresholds for other analytical models that may be added to the policy management system in the future.
  • a user directly connected to the corporate network likely benefits from levels of protection or compliance monitoring systems integrated by the employer into the local network, reducing the criticality that one or more security applications are running or correctly configured on the user's machine. Therefore, an administrator may wish to relax the minimum compliance score required to be able to access the corporate network, or specific computers and/or applications on the corporate network by a number of points.
  • the analysis engine would query the policy data store for the minimum compliance score required to allow a certain system event to occur, determine the user's location (e.g. on the corporate network or not), if on the corporate network determine if the minimum compliance threshold should be adjusted by retrieving the policy value for the on-campus network security adjustment policy, adjust the compliance threshold as necessary, and then finally assess the compliance state of the endpoint using this adjusted threshold.
  • Additional analytical methods supported by policy management system 106 are based on statistical analysis methods. These methods differ from methods previously described herein in that compliance analysis methods described below are based on evaluation of a population sample comprised of multiple data points collected over a period of time, rather than a evaluation of a single collected data point.
  • This value can be passed immediately to the compliance analysis engine upon collection as an indicator of the instant CPU utilization.
  • the sample size is one.
  • the analysis engine 106 C is able to apply these methods to ratings or scores that are derived from inspecting numeric or non-numeric attributes of the endpoint, evaluating their state, comparing the current state with policy values that define numeric weightings or scores for a given state of a given endpoint attribute, and assigning a numeric value to that state.
  • the assigned numeric value then becomes one data sample of a sample population.
  • the analysis engine 106 C is able to utilize statistical analysis methods for assessing compliance against a single, related group or arbitrary group of numeric conditions for the purposes of calculating a central tendency value of raw (i.e. reported directly from one of various exemplary agents 104 E) and/or computed (i.e.
  • the central tendency of a value given a sample population is commonly termed an ‘average’, however that is a general term and there are in fact several statistical analysis methods for calculating the central tendency of a sample population.
  • the analysis engine 106 C does in fact support several methods as described below. The specific method used for calculating the central tendency value of a given data element is selected by the operator. It will be apparent to the reader that the nature of the distribution makes certain methods more or less appropriate or optimal.
  • Specific averaging methods supported by the analysis engine 106 C include the following.
  • the average or mean value is determined by summing the values of the collected samples and then dividing the sum by the number of samples.
  • This calculated average or mean is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • An updated average or mean is passed to the compliance assessment routine at a frequency roughly equivalent to the sampling window size, immediately following calculation of the mean.
  • the average or mean value is determined by summing the values of the collected samples and then dividing the sum by the number of samples.
  • This calculated average or mean is the value passed to the compliance assessment process at the completion of the sampling window and used in subsequent compliance analyses.
  • An updated average or mean is passed to the compliance assessment routine at a frequency roughly equivalent to the sampling interval, immediately following calculation of the moving average over the last X samples.
  • This median value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • This mode value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • the compliance analysis engine will pass the average or mean value to the compliance assessment routine at the completion of the sampling window.
  • This geometric mean value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • the analysis engine performs a calculation of the difference between the two sampled values (or calculated compliance scores), performs a calculation of the difference between the two sampling times (or alternatively uses the policy-defined sampling interval), and divides the value difference by the time difference to obtain a rate, e.g. emails per second, change in CPU temperature per second, number of HTTP requests to a given DNS domain per minute, change in antivirus compliance score per minute, authentication failures per minute, etc.
  • This rate value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • This rate calculation result can also be used by the client to predict the value of the data element (either raw data or calculated score) at a future time. This predicted value can be used in subsequent compliance analysis. It will be understood that rates can be determined from many other sampling processes.
  • the compliance analysis engine performs a calculation of the difference between the two values, performs a calculation of the difference between the two sampling times (or alternatively uses the policy-defined sampling interval), and divides the value difference by the time difference to obtain a rate (e.g. emails per second, change in CPU temperature per second, number of HTTP requests to a given DNS domain per minute, change in antivirus compliance score per minute, authentication failures per minute, etc.
  • a rate e.g. emails per second, change in CPU temperature per second, number of HTTP requests to a given DNS domain per minute, change in antivirus compliance score per minute, authentication failures per minute, etc.
  • the compliance analysis engine repeats this activity at a later time, where the time interval between the first rate sampling window (which collects two samples at a policy-defined sampling interval) and the second rate sampling window (which collects two additional samples at the same policy-defined sampling interval) is defined as an acceleration policy setting in the client policy data store.
  • the compliance analysis engine performs a calculation of the difference between the two rate values, performs a calculation of the difference between the two sampling times (or alternatively uses the policy-defined acceleration sampling interval), and divides the value difference by the time difference to obtain a change in rate per unit time (i.e. just as the physical property acceleration is the measurement of change in velocity per unit time, where velocity itself is the measurement of the change in distance (the raw value being measured) per unit time.
  • This acceleration value is the value passed to the compliance assessment routine at the completion of the acceleration sampling window and used in subsequent compliance analyses.
  • This acceleration calculation result is also able to be used by the client to predict the value of the rate at a future time. This predicted value can be used in subsequent compliance analysis.
  • the compliance analysis engine is able to utilize statistical analysis methods for assessing compliance against a single, related group or arbitrary group of data elements for the purposes of calculating the variability value of raw, computed and/or mapped data element(s), comparing the calculated variability value to corresponding policy values that define compliance value(s) and/or ranges for the data element(s), and making an assessment about compliance of that/those data element(s).
  • a system query e.g. CPU utilization, antivirus agent compliance, etc.
  • the calculated variance is passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • a system query e.g. CPU utilization, antivirus agent compliance, etc.
  • the calculated standard deviation is passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • sample standard deviation is equal to the square root of the sample variance
  • sample mean is determined by summing the values of the collected samples and then dividing the sum by the number of samples.
  • the calculated COV is passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • a system query e.g. CPU utilization, antivirus agent compliance, etc.
  • the number of occurrences of a given value is divided by the number of samples to determine the relative frequency of occurrence of that value. This will normally be expressed as a decimal value or a percentage.
  • the list of values and their frequency of occurrence is then passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. This method is useful in situations where the action policy is triggered based on the relative frequency of occurrences of a specific value or values of a given data element in a sampling window.
  • the compliance analysis engine then calculates the cumulative frequency distribution of each value by adding the relative frequency of that value to the sum of the relative frequencies of all lesser values.
  • the list of values and their cumulative frequency of occurrence is then passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • This method is useful in situations where the action policy is triggered when the relative cumulative frequency exceeds a policy-defined threshold. For example, analysis of a sample of 100 transactions of type X concludes for this population sample that 90% of the transactions completed within 3.5 seconds. This result is compared to a predefined policy in the policy data store that specifies that 90% of type X transactions must complete within 4 seconds to determine whether or not a condition exists that warrants taking a policy-defined action on the endpoint.
  • an administrator may measure successive values of a data element of interest a large number of times in either a controlled or typical endpoint environment to determine the distribution type, mean, variance and standard deviation of the values of that data element.
  • an administrator may define a target mean and standard deviation he believes reasonably describes the distribution of the values of the data element of interest.
  • a policy can be enabled in the compliance analysis engine that causes the compliance analysis engine to monitor a particular data element for a period of time until a sufficiently large sample to accurately represent the population of possible data values is collected, and then calculate a mean and standard deviation for the very large sample.
  • These values also can be stored in the client policy data store as target policy values that represent the steady state behavior of that particular data element.
  • the monitoring and data collection activity performed by the client can be started or stopped at any time using policy settings or commands issued to the client.
  • the calculated properties e.g. mean, standard deviation, etc
  • These values can further be used to calculate the probability of a sample event having a value greater than a specified policy value, less than a specified policy value, or within a specified range of policy values.
  • This capability is supported in the client by transforming the sample value into a normal random variable with mean equal to zero and a variance of one. This transformation is done by subtracting the population mean specified value and dividing the result by the population standard deviation.
  • the client includes a standard normal distribution data table in its local data store for looking up the probability of a given value or range of values of this transformed or normalized random variable.
  • the compliance analysis engine also allows an administrator to specify a mean and/or variance threshold relative to the population's mean and/or variance for a given value of a given data element or group of data elements.
  • the mean, variance and/or standard deviation of the sample can be calculated using standard methods such as those previously described.
  • the calculated properties of the sample e.g.
  • the compliance assessment routine is then passed to the compliance assessment routine at the completion of the sampling window and compared by the compliance analysis engine to the policy-defined values that describe the population and that were previously defined by the administrator or calculated by the client.
  • This method is useful in situations where the action policy is triggered when the properties of a sample, e.g. the mean or standard deviation, exceeds a policy-defined threshold. For example, the client locally observes a population sample of 100,000 events of a particular type, calculates the mean and the standard
  • an administrator may define target coefficients he believes reasonably describes the fitted relationship of the values of the data pair of interest. These values are stored in the client policy data store as policy values such that they can be changed in the future as needed.
  • a mathematical analysis is performed to calculate the actual regression coefficients of the sample. The calculated coefficients of the sample are then passed to the compliance assessment routine and compared by the client to the policy-defined values. A compliance assessment is subsequently made.
  • the policy-defined coefficients are combined with the sampled value of the independent variable (x) to determine an estimated value of the dependent variable (y).
  • the actual value of the dependent variable (y) is then compared to the estimated value of the dependent variable (y). If the actual value differs from the estimated value by more than a specified, policy-defined difference (positive, negative and/or absolute magnitude), a policy violation is deemed to have occurred.
  • the actual regression coefficients of the sample are used to predict the value of the dependent variable given a value of the independent variable.
  • the predicted value of the dependent variable can then be used as a dynamically derived policy value. Should the specified value of the independent variable occur in the future, the actual value of the dependent variable at that time is compared by the compliance analysis engine with the dynamically derived policy value. If the actual value differs from the predicted value by more than a specified, policy-defined difference (positive, negative and/or absolute magnitude), a policy violation is deemed to have occurred.
  • a filter in this context is a piece of purpose-built software that analyzes a particular data set, applies a threshold function of some type to that data set, and extracts only information of interest. Filtering in this context therefore is the act of extracting interesting data by applying a threshold against individual data points within a data set. Examples of the types of data the client can collect and policy-based thresholds the client can evaluate were previously described above.
  • the compliance analysis engine supports several different filtering approaches and is extensible to support future additional filtering approaches as well.
  • One supported filtering method previously described involves by collecting a specific type of data from the environment, comparing the data point against policy-defined thresholds, and taking a policy-based action when a compliance threshold is exceeded.
  • the compliance analysis module assumes a particular aspect of the endpoint is in compliance unless otherwise notified by the data collection module.
  • the filtering method continuously collects a specific type of data from the environment and performs a comparison of that single point of data against the policy-defined threshold for that single point of data. Only when a compliance violation is detected, is the data, or alternatively a descriptive message identifying the compliance violation, passed to an alternate compliance analysis engine responsible for combining the results of assessments of individual data points, i.e. performing a holistic compliance assessment.
  • the overall compliance analysis module assumes complete compliance with respect to any given data element unless it is informed otherwise. This is commonly referred to as an exception-based notification system. It is an advantageous approach as the software routine responsible for determining overall assessment has to process less data and thus can more quickly reach decisions with respect to required policy enforcement actions.
  • the filter is set to pass interesting information and filter noise by setting the filtering level appropriately.
  • the state of the antivirus agent and a review of policy settings might result in an antivirus compliance score of 65 points or 65%. Rather than treat this as a single data point and form an immediate compliance assessment, it might be preferable to sample the antivirus agent state information at a periodic interval for a period of time, where both the sampling interval and sampling window are policy-defined values, calculate the compliance score at each sampling, and treat the collection of compliance scores as a population sample.
  • Such capabilities are supported by the policy management system. While this example cites the translation of antivirus agent state information into an antivirus compliance score, translation of other endpoint state information such as those data elements previously identified herein into compliance scores is also supported by the present invention. Collection of population samples of numeric compliance scores for other pieces of endpoint state information is likewise supported by the present invention.
  • the real time compliance assessment at a given point was as follows: Raw Agent score Threshold Relative Adjusted score Sensor (points) (points) Weighting (points) Antivirus agent 65 75 15% 9.75 Personal firewall agent 93 90 70% 65.1 Antispyware agent 0 70 100% 0 Content filtering agent 100 60 5% 5 Composite Score 79.95 Composite Threshold 75.00
  • the policy management system is able to use statistical and other analysis methods to calculate one or more raw score inputs into this composite score.
  • the policy management system is also able to use statistical analysis methods cited above, including but not limited to mean, median, mode, moving average and geometric mean to calculate a composite score by applying a statistical analysis method to a population sample of individual composite scores calculated at different times. Sampling intervals and sample count are controlled via policy settings.
  • the policy management system is able to perform this function using all of the statistical analysis methods previously described.
  • the client is able to perform this function for all monitored data elements and all composite scoring functions.
  • the instant CPU utilization, the average CPU utilization, or moving average CPU utilization can be reported every time the value is determined, or only reported when it exceeds a policy defined threshold.
  • the instant CPU utilization, average CPU utilization, moving average, etc. are distinctly different data elements, however the different data elements can be used simultaneously for different compliance evaluation purposes, i.e. collection and usage of instant CPU utilization and average CPU utilization are not mutually exclusive.
  • one compliance evaluation method may require the instant CPU utilization value in order to perform a compliance evaluation
  • a different compliance evaluation method may simultaneously require the average CPU utilization in order to perform a compliance evaluation.
  • the present invention supports the ability to use these different measurement methods for different compliance tests using the same data source simultaneously.
  • the present invention further supports this simultaneous use capability for all other supported monitored data sources as well, including both numeric sources and non-numeric sources that are converted to numeric values or scores.
  • average, mode, moving average, coefficient of variation, standard deviation, etc. are different analysis methods supported by the policy management system. It will be understood that the policy management system provides the ability to use logical combinations (e.g. AND, OR, ELSE, IF, THEN, NOT, etc.) of different compliance measurement methods for performing compliance evaluation of the same data element or group of data elements simultaneously. Examples of policy-driven capabilities of the policy management system include:
  • the policy management system supports this simultaneous use capability for all other supported monitored data elements as well, including both numeric sources and non-numeric sources that are mapped to numeric values or scores.
  • the business rules method cited previously could be used for compliance monitoring and enforcement with regards to physical ports on the endpoint, such as USB ports, serial ports, printer ports, IR or RF communication ports, etc.
  • the Boolean rules method cited previously could be used for compliance monitoring and enforcement with regards to permitted applications
  • a matrix algebra method could simultaneously be used for compliance monitoring and enforcement with regards to network connectivity or VPN tunnel establishment.
  • Other combinations are of course possible as well. These combinations are considered in accordance with one of the above-described methods, for example in Boolean combinations or as otherwise described herein. Such combinations are also supported by the policy management system.
  • condition data relating to monitored items e.g. CPU utilization, antivirus compliance score, security agents composite compliance score, etc.
  • the policy management system provides the ability to support this very capability through the use of policy settings where these parameters can be specified and configured.
  • step 212 when policy violations are detected it may be desired to take one or more discrete actions to either bring the endpoint into compliance, prevent harm from coming to the local and/or remote computers, restrict user actions, or perform any number of different actions.
  • Examples of discrete actions which may be initiated by policy management system 106 , and executed by host system 102 , and endpoint system 104 include those set out below.
  • the solution is extensible to allow additional actions to be added in the future and configurable to allow different groups to customize different actions to best meet their needs. It will be understood that that the process of managing the endpoint and host operations repeats as frequently as necessary (step 214 ). As noted herein above, it may be desirable to repeat the steps, including the collection of data, analysis of data, and the management of the systems, multiple times during a single connection session.
  • policies actions are selected based upon the above-described comparison of the state of the conditions 14 F in comparison to the compliance rules in data store 16 B, and specify actions to permit, prevent or automatically initiate on the endpoint.
  • Policy actions may be endpoint actions allowed to take place because the endpoint system 104 is in compliance with security policies, actions to take to partially or wholly restrict access to endpoint resources because the endpoint system 104 is not in compliance with security policies, or a combination thereof.
  • the invention may log event information locally in the policy data store and/or create and transmit event and state information across a data communications network to a remote policy management system 106 or a remote computer for logging, operator notification, transaction triggering, reporting, or other administrative purposes.
  • FIG. 4 in particular illustrates the notion of endpoint agent closed loop control feedback as a central part of the invention where endpoint policy actions taken may be targeted to a one or more specific endpoint agents 104 E as a direct result of endpoint condition information 104 F obtained from that endpoint agent 104 E and other various exemplary agents.
  • the antivirus agent may be queried for its current state. That information may then be combined with other information from other endpoint agents and analyzed by the analysis engine 106 C to determine if any noncompliance conditions exist. If so, the invention may direct the antivirus agent to take specific actions, change internal configuration settings, etc. to bring the endpoint back into compliance or to block or permit certain system or operator activities.
  • the analysis engine 106 C determines what actions to initiate (step 212 ).
  • the analysis engine 106 C and it's operative models and algorithms provide the ability to proactively take an exhaustive and extensible list of permissive, corrective or restrictive actions.
  • the actions can be taken immediately, scheduled to occur at some future point in time, upon completion of some predefined system event, or as a prerequisite to some predefined system event.
  • the actions when taken can also be logged by the agent and made available to a central management reporting console. Also, the actions may result in notifications or alerts being displayed to the end user, and/or uploaded to a central management reporting console.
  • analysis engine can initiate the following actions:
  • a central management user interface 106 A on the policy management system 106 is used to configure policies that are then saved to a central policy data store 106 B.
  • the policies are synchronized or replicated to local policy databases residing in the endpoint system 104 , for example in data store 104 B, on a periodic basis when the endpoint system 104 checks in with the policy management system 106 to see if updates are available.
  • An analysis engine, performing generally the same functions as engine 106 C, residing on the endpoint system 104 is responsible for enforcing all compliance policies on the endpoint system 104 in accordance with policies received from the policy management system 106 .
  • This implementation is representative of a corporate-type offering or a managed services-type offering as might be provided by a service provider firm, where the endpoint system user is different from the endpoint system administrator or invention administrator roles.
  • an exemplary distribution of invention components across different systems is as follows:
  • conditions information, compliance violations and policy enforcement actions can be logged locally on the endpoint system 104 and/or uploaded to any remote computer over a data communications network for centralized management reporting purposes. Data received from multiple endpoint systems 104 can also be aggregated for additional management reports. Information logged locally on the endpoint system 104 can also be viewed locally on the endpoint system by an operator of that system.
  • a central management user interface 106 A on the policy management system 106 is used to configure policies that are then saved to a central policy data store 106 B.
  • the policies are synchronized or replicated to a local policy database residing on the host system 102 , for example in data store 102 B, on a periodic basis when the host system 102 checks in with the policy management system 106 to see if updates are available.
  • An analysis engine residing on the host system 102 performing generally the same functions as described with respect to engine 106 B, is responsible for enforcing all compliance policies on the host system 102 in accordance with policies received from the policy management system 106 .
  • This implementation is representative of a client-server type application environment where client applications (e.g.
  • endpoint systems 104 initiate communication sessions with server applications (e.g. web server, database management system, etc.) residing on host system 102 to upload and/or download application-specific data.
  • server applications e.g. web server, database management system, etc.
  • host system 102 it is important to ensure the host system 102 is protected at all times so that the host system 102 can not be compromised by a rogue endpoint system 104 , or so that the host system 102 is prevented from sending malicious data or software code to endpoint system 104 .
  • an exemplary distribution of invention components across different systems is as follows:
  • conditions information, compliance violations and policy enforcement actions can be logged locally on the host system 102 and/or uploaded to any remote computer over a data communications network for centralized management reporting purposes. Data received from multiple host systems 102 can also be aggregated for additional management reports. Information logged locally on the host system 102 can also be viewed locally on the endpoint system by an operator of that system.
  • a policy management system 106 is used to configure compliance policies that are then saved to a policy data store 106 B.
  • Policies are also defined that identify what conditions 104 F should be monitored by the agent monitoring components 104 D, E residing on endpoint system 104 and/or host system 102 . These policies are also stored in the policy data store 106 B. Monitoring policies are subsequently distributed to endpoint system 104 and/or host system 102 periodically.
  • An agent monitoring module residing on the endpoint system 104 performing generally this same functions as described with respect to engine 106 B, collects endpoint condition information 104 F and transmits it to the policy management system 106 where compliance analysis is performed using an analysis engine 106 C.
  • the analysis engine residing on the endpoint system (or equally the analysis engine residing on the host system 102 ) does not perform compliance analysis.
  • the analysis engine 106 B in the policy management system 106 decides what policy enforcement actions are necessary.
  • the policy enforcement decisions are sent from the policy management system 106 to the endpoint system 104 or the host system 104 as appropriate where the local system executes the policy enforcement actions as instructed by the policy management system 106 .
  • an exemplary distribution of invention components across different systems is as follows:
  • a policy management system 106 is used to configure compliance policies that are then saved to a policy data store 106 B.
  • the policy management system 106 can create one set of compliance policies it uses locally in its own analysis engine 106 B and one or more sets of compliance policies it distributes to endpoint systems. Different sets of compliance policies may have the same or different values regarding items monitored, compliance thresholds, analysis methods to use, etc.
  • Policies are also defined that identify what conditions 104 F should be monitored by the agent monitoring components 104 C, D residing on endpoint system 104 and/or host system 102 . These policies are also stored in the policy data store 106 B. Monitoring policies are subsequently distributed to endpoint system 104 and/or host system 102 periodically.
  • An agent monitoring module residing on the endpoint system 104 performing generally the same functions as described with respect to engine 106 C, collects endpoint condition information 104 F and forwards the aggregate data set of endpoint condition information 104 to the local analysis engine residing on the endpoint system.
  • a host system 102 if similarly configured would behave in a similar way.
  • the analysis engine local to the endpoint system collects endpoint state data, performs local compliance analysis and makes local policy action decisions.
  • the local system uploads the information to the policy management system 106 .
  • the analysis engine 106 C residing in the policy management system 106 examines the aggregated set of condition information across multiple or all endpoint systems simultaneously using one or more analytical methods previously described herein, e.g.
  • the policy management system 106 will subsequently identify one or more policy enforcement actions that need to be taken, identify specific endpoint systems 104 , 102 on which those actions need to be taken and send messages to the appropriate endpoint systems containing policy enforcement instructions.
  • the policy management system will also send one or more policy enforcement action instructions to network access control devices such as VPN gateway, router, switch, remote access server, etc.
  • a policy management system 106 is used to configure compliance policies that are then saved to a policy data store 106 B.
  • Policies identify what conditions 104 F should be monitored by the agent monitoring components 104 C, D residing on endpoint system 104 and/or host system 102 .
  • the policy management system is integrated with a network access control function such that user or application data exchanged between endpoint system 104 and host system 102 must pass through the combined policy management system/network access control function.
  • the access control function challenges the endpoint system 104 to provide condition information (i.e. inputs to the endpoint analysis engine) and/or compliance evaluation results (i.e. outputs from the endpoint analysis engine).
  • condition information i.e. inputs to the endpoint analysis engine
  • compliance evaluation results i.e. outputs from the endpoint analysis engine
  • the policy management system 106 evaluates the compliance state of the endpoint system 104 based on information provided by the endpoint system 104 and policy data residing in the policy management system policy data store 106 B. The policy management system 106 then makes one or more access control decisions. Access decisions might result in unrestricted access, total denial of access or partially restricted access (e.g. specific destination IP addresses, address ranges, applications, protocols, etc.) to network resources such as applications residing on host system 102 . The access control decisions made by the policy management system 106 are passed to the access control function. The access control function then automatically configures one or more access control rules for that endpoint system 104 . Thereafter all endpoint system 104 data traffic sent through the access control function is either permitted or blocked in accordance with those access control rules. The access control function periodically issues challenges to the endpoint system 104 over the life of a communications session. The challenge requires the endpoint system 104 to re-submit compliance information in order to be permitted to maintain an active session with the network access function.
  • the access control function
  • policy management system functionality and the access control function are two separate functions, they can be installed together on a shared computing device or alternatively can be installed separately on two different computing devices interconnected by a data communications network.
  • the raw condition information collected by the agent monitor 104 C, the compliance analysis conclusions reached by the analysis engine 106 C, and/or compliance actions identified as necessary by the analysis engine 106 C is available to external security-centric or other software agents running on the same system via the invention's API.
  • the information is also available to remote systems via data communications networks and traditional client-server communication protocols (e.g. HTTP) or peer-to-peer communications protocols. This allows information collected or conclusions created by the invention to be utilized by other software and network access agents as part of their host or network assessment process.
  • the analysis engine 106 C can be configured via policy settings to send a message to an administrator via a conventional data communications network and a commonly available data communications protocol, (e.g. via POP, SMTP, FTP, HTTP, etc.) when a specific policy event occurs, for example a specific noncompliance condition. Additionally, messages can be sent to an administrator when an unrecognized event occurs.
  • a message could be sent from the client to a policy-defined server using email or any other communication method. The server would in term create or forward an email message to a policy defined email address.
  • the email can contain a description of the event and 2 links: One to approve the action and one to deny the action.
  • the present invention applies one or more compliance assessment algorithms to collected system conditions, comparing the results to a security policy to determine if the system is in compliance with a security policy. One or more actions may be taken responsively.
  • the present invention can use one or more of a variety of algorithms to assess large numbers of state conditions, making decisions based upon an essentially infinitely flexible security policy.
  • the invention has commercial application in the field of electronic resource security.

Abstract

Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of U.S. Provisional Application No. 60/752,424 filed Dec. 21, 2005, incorporated herein in its entirety.
  • This application is related to co-pending U.S. patent application No. [attorney docket number: 1291U004US00] Titled: Methods And Systems For Intelligently Controlling Access to Computing Resources, filed on same date herewith, the entirety of which is incorporated herein by reference.
  • FIELD OF THE INVENTION
  • The present invention relates generally to electronic computer security, and more specifically to methods and systems for controlling access to computing resources based on known computing security vulnerabilities.
  • BACKGROUND OF THE INVENTION
  • Electronic communication is becoming the industry standard for business communications. Increasingly, office files, design documents, employee work products, company information, and most other important business information is being created and stored electronically on desktop computers, laptop computers, handheld computing devices (collectively ‘personal computing device’ or ‘computing device’) and company networks. At work, employees access such networks, along with their associated corporate computing resources from their local computing device, on a daily basis in order to perform their jobs. Away from work, employees similarly access such networks and resources, typically through remote connections. Numerous types of electronic connections are ubiquitous in the industry and well known to the reader, for example: dial-up connections, wireless connections, high-speed connections of various types, virtual private network connections, and others.
  • Security of such electronic networks has become a recognized, challenging and growing problem. Inappropriate and/or unauthorized access to such electronic networks, and the computing resources accessible there through, raises the risk of theft, destruction and/or unauthorized modification of valuable data, information and intellectual property. While local, on-site, security can be easily controlled through physical constraints, remote electronic access to such networks and computing resources, typically referred to as endpoint access control, is a more challenging problem.
  • Endpoint access controls have followed an incremental, evolutionary path. Prior to the storage of sensitive data and the recognition of the security issues associated therewith, there were no endpoint access controls. However, security issues such as data theft, unauthorized access, fraud, etc., and the resulting concerns, created an industry-wide demand for security solutions.
  • The first generation of endpoint access control included operating system services that controlled user access to one or more system resources, such as applications, data files, configuration settings, etc. Users were permitted or denied access to these resources based on a variety of factors, such as their login ID (which was authenticated using a secret) and a secured profile of policy settings identifying permissions and/or restrictions. These permissions were generally static in that they were not context sensitive in any other dimension than the user ID. There was no consideration of environmental factors. This static nature of security services embedded into the operating system remains relatively unchanged in many environments, to the present day.
  • In the next step in the evolutionary path of endpoint security control, a series of point solutions were created that address point security concerns by providing point access control capabilities. Examples of these point solutions include: personal firewalls that restrict inbound and/or outbound access to specified applications, ports, addresses and/or communication protocols; antivirus agents, anti-spyware agents and application white-list management agents that monitor, detect and/or restrict access to specific system resources such as memory, registry keys, etc.; software update agents that automatically update an application if it is not a specified version; data encryption agents that encrypt specific files, the complete contents of specific folders, etc.; and physical access control agents that restrict access to floppy drives, USB drives, CD-ROM drives, etc. These security agents are one-dimensional in that they look at a single aspect of the endpoint's security posture and make decisions on that basis. There is no integration of data across these security agents—all of these security solutions operate autonomously and completely independent of each other, with little or no communications between them or awareness of the state of other applications running on the endpoint. As with operating system security services, these point solutions are also static. The business logic and configurations of these point solutions are not context sensitive. They typically apply the same rules regardless of the user ID, user location, time of day, presence or absence of other security applications on the endpoint, configuration and state of other security or management applications on the endpoint, etc. While providing relatively stable and secure access control, such static endpoint controls remain inflexible and not adaptable to user and business needs. They are very much in use today in many environments.
  • In the most recent evolutionary step, context awareness has been introduced into the field of endpoint security control. Functional examples of context awareness capabilities on the market today include: if a named application is not running or is not of a specified minimum version, access to network connectivity or certain applications will be restricted or blocked altogether; if a user is in location X (as determined by an assigned IP address, reachability of a network host, or some other method of automated location determination), the user is permitted outbound access using application X and Y to network servers on subnet Z, however if the user is in location Y (alternatively an unknown location), the user is permitted outbound access using application X and W to network servers on subnet V. In each of these examples, access to a resource (in the first case an application, in the second case the network and communications protocols) is context sensitive in the sense that the access privilege is conditional on the current state of the endpoint (in the first case a certain application running, in the second case the current location). However these solutions are limited in that they are only able to assess a limited set of inputs and affect a narrow set of access privileges. Additionally, once an access privilege has been granted, the decision is rarely revisited over the life of the user's connection or access session, i.e. they could come out of compliance subsequent to granting of access and will still retain access.
  • Today's access control solutions still lack significant functions and capabilities. As one example, they lack the ability to form context-based access control decisions using as decision inputs state information provided by point solutions that are not context aware. Further lacking is the ability to collect endpoint state information from multiple point solutions, collect endpoint state information from the environment itself (e.g. information obtained from the operating system), and integrate the collected information to form a higher-level holistic and intelligent view of the overall endpoint state.
  • Today's solutions further fail to provide extensibility of the endpoint state information integration function so as to enable the collection and integration of endpoint state information from a wide range of existing and future point solutions, applications and the endpoint environment itself. They lack the ability to define and enforce more granular access control permissions and restrictions, including the extensibility of this granular access control function to future access control objectives.
  • Today's endpoint securities solutions do not provide the ability to define conditional, parameter-based business logic with flexible compliance models. They lack the ability to define via configuration settings parameter values for different users and user groups, and further lack the ability to optionally and selectively notify an end user when access control restrictions are being enforced on their endpoint.
  • Further desirable, and lacking, are useful, functional, management reports as well as dynamic, functional and user-friendly access control capabilities.
  • It will thus be seen that today's endpoint security control systems lack many functionalities and capabilities of importance both to hands-on users and their employers.
  • SUMMARY OF THE INVENTION
  • There are provided herein methods and systems for flexibly managing corporate security policies, typically to control access to local or remote computing resources.
  • In one embodiment of the invention there are provided methods and systems for controlling the operation of a computing system in response to a security vulnerability, one exemplary method comprising: the computing system running software subject to at least one security vulnerability; establishing a policy based on the status of the at least one security vulnerability including at least one rule and an analysis method for determining compliance with the rule; receiving information relating to the status of the at least one security vulnerability of the software program; processing the information relating to the status using the analysis method; determining, based on the processing, the compliance of the at least one security vulnerability in relation to the rule; and controlling, based on the determining, the operation of the computing system.
  • In another embodiment of the invention there are provided methods and systems for controlling the access of an endpoint computing system to a host computing system in response to a security vulnerability, an exemplary method comprising: identifying within at least one of the endpoint and host systems a plurality of conditions, each condition having a state; operating on at least one of the host computing system and the endpoint computing system a software program subject to at least one security vulnerability; establishing a policy based on the status of the at least one security vulnerability and the state of each of the plurality of conditions, the policy including at least one rule and an analysis method for determining compliance with the rule; receiving information relating to the status of the at least one known security vulnerability of the software program; receiving information relating to the state of each of the plurality of conditions; processing the information relating to the status of the at least one known security vulnerability and the state of each of the plurality of conditions using the analysis method; determining, based on the processing, the compliance of the at least one security vulnerability and the plurality of conditions with the rule; and controlling, based on the determining, access of the endpoint system to a resource of the host computing system.
  • In another embodiment of the invention there are provided methods and systems for generating signals to control the access of an endpoint computing system to a resource in a host computing system, an exemplary method comprising: collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system; collecting a status of a known security vulnerability for a software program operating on at least one of the host computing system and the endpoint computing system; identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule; processing, using the analysis method, the state of each of the plurality of conditions and the status of the known security vulnerability; determining, based upon the processing, if the conditions and the known security vulnerability are in compliance with the rule; and generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource.
  • In yet another embodiment of the invention there are provided methods and systems for developing a compliance policy to control the access of an endpoint computing system to a resource in a host computing system, an exemplary method comprising: identifying a plurality of conditions in at least one of the endpoint computing system and the host computing system, each of the plurality of conditions including an associated state, at least one of the plurality of conditions relating to a risk of a known security vulnerability; and developing a policy for determining the access of the endpoint computing system to the resource, the policy including a rule and at least one analysis method for processing the states of the plurality of conditions to determine if the plurality of conditions are in compliance with the rule.
  • BRIEF DESCRIPTION OF THE DRAWING FIGURES
  • These and other objects, features and advantages of the present invention will become apparent from a consideration of the following Detailed Description Of The Invention in conjunction with the drawing Figures, in which:
  • FIG. 1 is a block diagram showing features of a security compliance system in accordance with one embodiment of the present invention;
  • FIG. 2 is a flow chart showing a process for managing security compliance in accordance with an embodiment of the invention;
  • FIG. 3, is a functional block diagram showing the interaction of agents, managers, monitors and compliance engine in a security compliance system;
  • FIG. 4 is a flow chart showing the flow of information between agents, managers, monitors, and the policy management system;
  • FIG. 5 is a block diagram showing an alternate embodiment of the invention wherein various components of the policy management system are incorporated with in the other computing systems;
  • FIG. 6 is a flow chart showing a process for integrating known security risks into a compliance system; and
  • FIG. 7 is a flow chart showing the operation of the analysis engine to analyze agent data and develop a compliance policy.
  • DETAILED DESCRIPTION OF THE INVENTION
  • As used here in, examples and illustrations, as well as descriptive terminology such as “exemplary” and “illustrative” and variants thereof, are descriptive and non limiting.
  • For purposes of describing the present invention, the following specification is arranged topically, in accordance with the following topics:
      • Overview
      • Description Of The System
      • Establishing Agents And Managers
      • Establishing Rules And Policies
      • Administrator Policy Configuration
      • Integration With Vulnerability Scoring Systems
      • Analyzing Agent—Collected Condition Data
      • EndPoint Compliance Assessment Algorithms
        • Matrix Analysis Algorithm
        • Business Rules—Based Analytical Model For Policy Enforcement
        • Boolean Table—Based Analytic Model For Policy Enforcement
        • Scoring—Based Analytical Model For Policy Enforcement
        • Individual Agent Score Threshold Analysis And Enforcement
        • Composite Agent Scoring, Threshold Analysis And Enforcement
        • Complementary Individual And Composite Agent Scoring, Threshold Analysis And Enforcement
        • Single Level Versus Multi-Level Agent Scoring, Threshold Analysis And Enforcement
        • Continuous Reporting Versus Exception Reporting Threshold Analysis and Enforcement
        • Matrix Algebra-Based Analytical Model for Policy Enforcement
        • Context-Sensitive Threshold and Weighting Adjustments to Quantitative Analytical Models for Policy Enforcement
        • Statistics-Based Analytical Model for Policy Enforcement
        • Data Summary-Based Statistical Analysis Methods
        • Mean-Based Analysis Method
        • Moving Average-Based Statistical Analysis Method
        • Median-Based Statistical Analysis Method
        • Mode-Based Statistical Analysis Method
        • Geometric Mean-Based Statistical Analysis Method
        • Rate-Based Statistical Analysis Method
        • Acceleration Rate-Based Statistical Analysis Method
        • Variability-Based Statistical Analysis Methods
          • Min-Based, Max-Based and Range-Based Statistical Analysis Method
          • Standard Deviation-Based Statistical Analysis Method
          • Coefficient of Variation-Based Statistical Analysis Method
          • Number of Occurrences-Based Statistical Analysis Method
          • Occurrence Frequency-Based Statistical Analysis Method
          • Cumulative Distribution-Based Statistical Analysis Method
          • Sampling Distribution-Based Statistical Analysis Method
          • Sampling Distribution-Based Statistical Analysis Method
        • Linear Regression-Based Analysis Method
        • Filtering Analysis
        • Application of Methods to All Endpoint State Data Elements
        • Application of Methods to Non-Numeric Endpoint State Information
        • Application of Analytical Methods to Composite Endpoint Compliance Assessments
        • Exception Reporting of Analyses Result
        • Non-Exclusivity of Analyses Methods
        • Combining Analyses Methods
      • Real Time Adjustment of Sampling Frequency
      • Managing Endpoint and Host Operation
      • Communication of Endpoint State Information, Endpoint Compliance Analysis Results And/Or Compliance Actions to a Remote Computer
      • Implementation Method 1—Endpoint system Only
      • Implementation Method 2—Centralized endpoint system policy management
      • Implementation Method 3—Centralized host system policy management
      • Implementation Method 4—Centralized analysis engine and compliance analysis of individual systems
      • Implementation Method 5—Centralized analysis engine and compliance analysis of multiple systems
      • Implementation Method 6—Policy management system as in-band access control mechanism
      • Data Sharing
      • Remote Administrator Notification and Control
        Overview
  • The present invention provides new and improved methods and systems for flexibly monitoring, evaluating, and initiating actions to enforce security compliance policies. As will be seen from a consideration of the detailed description of the invention, provided below, benefits and advantages of the present invention include:
      • The collection of a wide range of endpoint state information. The enumeration of state policies regarding preferred, required and prohibited states.
      • The enumeration of action policies regarding required, permitted and prohibited actions to take when the endpoint is partially or entirely in or out of compliance with state policies.
      • An analysis engine enabling comparing current states, state policies and action policies and reaching decisions on actions to permit, prevent, or automatically initiate.
      • A flexible methodology for assigning numerical values to current state information, state policies and action policies so that a variety of quantitatively-based analysis models can be used to determine security compliance.
      • An enforcement capability that can operate persistently, constantly measuring compliance, with an ability to dynamically adjust access privileges subsequent to an initial granting of privileges.
      • An ability to create and adjust a ‘sliding scale’ having different levels of overall security risk tolerance or conversely an overall minimum security threshold that allows or prevents access to specific hardware, software and/or computing resources depending on the degree of compliance with level-specific security policies and in particular the specific types of noncompliance that exist at each level.
      • A compliance analysis engine that supports use of a range of different analytical methods and models so that optimum models can be invoked and applied, depending on situational factors.
      • The initiation of and controlled access to a wide range of software and hardware actions.
        Description of the System
  • As used here, the terms “illustrative,” “example,” “includes,” and variants thereof are exemplary and not exclusive or otherwise limiting.
  • With reference now to FIG. 1, there is shown there is shown a system 100, including a host system 102, an endpoint system 104, and a policy management system 106. In accordance with the present invention and conventional use, host system 102 comprises a secure, access-controlled processing system where-to remote systems such as endpoint system 104 connect to access data, processing capacity and host-accessible resources. Policy management system 106 provides rules and policies concerning the connection of remote endpoint systems 104 to host system 102. Host system 102, endpoint system 104, and policy management system 106, are interconnected to communicate through a conventional electronic network 108, such as the Internet.
  • Considering in detail host system 102, the system is seen to include, in a conventional manner, a processor and user & communications interface 102A, as well as conventional storage components 102B, operating systems and software (typically contained in storage and operated by the processor) and other conventional components. Further associated with host system 102 are a variety of resources, indicated at 102G, accessible directly or indirectly through the host, including, for example: user data, user applications, physical ports, data storage devices, dial adaptors, network interfaces, and other resources as will be apparent to the reader. Further contained within host 102 are a plurality of conditions 102F. These conditions are monitored by agents 102E, the agents collecting and transmitting information to agent managers 102D for aggregation by agent monitor 102F. The various conditions, as well as the agent functions, are described in detail herein below. Host 102 may comprise, for example, a processing system of the type typically owned, managed and/or operated by a business to support the operation of its employees. It may comprise a server, enterprise system, personal computer, laptop, personal digital assistant, mobile communications device such as a ‘smart’ telephone, or any other type of remotely accessible system. In a conventional manner, host system 102 may include conventional security features for controlling access to the data and resources thereon.
  • Host system 102 may be consolidated at a single location or comprise a plurality of systems dispersed over multiple locations.
  • Continuing with reference to FIG. 1, endpoint system 104 comprises any processing system capable of interconnecting with host system 102, for example: a laptop computer, personal computer, server system, enterprise system, personal digital assistant, cellular telephone, ‘smart’ telephone or other personal device, or any other processing system capable of remotely accessing host system 102 for the purpose of accessing the resources available there on. Endpoint system 104 is seen to include, in a conventional manner, a processor and user & communications interface 104A, as well as conventional storage components 104B, operating systems and software (typically contained in storage and operated by the processor) and other conventional components. Further contained within host 104 are a plurality of conditions 104F. These conditions are monitored by agents 104E, the agents collecting and transmitting information to agent managers 104D for aggregation by agent monitor 104F. The various conditions, as well as the agent functions, are described in detail herein below.
  • Considering now the details of policy management system 106, in the illustrated embodiment, the system comprises a conventional processing system, for example a server computer, enterprise computer, personal computer or a notebook computer. Accordingly, the system is seen to include, in a conventional manner, a processor and user & communications interface 106A, as well as conventional storage components 106B, operating systems and software (typically contained in storage and operated by the processor) and other conventional components. In accordance with the present invention, policy management system 106 is seen to include a compliance analysis engine 106C as well as various policy information stored within storage system 106B. As will be seen from the description below, compliance analysis engine 106C, typically comprising software in data store 106B running on hardware 106A, functions to receive system condition information and process that condition information in accordance with the security policies, such as are stored within data storage 106B, in order to generate security rules. Analysis engine 106C can comprise a portion of the capacity of processor 106A and/or one or more dedicated and/or shared separate processor(s).
  • In accordance with a feature of the present invention, the policy data stored within data store 106B can contain multiple sets of policy data for use by different endpoint systems 104, for use by different host systems 102 and for use by the policy management system 106 itself.
  • In various embodiments as described in further detail below, the functions incorporated and described with respect to policy management system 106 may be contained i) within endpoint system 104, ii) within host system 102, iii) as a stand-alone network device otherwise connected to network 108, and/or iv) distributed in various combinations of the foregoing. See, for example, FIG. 5 wherein a compliance analysis engine 106C is shown in each of endpoint systems 104 (engine 106C′) and host system 102 (engine 106C″). It will be understood that the various other features of policy management system 106 may be performed by the existing components of the endpoint and host systems, or otherwise duplicated, replicated, or omitted within those systems as required to perform the appropriate functions as described herein. Further, as used here in, references to the policy management system includes where appropriate only those components and functions necessary to perform the described functions.
  • In other embodiments of the invention, host system 102 is used to control access to a network, for example a private network. In one such embodiment, host 102 comprises a gateway or other type of access control system to a network such as a private network. In another such embodiment, host 102 functions to make compliance and access assessments in accordance with the present invention, and forwards the results of such assessments to another access controller. In such instances, the present invention is used to control access by an endpoint such as endpoint system 104, to a network, limiting or permitting endpoint system 104 to access specific network resources based on its current level of compliance.
  • As described herein, the various subsystems, agents, processes and managers can be implemented using hardware components, software components and/or combinations thereof.
  • With reference now to FIG. 2, there is shown a process 200 in accordance with the present invention for controlling the access of a user such as endpoint system to a computing resource. As noted above, the present invention may be used to control access between different systems such as an endpoint system and a host system, or within a system, such as to particular resources available within the system.
  • Establishing Agents & Managers
  • As used here in, and generally in accordance with the accepted definition in the art, “agents” operate to determine the status of particular conditions in a system, as described herein the host system 102 and endpoint system 104. It will be understood by the reader that the invention is equally applicable to controlling access to resources within a single system as to between systems. For purposes of explanation, the invention will be described with respect to controlling the access of endpoint system 104 to host system 102. However, as described above, the invention is equally applicable to controlling access within host system 102 and/or endpoint system 104, as well as other computing systems.
  • Again, as is generally in accordance with the accepted definitions in the art, an “agent manager” operates to control the function of as well as to aggregate data collected by the various agents. An “agent monitor” functions to aggregate the data collected by various agent managers. The various agents, managers and monitors can be implemented in hardware, software, and/or combinations thereof.
  • When used to describe the operation of an agent, the terms “state,” “condition” and variants thereof are used synonymously to describe the status of the agent.
  • Considering first the selection of conditions to monitor within endpoint 104 (step 202), there are many different data sources and data elements that can be examined to assess the state of the endpoint, form compliance assessments, and ultimately make policy-based access control decisions regarding local and remote computing resources.
  • Individual configuration data elements such as antivirus heuristics scanning status, and state data elements such as ‘is antivirus currently operating’, can be obtained by establishing an interface to an agent specifically designed to collect and report that piece of information. Such configuration states and data elements are indicated in the drawing FIG. 1 as conditions 104F. The agents 104E can comprise a component of the endpoint system or an external service provided by third party software. The endpoint system includes one or more agent managers 104D. These agent managers collect state information from individual agents 104E or the general computing environment, including the operating system version, registry settings, and others as will now be apparent to the reader. An agent monitor 104C functions to collect and process information from the various agent managers 104D, in the manner described below.
  • A given inspection agent may provide a granular or broad means to indirectly assess configuration state and data elements and may provide numerous pieces of state configuration and state information to the endpoint's agent managers 104D. For example the response to a query regarding the state of a configuration setting might simply be true or false, whereas the response to a query regarding what viruses are currently being monitored for could be an enumerated list of thousands of virus names.
  • Agents running on endpoint 104 and performing related or similar functions can generally be grouped into categories. For example, an antivirus client/agent, an anti-spyware agent, a content filtering agent and an applications white-list agent can be grouped into a ‘security agent’ category.
  • It will be understood by the reader that the universe of monitorable conditions, sources of state information, will expand and evolve over time. For example, new operating system services may come available, new categories of security applications may emerge, security point solutions may become integrated, transport technologies will continue to evolve, transport hardware will evolve, features of security point solutions will evolve, etc. Therefore the present invention contemplates the addition, modification, or removal of agent components as needed over time. Furthermore, different customer needs will warrant monitoring or conversely not warrant monitoring of selected conditions. The present invention is extensible to be able to take advantage of new sources of information as they become commercially available or as customers request support for new or existing products. The agents, managers and policies are also desirably flexible since, depending on the presence or absence of operating system facilities, third party applications, etc. not all condition information may be available simultaneously. Therefore endpoint 104 is configured so as to be able to add, modify, or remove agents on a per user basis and to further customize or adapt a given configuration of the endpoint's software components over time.
  • Illustrative conditions 104F that are available and may be used for assessing endpoint state information are as follows. Note that not all of these conditions will be needed at any one point in time, i.e. when different system events occur, different pieces of endpoint state information become relevant. It will be understood that different items of interest may be monitored at different times, and different users will have different items they are interested in monitoring.
  • User state information includes:
      • User ID, User group(s) membership (e.g. reseller, customer, business unit, division, department, etc.),
      • User role(s)/position (e.g. sales, executive, clerical worker, mobile professional, system administrator, etc.),
      • User workgroup, and
      • User security group.
  • Authentication state information includes:
      • Authentication method (e.g. no authentication, reusable password, one time password, biometrics, smart card, etc.),
      • Authentication source (E.g. local to the machine or to a remote authentication database across a network),
      • Authentication success/failure result, Password strength, Age of password, and Number of successive login failures.
  • Endpoint hardware Information includes:
      • Endpoint hardware owner (public kiosk, user-owned, corporate asset, etc.)
      • Endpoint hostname
      • Hardware configuration and state, such as:
        • CPU type
        • Total system memory
        • Free memory
        • Etc.
      • BIOS:
        • Vendor
        • Version
        • Individual settings
      • Drive mappings
      • Supported pointing devices
      • Enabled and active pointing devices
      • Current power source
      • Battery charge level
      • System temperature
  • Endpoint Operating System Information includes:
      • Base OS version
      • Installed service packs
      • Installed patches
      • State of OS configuration settings (enabled/disabled options, services settings, option settings, etc.)
      • Currently active OS services
      • Default language
      • Installed language packs
  • Operating System Services Information includes:
      • Intra-application and Internet-application copy/paste service (e.g. Microsoft Windows Clipboard)
  • Network Services Information includes:
      • DNS:
        • Current primary and secondary DNS servers
        • Size of DNS cache
        • Number of DNS queries
        • DNS queries serviced by local DNS cache
      • ICMP:
        • ICMP messages transmitted
        • ICMP messages received
      • ARP:
        • Contents of ARP cache
        • Number of ARP requests
        • Number of RARP requests
      • Network protocols enabled
      • IP settings:
        • Current TTL setting for outbound IP packets
        • IP address
        • Default gateway
        • Subnet mask
      • UDP/TCP
        • Window size
      • HTPP:
        • HTTP requests sent
        • HTTP request transmission rate
        • Number of requests to a given host
        • Number of requests to a given domain
  • Number of requests to a given IP address or address rangeFile System Information includes:
      • Read/write status of a named file
      • Access privileges to a named file
      • Access privileges to a named folder or directory.
      • File being deleted
      • File being created
      • File being opened
      • File being overwritten
  • Application Information includes:
      • Installed application information
        • Vendor
        • Version
        • Configuration settings
        • License ID
        • Digital signature
      • Running applications
      • Running processes
      • Current priority level for each running application
      • Application being opened
      • Application being closed
      • Memory consumed by each running application
      • Application update history information
      • Preferred application priority
      • Number of times an application is opened, per hour, per day, per week, per month, etc.
      • Transaction response time for specific application transactions
      • Number of times a specific application transaction occurs
  • Application-Specific Information includes:
      • Email:
        • Version in use
        • Max number of emails per minute
        • Number of emails received and in inbox or other mail folders
        • Email arrival rate
        • Email reception rate
        • Email attachment count
        • Email attachment size
        • Number of recipients in emails sent
      • Web browser:
        • URLs being accessed
  • Data Information includes:
      • Local data being accessed
      • Application accessing the local data
      • Remote data store being accessed
      • Application accessing the remote data
      • Remote data elements be accessed
      • User access privileges for data being accessed
      • Data being copied or saved to a local external storage device (e.g. USB thumb drive)
      • Data being transmitted to, copied to, or saved to a remote location
      • Remote location data being transmitted to
      • Remote location data being retrieved from
      • Specific text strings (including support for wildcards and logical AND/OR/ELSE/NOT combinations) contained in a file, in a document, in an email, in a communications message, etc.
  • Data Backup Information includes:
      • Backup program information
        • Vendor
        • Version
      • Backup configuration settings:
        • Specific data to be backed up (e.g. files, folders, modified documents, tables, records, etc.)
        • Backup type (e.g. incremental, whole)
        • Backup destination
      • Amount or volume of data to be backed up
      • Date of last backup
      • Date of next backup
      • Backup agent state (e.g. active, idle)
  • Antivirus Agent Information includes:
      • Antivirus agent information
        • Vendor
        • Version
        • Signature files version
      • Antivirus-specific configuration settings, (e.g. scan whole system, specific folders, specific files, run scan at startup, run scan every X days, signatures update frequency, etc.)
      • Amount or volume of data to be scanned
      • Date of last update
      • Antivirus scanning state (e.g. active, idle)
  • Personal Firewall Agent Information includes:
      • Personal firewall agent information
        • Vendor
        • Version
      • Personal firewall-specific configuration settings (e.g. user notify, silently discard, event logging, event log uploads, blocking enabled/disabled, etc.)
      • Permitted/Restricted outbound applications, protocols and/or destinations
      • Permitted/Restricted inbound applications, protocols and/or destinations
      • Date of last software update
      • Date of last profile update
      • Personal firewall state (e.g. actively blocking, blocking disabled, etc.)
  • VPN Client Information includes:
      • VPN client program information
        • Vendor
        • Version
      • VPN client-specific configuration settings (e.g. default profile, split tunneling, authentication method, etc.)
      • Date of last software update
      • Date of last profile update
      • VPN tunnel state (e.g. connecting, connected, disconnecting, disconnected)
  • Anti-Spyware Agent Information includes:
      • Anti-spyware agent information
        • Vendor
        • Version
        • Signature files version
      • Anti-spyware-specific configuration settings, (e.g. scan, whole system, specific folders, specific files, run scan at startup, run scan every X days, signatures update frequency, etc.)
      • Date of last update
      • Anti-spyware agent scanning state, (e.g. active, idle)
  • Data Encryption Agent Information includes:
      • Data encryption agent information
        • Vendor
        • Version
      • Data encryption-specific configuration settings
        • Method of user authentication
        • Specific data to be encrypted (e.g. files, folders, modified documents, tables, records, etc.)
        • Encryption type (e.g. AES, digital certificate, TPM chip, etc.)
      • Data encryption agent state, (e.g. active, idle)
  • Content Filtering Agent Information includes:
      • Content filtering agent information
        • Vendor
        • Software version
        • Blocked sites file version
      • Content filtering agent-specific configuration settings
        • Method of filtering (e.g. local list, proxy server)
        • Specific sites or site categories to be filtered
        • Event logging
        • Log upload
      • Content filtering agent state, (e.g. active, idle)
      • Date of last software update
      • Date of last filter list update
      • Local HTTP/HTTPS proxy settings for remote HTTP/HTTPS proxy server
  • Asset Management Agent Information includes:
      • Asset management agent information
        • Vendor
        • Software version
        • Asset reporting profile version
      • Asset management agent-specific configuration settings
        • Information being recorded
        • Log upload destination server
      • Asset management agent state, (e.g. active, idle)
      • Date of last software update
      • Date of last profile update
  • Location Information includes:
      • Geographic location Physical location on the corporate campus
      • Location category:
        • Directly connected to corporate network
        • Home
        • Public wireless location
        • Hotel
        • Approved kiosk
        • Public wired broadband location
      • Remote and connected to corporate network via a VPN
      • Reachability of specific remote hosts or networks
  • Time-Based Information includes:
      • Local time of day
      • Time of day at destination
      • Day of week
      • Day of month
  • Wireless Connection Information includes:
      • Permitted SSIDs
      • Prohibited SSIDs
      • Suspect SSIDs
      • Configuration of current wireless connections, e.g.
        • Bluetooth:
          • Current connection details
          • Permitted connections configuration settings
        • Wi-Fi and other IEEE 802.1 wireless data communication link protocols
          • Current connection details, e.g. ad hoc mode, network node, WEP, WPA, WPA2, 802.1x, key length, etc.
          • Permitted connections configuration settings
  • Available Connection Information includes:
      • Available network connections
      • Specific network devices available (specific adapter or modem in use)
      • Network technologies available (Wi-Fi, wired, mobile data, dial, etc.)
      • Theoretical bandwidth available
      • Cost per minute/cost per megabyte
      • Network service provider
      • Link encryption options
  • Active connection information includes:
      • Specific network device in use
      • Network technology in use
      • Theoretical available bandwidth
      • Current bandwidth
      • Average bytes/sec output
      • Average bytes/sec input
      • Cost per minute/cost per megabyte
      • Network service provider
      • Network printing status
      • Link encryption method
      • Authentication method
      • Network bytes received
      • Network bytes transmitted
  • Subsequent to identifying the various conditions to be monitored within endpoint system 104 (step 202), the various agents 104E and agent managers 104D and agent monitor(s) 104C are identified and configured for monitoring those various conditions (step 204). For example an agent manager 104D may be configured to query a vendor-specific API exposed by a third party antivirus agent, may be configured to query an operating system service periodically to determine if the endpoint has an active network interface and if so, the IP address of that interface, etc. Multiple managers 104D may be separately configured to monitor multiple agents 104E and multiple monitors 104C configured to aggregate manager data. In summary, agent managers are configured to monitor the conditions of interest such as one or more of those described above.
  • Agents can be free standing external software applications, system services provided by the operating system or dedicated, special-purpose monitoring processes that are part of the monitored system itself. Agents can monitor both software activity and hardware activity. A typical method for monitoring hardware information is through the use of hardware device drivers and other similar operating system services. Examples of freestanding agents are antivirus client, personal firewall, anti-spyware, anti-phishing agents, data backup agents, etc. Agent monitor 104C can comprise software, hardware and/or a combination thereof, and is functional to collect or aggregate the input from the various agents, through the agent managers, and communicate that data for processing as described herein.
  • With reference now to FIG. 3, there is illustrated diagrammatically an exemplary series of agents 104E connected to monitor exemplary endpoint conditions 104F such as those listed above. The agent monitors 104C perform overall endpoint monitoring through the use of individual agent mangers 104D, each of which monitors one or more specific agents 104E, the individual agent managers 104D aggregated by an agent management service 104D′. As previously mentioned, different configurations and policies will require the use of different individual agent managers and different specific agents. Further illustrated in FIG. 3 is the communication of the agent data to the compliance analysis engine 106C for processing in accordance with the methods described herein below.
  • Establish Rules & Policies
  • With reference now back to FIG. 2, subsequent to the identification of the conditions to be monitored and the establishment of the various agents, agent managers and agent monitors as described above, there are next established rules and policies for controlling the access to local resources on the endpoint system 104 or remote host system 102 (step 206).
  • The policies established to control access to host system 102 and/or access to local host resources 102G as described above, can specify a number of behavioral options for endpoint system 104. These policies are typically established by the operator of host system 102 or the administrator of endpoint system 104, and stored in the policies storage section 106B of policy management system 106. Configuration policies specify a number of behavioral options for the client. As described here in, configuration policies include both the configurable behaviors of the compliance analysis engine and the security policies of the systems. Configuration policy behaviors supported by the client include:
  • Endpoint inspection management policies, including:
      • Enumerated list of endpoint data categories to monitor or not monitor
      • Enumerated list of sensors within each category to monitor or not monitor
      • Method of monitoring for each sensor (e.g. active polling, or passive receipt of events)
      • Frequency of monitoring for each sensor
      • Enumerated list of data elements to be sampled with the following parameters identified for each sampled:
        • Whether sampling is to occur a regular basis, or whether it is to be initiated as a result of a system event
          • If sampling is to be initiated in response to a system event:
            • The event (e.g. an application being launched, a network connection being established, a user opening a file, a system login event, an application login event, an antivirus agent compliance violation, etc.)
            • If applicable, a threshold value and type (e.g. 5 times a minute when antivirus compliance score is below 75%, email transmission rates above 5 per minute, etc.)
        • Number of samples to collect for a compliance evaluation cycle
        • Sampling interval (if applicable)
        • Acceleration window interval (if applicable)
        • Whether sampling and results reporting method should utilize a successive stop/start windowing method or a sliding window method (e.g. for moving average-type calculations).
      • Enumerated list of data elements to be sampled on a regular or threshold basis, and the corresponding sampling interval
      • Enumerated list of policies and thresholds for which the sampling frequency must be adjusted when a threshold is reached. For each policy one or more of the following parameters must be defined:
        • Threshold value
        • Upper and lower threshold value (for range-based thresholds)
        • Sampling parameters (e.g. count, interval, etc.) when out of range
        • Sampling parameters (e.g. count, interval, etc.) when in range
  • Compliance Engine Management, including:
      • Enumerated list of analytical model(s) to use for different endpoint data elements
        • Business rules
        • Boolean tables
        • Matrix method 1
        • Matrix method 2
        • Mean method
        • Moving average method
        • Variance method
        • Standard deviation method
        • etc.
      • Enumerated list of compliance thresholds for different endpoint data elements:
        • Min value
        • Max value
        • Required range (min and max value)
        • Variance
        • Standard deviation
      • Composite scoring inputs:
        • Mandatory inputs
        • Exception based
        • Combined
          • Enumerated list of items that are mandatory inputs into the composite score
          • Enumerated list of items that are exception inputs into the composite score
      • Composite scoring calculation method:
        • Discrete
        • Time base
          • Sampling interval
          • Number of samples
      • Hostname of remote computer management application to which endpoint information should be sent
      • Type of information to send to management application, e.g. raw collected data, compliance analysis results, compliance actions scheduled to occur, etc.
      • Frequency with which client should query policy management server to look for and retrieve any available policy updates.
  • Action Management information including:
      • Enumerated list of action categories to enforce or not enforce
      • Enumerated list of actions within each action category to enforce or not enforce
  • Enumerated State Policies information including:
      • Endpoint Hardware Configuration Policies
        • Permitted devices types
        • Required device manufacturer
        • Required device version
        • Minimum free hard drive space
        • Required device serial number
        • Required device asset tag
        • Removable storage device permissions
        • Required operating system version
        • Required operating system patches
        • Required operating system configuration settings
        • Permitted operating system configuration settings
  • Endpoint Data Storage Device Access Policies information including:
      • Prerequisites for a named I/O port or storage device to be permitted to be accessed as read only
      • Prerequisites for a named I/O port or storage device to be permitted to be accessed as read/write only
      • Prerequisites for a named I/O port or storage device to be permitted to be accessed as write only
      • Enumerated list of applications permitted to access named I/O ports or storage devices
  • Printer Access Storage Policies
      • Prerequisites for a named printer to be permitted to be used
      • Named applications allowed to access named printers
  • Authentication Policies
      • Password reset age or date
      • Password expiration age or date
      • Required user location to allow password reset activation
      • Permitted authentication methods for system access
      • Permitted users to be logged into this endpoint
  • Application Policies
      • Permitted applications per named user
      • Permitted application versions per named user
      • Permitted applications for a specified endpoint hardware configuration
      • Permitted transactions per named application per named user
      • Prerequisites for a named application to be permitted to run
      • Endpoint state conditions that require a named application to be exited immediately.
      • Applications to automatically uninstall upon detection
      • Applications to automatically uninstall if usage falls below a specified threshold of use (e.g. number of times opened or used per day, per week, per month, etc.)
      • Default OS priority level when running
      • Preferred OS priority level when average CPU utilization exceeds threshold
      • Application priorities when average CPU utilization exceeds threshold
      • Application priorities when instant CPU utilization exceeds threshold
      • Minimum free memory requirements to be permitted to run a specified application
      • Cumulative frequency thresholds for named transactions (e.g. 90% of all new order upload transactions must complete within 5 seconds)
      • Enumerated list of applications to back up.
        • Preconditions/prerequisites for initiating backup, e.g.
          • When user is connected to corporate network via a VPN AND
          • User has a wired broadband connection OR
          • User has a Wi-Fi connection
      • Required operating system patches to run a specific application
      • Required operating system configuration settings to run a specific application
      • Required HTTP/HTTPS proxy settings
  • Data Access Policies
      • Local data permitted to be accessed
      • Local data permitted to be modified
      • Remote data permitted to be accessed
      • Remote data permitted to be modified
      • Local files permitted to be deleted
      • Remote files permitted to be deleted
      • Data permitted to be transmitted to remote locations
      • Remote locations data permitted to be transmitted to; Enumerated for each file, folder and/or file type
      • Required security posture to have read or read/write privileges to specific data
      • Local data permitted to be accessed by authentication method
      • Remote data permitted to be accessed by authentication method
      • Local data permitted to be modified by authentication method
      • Remote data permitted to be modified by authentication method
      • Data permitted to be transmitted to remote locations by authentication method
      • Data permitted to be transmitted to remote locations by link encryption method
  • Data Backup Policies
      • Enumerated list of folders and/or files to back up.
        • Preconditions/prerequisites for initiating backup
          • Example:
            • When user is connected to corporate network via a VPN AND
            • User has a wired broadband connection OR
            • User has a Wi-Fi connection
          • Example:
            • Initiate incremental backup when:
            •  When user authentication fails 3 successive times AND
            •  Wired broadband network connection exists OR Wi-Fi network connection exists
            • Initiate full backup when:
            •  When user authentication fails 3 successive times AND
            •  Network connectivity exists over any transport type
            • Initiate full backup when:
            •  User is connected directly to corporate network OR User is remotely connected to corporate network via a VPN AND
            •  User authentication fails OR User access privileges have been revoked
      • Maximum number of days, or hours between data backups for incremental backups
      • Maximum number of days, or hours between data backups for full backups
      • Data to be backed up in incremental back ups
      • Data to be backed up in full back ups
      • Data to be backed up when not attached to corporate network
      • Data to be backed up when connected via a VPN to corporate network over a specified transport
      • Data to be backed up by specified link encryption method
  • Endpoint Location Policies
      • Permitted remote locations
      • Permitted corporate office locations
  • Authentication Policies
      • Permitted authentication methods
      • Max number of days between password resets
      • Max number of authentication failures
  • Network Access Policies
      • Permitted network addresses and/or address ranges allowed to be accessed by the user
      • Permitted network addresses and/or address ranges allowed to be accessed by a specific named application
      • Required applications to be running in order to enable a specified network adapter
      • Required applications to be running in order to enable a specified modem
      • Permitted network transports
      • Permitted network devices
      • Permitted network service providers
      • Permitted hotspots
      • Permitted dial numbers
      • Permitted wired broadband locations
      • Permitted link encryption options by transport
      • Cost per minute limit
      • Cost per megabyte limit
      • Permitted authentication methods
      • Maximum connection duration by transport
      • Maximum bandwidth consumption by transport
      • Days of week network connectivity permitted
      • Time of day network connectivity permitted
      • Permit local application X, Y and Z to have network access
        • When antivirus is running AND
        • When personal firewall is running AND
        • Antivirus vendor is Symantec AND
        • Antivirus version is v5 or greater
  • CPU Utilization Policies
      • CPU utilization threshold for triggering application prioritization adjustments
      • CPU sampling interval
      • CPU sampling window
      • Sampling method (fixed interval, moving average, combined, etc.)
      • Enumerated list of applications to disable if instant CPU utilization threshold exceeded
      • Enumerated list of applications to have operating system priority levels forcibly changed if instant CPU utilization threshold exceeded
      • Enumerated list of applications to disable if average CPU utilization threshold exceeded
      • Enumerated list of applications to have operating system priority levels forcibly changed if average CPU utilization threshold exceeded
      • CPU increase rate
  • Application-Specific Policies
      • Email:
        • Permitted and/or restricted source email addresses or domains
        • Permitted and/or restricted destination email addresses or domains
        • Maximum number of outbound emails per minute
        • Maximum number of inbound emails per minute
        • Permitted recipients when email contains a specific text string (support for wildcards and logical combinations of AND, OR, NOT, ELSE, IF, etc. is supported)
        • Rate of outbound emails
      • Web browsers
        • Permitted URLs or domains
        • Restricted URLs or domains
        • Permitted web sites/content
        • Prohibited web sites/content
  • File System Policies
      • Files to automatically delete upon detection
      • Format disk policies, e.g.:
        • When incremental or full backup has occurred within the last e.g. 72 hours AND
        • User fails authentication 5 successive times
      • File protection policies, e.g.:
      • Set data files to read only when e.g.
        • When antivirus is not running OR
        • When antivirus reports an infected system
  • Antivirus Policies
      • Permitted vendor(s)
      • Permitted product name(s)
      • Permitted version(s) for named vendors
      • Max permitted antivirus update age
      • Required antivirus product
      • Required antivirus version
      • Required antivirus configuration settings
      • Required antivirus runtime status
      • Required virus definition files minimum version
      • Required frequency of updates to virus definition files
      • Enumerated list of virus threats with attack type and severity level identified for each
  • Personal Firewall Policies
      • Required firewall product
      • Required firewall version
      • Required firewall configuration settings
      • Required firewall runtime status
  • Anti-Spyware Policies
      • Required anti-spyware agent product
      • Required anti-spyware agent version
      • Required anti-spyware agent configuration settings
      • Required anti-spyware agent runtime status
      • Required anti-spyware signature files minimum version
      • Required frequency of updates to anti-spyware definition files
      • Enumerated list of spyware threats with attack type and severity level identified for each
  • Endpoint Patch Management Policies
      • Required patch management agent product
      • Required patch management agent version
      • Required patch management agent configuration settings
      • Required patch management agent runtime status
      • Required frequency of updates to patch management definition files
  • The solution provides the ability to add support for additional policies in the future.
  • Wireless Signals Policies
      • Minimum signal strength to connect to Wi-Fi transport
      • Minimum signal strength to connect to CDMA EV-DO transport
      • Minimum signal strength to connect to CDMA 1xRTT transport
      • Minimum signal strength to connect to GSM transport
      • Minimum signal strength to connect to GPRS transport
      • Minimum signal strength to connect to EDGE transport
      • Minimum relative signal strength
      • Permitted wireless network connectivity modes, e.g. Wi-Fi ad hoc mode, Wi-Fi infrastructure mode, 802.1x authentication required, 802.1x authentication type
  • Active Network Connections
      • Minimum average bytes out/sec threshold
        Administrator Policy Configuration
  • The invention includes a graphical user interface application accessible through 106A that allows an administrator to: view available options for endpoint inspection using centralized policy management system 106, view compliance policies and policy enforcement actions, specify the policies of interest to them, and specify specific values for each policy of interest. All changes made by the administrator are saved to the policy database 106B and made available for all endpoint systems 104 or host systems 102 in the policy group to which those policy settings apply. Alternatively, this functionality could be included in a graphical user interface application on the endpoint system 104 or a graphical user interface application on the host system 102, when users or local administrators of those computing devices are responsible for configuring their own policy settings locally.
  • One additional function of the policy management system 106 is the ability to receive and respond to policy update requests from endpoints 104 and hosts 102. The endpoint system 104 and/or host system 102 are configured via a policy setting to periodically query one or more remote policy database(s) 106B residing on the policy management system 106 and retrieve updated information about new policies and updated policy settings. The processor then stores this information in a local data repository.
  • Because the number of policy options can be daunting, the policy management system user interface 106A can provide a control that allows an administrator to effectively summarize on a sliding scale, e.g. 1-5, High/Medium/Low, 1-100, etc. their desired security posture, or conversely their security posture noncompliance tolerance. A set of data tables in the policy management database maps each setting on this sliding scale to the enablement and/or disablement of specific policies and policy actions, as well as specific compliance thresholds or scores. This greatly simplifies the administrator's task when establishing and configuring policies. A ‘Custom’ or comparable user interface control is also made available that allows an administrator to bypass the summary control and directly access the complete set of granular policy settings. The values in the data tables used to map a summary security level to specific policies and compliance thresholds are of course able to be changed by the database administrator at any time.
  • Integration with Vulnerability Scoring Systems
  • Many computer hardware and software vendors are known to maintain a running list of known security vulnerabilities in their products. See for example vendor Web sites:
  • www.microsoft.com/technet/security/alerts/matrix.mspx
  • www.cisco.com/en/US/products/products_security_advisories_listing.html
  • As used herein, references to software and software programs to describe a security vulnerability are to be interpreted in their broadest sense, including software such as application programs, operating systems and drivers, combinations of software and hardware and hardware.
  • Because each vendor has their own terminology, definitions and subjective view of what constitutes a vulnerability and the degree of risk or exposure a given vulnerability represents (i.e. its severity), there are several industry initiatives to standardize vulnerability definitions and scores. See for example:
  • www.kb.cert.org/vuls
  • www.first.org/cvss/cvss-guide.html
  • Depending on the source, information that may be published about each vulnerability includes information such as descriptive parameters that describe the hardware or software at risk (e.g. Intel-based hardware running Windows XP Service Pack 2), possible system impacts (e.g. memory buffer overflow, unauthorized remote control of the computer, etc), severity type, severity level, sources of more information, date vulnerability was first reported, etc.
  • Vendors often use this information to prioritize their responses to vulnerabilities in their products. Responses typically take the form of customer notifications, often accompanied by specific interim remedial actions to take (e.g. disable a service, shut down a TCP port, etc.) and/or information on currently available patches that can be applied to eliminate the vulnerability.
  • When there is no current software available to eliminate the vulnerability, the vendor will normally begin scheduling internal activities to develop a solution to the vulnerability and make the solution available to customers and product users as a ‘patch’ or ‘update’. Once this becomes available, customers may receive notification, and/or find notification information on a vendor's web site.
  • Information technology (IT) managers, also referred to herein as administrators, access vulnerability information by either receiving a notification from a vendor or industry group, going to the vendor or industry web site and querying the vulnerability database, or by establishing an electronic communications link with the remote database and electronically receiving vulnerability database updates on a periodic basis. IT managers typically use a combination of industry risk assessment and vendor risk assessment information to prioritize which vulnerabilities and patches to focus on first, and to prioritize remediation activities relative to other routine IT operating activities and other IT projects.
  • There is often a significant gap of several days to several months between when a vulnerability is announced by a vendor or an industry watchdog and when the vendor releases a patch or update that addresses that vulnerability. In addition, there is an inevitable gap of days, weeks and possibly even months from the time the patch first becomes available to the time the IT manager becomes aware that the patch is available, retrieves the patch, tests the patch, identifies the end points needing the patch and deploys the patch to all end points and/or hosts needing the patch. This is a very dangerous period of time for endpoint security, during which the system is vulnerable to the identified security risks.
  • The interval of time between when a vulnerability is announced and when a vulnerable endpoint is patched commonly referred in the IT industry to as an ‘exploit window’, i.e. a window of time in which a security attack that specifically, opportunistically targets that publicized vulnerability can be created and used to probe endpoints to find vulnerable ones that can be attacked. During the exploit window, the endpoints remain exposed to a security attack unless some temporary securing action is taken to protect the endpoint. Attack exposure may be from the local machine only, from a remote machine, or both, depending on the nature of the vulnerability. The attack may utilize only the new exploit or more commonly utilize a combination of exploits to gain control of the system, gain reliable access to the system, take an action on the local system, or have the local system initiate a communications session with a remote computer of the hacker's choosing.
  • Combining information sources such as those described above, it is possible using the present invention to create a vulnerability policy directory including but not limited to the following information: Description of hardware and/or software that is vulnerable, descriptive attributes (e.g. whether it is exploitable locally or remotely, whether it impacts data confidentiality, data integrity or computing resource availability, etc.) specific remedial or corrective actions to take to eliminate the vulnerability (e.g. halt an operating service, block a port, block an application, disable a network interface, etc.), and the vulnerability severity level (e.g. high/medium/low, 4 out of 5, 7.5 out of 10, 65%, etc.). The present invention uses this information in accordance with the process shown and described with respect to FIG. 6. By using this information to eliminate the vulnerability almost immediately after it the information is publicly available, the present invention is able to provide almost immediate protection for any computing device against vulnerability-specific exploits or security attacks during the period of time between when the security attack is created and used, and when the IT manager or end user has received the software patch from the software vendor and applied that same patch/repair to the computing device. Initially, the security risk information is stored on a data repository, for example within policy management system 106, that is accessible to remote endpoints via communications links, e.g. the Internet (step 602).
  • In accordance with this embodiment of the invention, the client software is configured via a policy setting to periodically query one or more remote vulnerability policy database(s) and retrieve updated information about new vulnerabilities and updated information about existing vulnerabilities (step 604). The client then stores this information in a local data repository (step 606).
  • The client software is configured via policy settings to examine each vulnerability stored in the local data repository on a periodic basis, or whenever a particular system or policy compliance event warrants (step 608). The client software can subsequently utilize this information in one or more of several different ways to diminish this security risk (step 610), depending on how its policy settings are configured:
      • The client can inspect each entry in the vulnerability directory, inspect the endpoint to see if the vulnerability is applicable, and if so, take the corrective action specified. Such capabilities are readily commercially available today.
      • The client can inspect each entry in the vulnerability directory, inspect the endpoint to see if the vulnerability is applicable, and if so, examine the severity level and compare that to a policy-defined severity level, and corresponding policy-defined actions to take when a vulnerability with the specified severity level or a higher severity level is found.
        • If the severity level equals or exceeds a specified policy-defined value, then take the corrective action specified.
          • Optionally if enabled via a policy setting, the client can subsequently inspect the endpoint to determine whether the corrective action succeeded or the vulnerable condition still exists.
            • If the corrective action taken does not succeed, consider the endpoint out of compliance and take one or more policy-defined corrective actions, e.g. block access to a file, a folder, an application, network connectivity, establishing a VPN tunnel, provide a notification to the user, etc.
            • If the corrective action taken does not succeed, consider the endpoint out of compliance and adjust one or more security compliance scores where applicable. The revised scores when fed into the compliance analysis engine along with other endpoint state data may result in one or more policy-defined corrective actions being taken, e.g. block access to a file, a folder, an application, network connectivity, establishing a VPN tunnel, etc.
  • The client can inspect the one or more vulnerability characteristics present in the collective set of information, such as the access vector, (e.g. is the vulnerability exploitable locally or remotely, does it effect confidentiality, integrity or availability, etc.) and compare that to a policy-defined list of characteristics to be on the lookout for, and corresponding policy-defined actions to take when a vulnerability with the specified characteristic is found:
      • If the vulnerability characteristic matches a policy-defined value, then take the corrective action specified.
        • Optionally if enabled via a policy setting, the client can subsequently inspect the endpoint to determine whether the corrective action succeeded or the vulnerable condition still exists.
        • If the corrective action taken does not succeed, consider the endpoint out of compliance and take one or more policy-defined corrective actions, e.g. block access to a file, a folder, an application, network connectivity, establishing a VPN tunnel, etc.
        • If the corrective action taken does not succeed, consider the endpoint out of compliance and adjust one or more security compliance scores where applicable. The revised scores when fed into the compliance analysis engine along with other endpoint state data may result in one or more policy-defined corrective actions being taken, e.g. block access to a file, a folder, an application, network connectivity, establishing a VPN tunnel, etc.
          Analyzing Agent-Collected Condition Data
  • With reference now back to FIG. 2, the various condition data described above is collected by the agent managers through the agents (step 208) and then analyzed (step 210). With reference to FIG. 4, there is shown in block diagram format the functional aspects 400 of collecting agent data from various exemplary agents 104E, collected through various exemplary agent managers 104D, aggregated by the agent monitoring service 104C for processing by analysis engine 106C, subsequently resulting in one or more actions being taken by various exemplary agents 104E.
  • As shown, and described in further detail herein below, the output of analysis engine 106C is a series of actions to take, block and/or permit, the actions communicated back to the agents through the various managers. The aggregated set of actions is passed to the agent management service as a set of instructions. The agent management service parses the instructions, identifies for each instruction the appropriate individual agent manager 104D capable of executing the instruction and passes selected instructions to the appropriate agent manager 104D. The agent manager 104D passes the instructions to the particular agent 104E it relies on to take a particular action. The actions taken by the various agents 104E, for example the control system services, system resources, system hardware, system applications and system data, in endpoint system 104 or host system 102, depend on where the various security functionalities of the invention are installed
  • Additionally, the data collected from various exemplary agents 104E and aggregated by the agent monitoring service 104C can be communicated over a data communications network to the policy management system 106 which can also process the collected data using the compliance analysis engine 106C. There are several alternative embodiments. One embodiment (call it embodiment 1) has all data collected at the end point analyzed by a compliance analysis engine residing on the end point, (whether that end point be a laptop or a host system web server). An alternative embodiment (call it embodiment 2) has all data collected at the end point analyzed by a compliance analysis engine residing on the policy management server. In this latter embodiment, the question is what happens when the policy management server completes the compliance analysis and determines that some policy violations exist and one or more policy compliance actions must be taken. There are several different embodiments possible using the policy management server to perform the compliance analysis function (Call these embodiments 2A, 2B, 2C, etc. Brief embodiment descriptions follow: Embodiment 2A: Policy management server sends policy action instructions (block this application, permit that application, etc.) back to end point for execution. Note that a best practice would be to digitally sign the instructions sent to the end point using the policy management server's digital certificate. The end point must validate the digital signature before considering the policy action instructions Embodiment 2B: Policy management server sends instructions (block this end point, permit that end point, limit that end point to only host systems residing on the 192.168.10.x subnet, etc.) to a network access control device for execution. Normally the access control device will as a result of these instructions add an Access Control List (ACL) entry to its data traffic forwarding table that subsequently effects what destination host systems and communication protocols may be used by the end point when the end point is trying to reach a host server through the network access control device. Embodiment 2C: Policy management server sends instructions (block this end point, permit that end point, limit that end point to only the following applications or application transactions) to a host system for execution. Normally the host system will as a result of these instructions add an Access Control List (ACL) entry to its session management table that subsequently effects what applications or application transactions residing on that host system may be accessed or used by the end point when the end point is requesting services from that host system.
  • The policy management server creates a list of permitted host systems, applications, and/or application transactions that the end point is permitted to contact, based on its current degree of compliance. Policy management server then digitally signs the ‘permitted actions list’ and returns the permitted actions list to the end point. When end point wants to access a host system, the end point presents the digitally signed permitted actions list to the host system. The host then validates the policy manager's digital signature on the signed permitted actions list and then creates an ACL that allows the end point to access specific resources (e.g. files, folders, types of transactions) on the host system. An alternative and complementary embodiment (Embodiment 2D-2) is that when packets from the end point have to pass through a network access control device residing between the end point and the host system, the end point must authenticate to the network access control device. As part of the authentication process at the network access control device, the end point must present the digitally signed permitted actions list to the network access control device. The network access control device then validates the policy manager's digital signature on the signed permitted actions list and then creates an ACL that allows the end point to access specific host systems (e.g. a single or range of IP addresses) and/or to use specific communication protocols (e.g. FTP, HTTP, SMTP, etc). The policy management system 106, shown connected to the Internet, can be implemented alongside a network access control device, e.g. a router, switch VPN server, etc. or can remotely communicate with the network access control device via a data communications network. In this embodiment, the policy management system 106 is able to communicate access permission and/or access restrictions to the network access control device, restricting what host systems 102 the endpoint system 104 is able to access, restricting what endpoint systems 104 are able to access host systems 102, and/or restricting what remote systems host system 102 is able to access. The policy management system 106, when it has received aggregated information from the agent monitor 104C on endpoint system 104 is also able to send access instructions to host system 102 identifying what permissions or restrictions should be applied to an endpoint system 104 when endpoint system 104 tries to access host system 102 via the network 108. Note that this last embodiment does not require the system 104 to have or be running security-related software such as this invention. Rather, the host system 102 can be protected and/or restrict access with respect to any endpoint 104 that tries to communicate with it.
  • Analysis engine 106C (FIG. 1) contains one or more analytical methods or models and enables the selection of the optimum model or models for a given set of conditions 104F as determined by the various agents 104E. In accordance with the present invention, a feature and advantage of analysis engine 106C is its support for multiple models, its extensibility to support future models, and the ability to use multiple different models simultaneously either in parallel or in series while performing compliance analysis of conditions 104F. The analysis engine analytical model compares current condition information 104F, policies regarding those conditions 106B and makes action decisions resulting from those conditions and policies, using one or more analytical models. Analysis engine 106C subsequently initiates actions to permit, deny or control access to local and/or remote computing resources based on additional policies that identified permitted and/or denied actions when a noncompliance condition exists.
  • Analytical model selections are based on one or more policy-based configuration settings stored in the policy store 106B. These policies, or rules, may alternatively and/or additionally be locally stored on the endpoint system 104 and/or host system 102, accessed by an endpoint system 104 or a host system 102 from a remote policy management system 106 via a data communications network, or a combination of the two. As with all other policies, the policy setting controlling what analytical models are used and when they are used can be dynamically changed at any time by changing the values of the policy settings in accordance with the processes described above.
  • The following sections describe some of the analytical models used by analysis engine 106C. Policy management system 106 is designed to allow analytical models operated by analysis engine 106C to be added in the future, individually upgraded or modified, or removed. Conventional software distribution methods are used to communicate new or modified analytical models and new versions of the analysis engine 106C. In accordance with the present invention, analysis engine 106C is also architected to allow the inputs and/or actions associated with a given policy to be modified or customized as required. Conventional software distribution methods are used to communicate new or modified policies or policy values. Policies incorporating combination rules are also supported through the logical combining of multiple individual rules using conventional logic clauses such as AND, OR, NOT, ELSE, IF, WHEN, UNLESS, etc.
  • The analysis engine 106C is the central and primary destination for all collected or received condition state information collected by the local endpoint system 104. Some or all condition state information to be collected may be requested by the analysis engine on a periodic basis, requested by the analysis engine as a direct result of a detected event, requested by the analysis engine as a direct result of completed analysis of previously received condition state information, sent to the analysis engine by agents and agent managers on a periodic basis, and/or sent from agents or agent managers to the analysis engine as a direct result of a detected event. This holds true for instances of local analysis of condition state information on the endpoint system 104 as well as remote analysis of condition state information on the policy management system 106.
  • Capabilities of the analysis engine also include the ability to query the policy data store 106B (FIG. 1) to collect compliance policies and their associated value(s). This query could occur on a fixed periodic basis or be based on a specified system event, for example system startup, client startup, application start event, network interface event, authentication event, notification of received policy updates, receipt of a specific endpoint data element, receipt of a specific endpoint data element having a specific value, etc.
  • Capabilities of the analysis engine further include the ability to query the policy data store 106B to collect action policies and their associated value(s). This query occurs whenever needed by the analysis engine.
  • Capabilities of the analysis engine further include the ability to output status and event messages to local processes or remote computers accessible across a network. These messages may be used to trigger the display of a message to a user on the local endpoint system 104 user interface, the display of a message on the policy management system 106, the updating of status information on an already open display or may be logged to a local or remote data store for use in reports.
  • Endpoint Compliance Assessment Algorithms
  • With reference now to FIG. 7, there is shown a process 700 for operation by policy management system 106 to determine whether endpoint system 104 is in compliance with the compliance policies maintained in data storage 106B, the process comprising an expansion of step 210 of FIG. 2. In accordance with this process, condition data regarding the status of conditions 104F are collected through the above described system of agent managers and monitors, and input into analysis engine 106C through the processor and communications interface 106A (step 702). A compliance assessment process, or algorithm, is selected to process the condition data (step 704). Many different appropriate algorithms are described and shown herein below. Optionally, as described below, numeric risk values can be assigned to non-numeric condition state data and numeric weightings applied to numeric values (step 705). The effective and appropriate security policy is retrieved from data storage 106B (step 706), the condition data is processed using the selected compliance process (step 708), and the results of the processed condition data compared to the compliance policy (step 710). The details of this process, including the various algorithms, are described in detail herein below.
  • Because the policy action rules comprise a number of endpoint states that must be assessed, because there is a desire to be able to manage and change many policy settings using a finite number of data values and because of the number of possible combinations of endpoint states that could warrant invocation of the defined action, a simple rules based approach to processing this information may be unwieldy and not scale well. To facilitate the effective practice of the present invention, an algorithmic approach is provided by the present invention. As part of step 706 above, the algorithmic approach involves treating the non-numeric endpoint state information as real time values that are converted to numerical risk weightings, e.g. 1-100. Non-numeric endpoint state information, listed above, includes those states not communicated as a number, e.g. is an application running, what level of anti-virus program is running, etc.
  • The policy data store 106B contains a numeric value to assign to each non-numeric endpoint condition 104F. When the analysis engine 106C receives endpoint condition state information 104F from the agent monitors 104C, the analysis engine 106C makes one or more queries to the policy data store 106B for each endpoint condition and retrieves the numeric value to assign to that particular endpoint condition. The process is repeated as needed for each non-numeric endpoint condition data element the analysis engine must convert from a non-numeric value to a numeric weighting. This process may also be repeated as needed for each numeric endpoint condition data element the analysis engine must convert from a raw numeric value to a normalized numeric weighting, e.g. converting the number of calendar days since antivirus was last updated (e.g. 0-365 days) to a normalized value in the e.g. 0-100 range.
  • This assignment of numeric weightings to non-numeric states allows effective analysis of the condition information using a wide range of numeric algorithmic models, and further allows non-numeric endpoint condition state information to be included and factored in when the analysis engine 106C is assessing policy compliance of endpoint condition state information that is already in numeric form. What follows are specific, but not exhaustive examples of specific algorithmic methods supported by the invention. Other numeric-based algorithmic methods within the scope of this invention will become apparent to the reader.
  • Matrix Analysis Algorithm
  • One analytical model operable by analysis engine 106C involves treating endpoint condition state information 104F as a matrix of numeric values where as mentioned above and as implied in each of the subsequent analytical models described herein, the real time state information is converted to numerical values or risk weightings, e.g. 1-100. The standalone and business intelligence rules can be treated as a second matrix where rules are given relative importance ratings. By combining the two matrices using conventional matrix mathematics, the analysis engine 106C generates a third matrix as the result. This third matrix contains numerical compliance scores that can be converted to security compliance ratings for different enforcement actions. Each rating can subsequently be compared to a predefined score threshold stored in the policy data store 106B for each possible enforcement action to determine whether or not to invoke the action. If the derived score is above the threshold, the endpoint is deemed sufficiently (while not necessarily completely) compliant with those particular endpoint configuration policies.
  • The security score thresholds, the input matrix elements, the input matrix security scores and the items to be included in the endpoint inputs list are all data values stored in the policy data store 106B and as such are configurable and extensible so as to allow tailoring to an individual user's need. Configuration is performed using a user interface 106A, from which new or revised matrix elements, thresholds, weightings and factors can be created and modified. When implemented in a distributed fashion, changes to these data values made in the policy management system 106 can be distributed to the software agent residing on the endpoint system 104 using conventional software distribution methods. Examples of different matrix analysis methods are shown herein below.
  • Business Rules-Based Analytical Model for Policy Enforcement
  • One analytical model operable by analysis engine 106C in accordance with the present invention utilizes descriptive business rules. The rules specify a specific action to take if specified prerequisite conditions are true. When different system events and policy violations occur, different actions will be initiated. The universe of possible actions will expand and evolve over time, as will the tests used to determine whether a given action should be initiated. For example, new operating system services may come available, new categories of security or endpoint management applications may emerge, security point solutions may become integrated, transport technologies will continue to evolve, features of security point solutions will evolve, etc. Additionally, different operational needs will warrant creating new actions and new tests. This analytical model is extensible and allows the addition, removal, tailoring, and/or changing the values of prerequisite conditions or actions for different customers and policy groups. Note that this rules-based analysis may or may not require the assignment of numeric risk scores to non-numeric conditions, depending on the desired rules.
  • Examples of business rules used in this analytical model follow.
  • User Authentication Actions, including:
      • Password reset action
        • Force password reset
          • When password age is greater than 90 days AND
          • When user is directly connected to corporate LAN AND
          • No policy violations exist that prevent connectivity to corporate LAN
  • Application Access Actions
      • Application access block action:
        • Prevent named application from opening
          • When antivirus is out of compliance in any way
        • Prevent named application from opening
          • When antispyware is out of compliance in any way
        • Prevent named application from opening
          • When antivirus is out of compliance in any way AND
          • When personal firewall is not running
        • Prevent named application from opening
          • If user is not connected to corporate LAN
        • Prevent named application from opening
          • If user is not connected to corporate LAN OR
          • If user is not connected from home
        • Prevent named application from opening
          • If any critical OS patches not found AND
          • If user not connected to corporate LAN AND
          • Antivirus not updated within last 212 days
        • Prevent named application from opening
          • If user not connected to corporate LAN AND
          • Day of week is Mon, Tues, Wed, Thurs or Fri AND
          • Time of day is between 8 AM and 8 PM
        • Prevent named application from opening
          • If user not connected to corporate LAN OR
          • User does not have active VPN tunnel
        • Prevent named application from opening
          • If user authentication method anything other than RSA SecureID
      • Application uninstall actions
        • Uninstall named application if found
      • Application upgrade actions
        • Uninstall named application if found AND
        • Retrieve named installation package from a named remote computer AND
        • Initiate installation of named installation package
      • Application upgrade actions
        • If user is connected to corporate LAN AND
        • If approved antivirus client (vendor and version is not installed) THEN
        • Uninstall named application if found AND
        • Retrieve named installation package from a named remote computer AND
        • Initiate installation of named installation package
      • Restrict email application
        • When antivirus reports an infected system OR
        • Anti-spyware agent is not running
      • Restrict HTTP applications such as web browsers
        • When local proxy setting is out of compliance, i.e. not configured for remote proxy server
  • File Management Actions
      • Protect data:
        • Generate encryption key AND
        • Encrypt a specified file, files, folder or folders AND
        • Transmit encryption key to a policy-defined remote computer.
  • Hardware Devices Actions
      • Launch Lojack application
        • When user fails authentication 100 successive times OR
        • When user attempts to copy encrypted data to USB port AND
        • Network connectivity exists over any transport
      • Disable network adapter
        • When personal firewall is not running AND
        • Antivirus compliance score is less than 75% AND
        • Anti-spyware agent is not running
  • Network Access Actions
      • Disconnect wireless adapter
        • When active wireless connection is ad hoc OR
        • When authentication method is not PEAP and 802.1x
          Boolean Table-Based Analytical Model for Policy Enforcement
  • Another analytical model operable by analysis engine 106C in accordance with the present invention utilizes a table of Boolean logic rules. This will be understood to be an extension of the business rules-based model described above, with the inclusion of Boolean logic combinations. The rules specify specific actions to take when specified conditions are true. The universe of possible actions will expand and evolve over time, as will the tests used to determine whether a given action should be initiated. Additionally, different users may prefer different rules, new actions and/or new conditions to determine. This analytical model is extensible both in terms of inputs and actions and allows a user to add, remove, tailor, and/or change the values of inputs and/or actions for different systems.
  • An example of a policy table containing Boolean logic as used by this analytical model follows in Table 1.
    TABLE 1
    Action 2
    Input 1 Input 2 Input 3 Action 1 Allow
    Antivirus Corporate Required Allow Email Action 3 Action 4
    Agent Network OS Patches Network Application Allow USB Alert IT
    Running Connection Installed Connectivity Access Ports Administrator
    FALSE FALSE FALSE FALSE FALSE FALSE TRUE
    FALSE FALSE TRUE TRUE TRUE FALSE TRUE
    FALSE TRUE FALSE TRUE FALSE FALSE TRUE
    FALSE TRUE TRUE FALSE TRUE FALSE TRUE
    TRUE FALSE FALSE FALSE TRUE TRUE TRUE
    TRUE FALSE TRUE TRUE TRUE TRUE FALSE
    TRUE TRUE FALSE TRUE FALSE TRUE TRUE
    TRUE TRUE TRUE TRUE TRUE TRUE FALSE

    Scoring-Based Analytical Model for Policy Enforcement
  • Other analytical models supported by the present invention utilize different types of mathematical scoring methods. Endpoint state information collected by the agent can be assigned relative importance weightings or quantitative scores, as described above, to develop a composite security ‘score’ for the security dimension or dimensions associated with that endpoint attribute. The score can subsequently be used as a proxy for a numeric endpoint security health metric for a particular aspect of the endpoint's configuration or health. For example, an antivirus agent monitors the endpoint from a virus protection dimension and has certain attributes that must be in place to provide effective antivirus protection. Examples of attributes the antivirus agent must have in order to provide effective end point security and that is desired to be externally assessable state information to the invention includes:
      • The antivirus agent must be running to provide any protection at all.
      • The antivirus agent must be of a recent version to be able to recognize certain new virus patterns.
      • The antivirus agent receives periodic virus signature updates used in the virus scanning and protection process. Frequent updates, or more precisely a recent update (which is assumed to have brought the antivirus agent fully up to date) is necessary to have protection against the latest threats.
      • The antivirus agent has configuration settings that can be enabled or disabled to provide more or less protection.
  • Each of these attributes of the antivirus agent can be assigned an absolute score or a relative weighting by a user, based on the relative importance of that particular attribute to that user. For example as is shown in Table 2:
    TABLE 2
    Agent Attribute Points Weight
    Antivirus agent active and running 60 60%
    Antivirus agent version current or current minus 15 15%
    one rev
    Antivirus agent signature files updated within the last 100 100% 
    212 days
    All antivirus scan options enabled 15 15%
    Total
    100 100% 
  • Different operators may have different views on the relative importance of these attributes and/or may wish to use different or more granular attributes in their scoring model. For example, a different user may want to replace the version attribute with a real-time file system monitoring enabled attribute or add this as an additional attribute in their scoring model. Similarly, another user may assign more relative importance, hence assign a higher weight or score to how recently the antivirus signature files were updated. Another user might want to assign each of 4 specific configuration settings 5 ‘points’ if the setting is enabled, for a total of 20 possible points when all antivirus scans options of interest to that user are enabled.
  • These attributes may be different for different users depending on the capabilities of their particular endpoint security solution. For example, if a particular commercially available antivirus agent has no configurable options to enable/disable, this attribute would not be relevant and would not be a consideration in the scoring process. In fact, one of the attributes could easily be the specific product being used, if a user has high confidence in 1-2 specific antivirus agents and much lower confidence in other antivirus agents. Support for variability across different end points having different hardware/software configurations is managed using policy settings as previously described.
  • Attributes and weightings can be similarly established for each of the endpoint security agents previously identified. The approach can similarly be adapted to other existing and future endpoint security solutions using this same approach.
  • Individual Agent Score Threshold Analysis and Enforcement
  • By establishing a minimum threshold for an agent and comparing the total agent score with that threshold, the total score obtained by querying the agent and/or its externally viewable attributes can be used as a trigger for one or more general or context-specific predefined actions to be taken. For example, assuming the following is the list of actions to be taken if the antivirus agent score does not meet or exceed a threshold of 81 points or 81%:
      • Disable network interfaces so that the endpoint is prevented from connecting to a network
      • Disconnect any active network connections, e.g. a dial, cellular or Wi-Fi connection
      • Provide a user notification of the security state of the endpoint and instruct them to contact their help desk to resolve the issue.
  • A different operator may wish to take additional or alternative predefined actions, for example:
      • Disable any active VPN connections
      • Prevent the establishment of a VPN connection
      • Apply an outbound access control list on the network protocol stack or using a personal firewall to limit outbound access to a specified set or one or more specific application protocols (e.g. HTTP, POP, etc.), applications (e.g. Internet Explorer web browser, custom Oracle financial application, Symantec Norton Antivirus Update, BigFix Endpoint Vulnerability Management agent, etc.), network addresses (e.g. 192.1068.1.255), network numbers or subnets (e.g. 608.52.1022.0/206) and/or DNS domains (e.g. customer.com, macafee.net, server1.windowsupdate.com, etc.)
      • Provide a user notification that outbound access is being restricted to specific applications, networks, etc. as appropriate as a result of the current security state of the endpoint.
      • Activate a scripted remediation process to enable the antivirus agent if not running, update the antivirus signature files, enable all antivirus configuration settings, etc. as appropriate
      • Once the remediation process is completed, reassess the antivirus score.
        • If score meets or exceeds threshold:
          • Remove VPN restriction
          • Remove outbound network access restrictions
          • Provide user notification indicating that endpoint security has now reached a satisfactory state and all normal system privileges have been restored
        • If score does not meet or exceed the threshold provide a user notification of the security state of the endpoint and instruct them to contact their help desk to resolve the issue.
  • A wide range of alternative system level corrective actions or user notifications are possible and may be more or less appropriate, depending on the situation and the user's needs. More complex conditional actions including IF, THEN, ELSE, AND, OR type logic may also be defined.
  • Note that in particular, the corrective actions may vary by agent. Thus for example, the corrective actions when the firewall agent score is below the firewall threshold might be:
      • Disconnect any active network connection other than a wired Ethernet connection
      • Prevent any network connections from being established other than a wired Ethernet connection
      • Block outbound network access on the wired Ethernet connection unless the user's IP address is on the 1020.130.15.x network.
      • IF the firewall is not currently running, THEN attempt to restart the firewall using a predefined command.
      • Provide a context-sensitive user notification
  • Whereas for example the corrective actions when the antivirus agent score is below the antivirus threshold might be:
      • Permit new network connections to be established
      • Permit active network connections to remain active
      • Prevent the following named applications from running:
        • Internet Explorer
        • Mozilla
        • Firefox
        • Opera
        • AOL
      • Prevent the following file types from being opened:
        • .doc
        • .xls
      • Upon detection of an active network connection send an antivirus update request message to a predefined URL
      • Install the downloaded antivirus update package
      • Provide user notifications regarding restricted applications
      • Provide user status updates during the update process.
        Composite Agent Scoring, Threshold Analysis and Enforcement
  • In the preceding examples, an antivirus agent was the single agent under evaluation. Multiple agents can be simultaneously assessed in a similar fashion and the individual agent scores combined in different ways to create a holistic view of the endpoint state from multiple perspectives. For example, a user could define the following agent score combination logic as the basis for determining whether the end point is or is not in compliance:
      • Antivirus agent score equal to or greater than 80% AND
      • Firewall agent score equal to or greater than 90% AND
      • Antispyware agent score equal to or greater than 50%
  • The individual agents of interest would be periodically queried or assessed at a configurable interval, individual agent scores calculated and then this business logic applied to determine if a noncompliance exists and if any predefined corrective, restrictive and/or notification actions (such as those previously defined) are required.
  • An alternative approach is to assign relative weighting to the individual agents, based on their relative importance to the user. For example as shown in Table 4 below:
    TABLE 4
    Relative Relative
    Agent Points Weight
    Antivirus agent 15 15%
    Personal firewall agent 70 70%
    Antispyware agent
    100 100%
    Content filtering agent 5 5%
    Total
    100 100%
  • The relative weights for individual agents are then combined with the individual agent scores to derive a composite score. For example, as illustrated in Table 5 below:
    TABLE 5
    Adjusted
    Raw score Relative score
    Agent (points) Weighting (points)
    Antivirus agent 65 15% 9.75
    Personal firewall agent 93 70% 65.1
    Antispyware agent 0 100% 0
    Content filtering agent 100 5% 5
    Composite Score 79.95
  • In this approach, the composite score is 79.95 points or 79.95%. The composite score would then be compared to a predefined composite threshold residing as a data value in the policy data store 106B to determine if any predefined corrective, restrictive and/or notification actions (such as those previously defined) are required.
  • Different users may have different views on the relative importance of individual agents and may wish to use fewer, additional or different agents in their composite scoring model. For example, a different user may want to replace the content filtering agent with a patch management agent in their composite scoring model or add the patch management agent to the above composite scoring model. Similarly, another user may assign more or less relative importance, hence assign a higher or lower relative weight to the personal firewall. Such differences are accommodated by the invention through the use of policy settings and values that specify the agents of interest, the compliance thresholds, the relative weightings and other relevant considerations.
  • Complementary Individual & Composite Agent Scoring, Threshold Analysis and Enforcement
  • While the composite approach provides a comprehensive assessment of the endpoint state and can be the basis for automated notifications or corrective actions, it does not preclude automated notifications or corrective actions triggered by assessments of individual agent scores. Therefore composite corrective actions can be defined independently of individual agent corrective actions (e.g. antivirus agent corrective actions, personal firewall corrective actions, etc.) if defined values exist in the policy data store 106B. For example, the previous composite example can be expanded as follows in Table 6:
    TABLE 6
    Agent
    Raw score Threshold Relative Adjusted score
    Agent (points) (points) Weighting (points)
    Antivirus agent 65 75 15% 9.75
    Personal firewall 93 90 70% 65.1
    agent
    Antispyware agent 0 70 100% 0
    Content filtering 100 60 5% 5
    agent
    Composite Score 79.95
    Composite 75.00
    Threshold
  • In this example, the overall composite score exceeds the composite threshold, thereby not requiring invocation of previously defined composite corrective actions. However, the individual score for the antivirus agent is below the antivirus threshold, thus requiring invocation of previously defined agent-specific antivirus corrective actions. Examples of corrective actions were previously defined above.
  • Single Level Versus Multi-Level Agent Scoring, Threshold Analysis and Enforcement
  • The previous examples (single agent assessments as well as composite assessment) all utilized a single threshold. In a single threshold model, when the score is below the threshold, corrective action is required and when the score is above the threshold, no corrective actions are required. This concept is readily extensible (for both single agent assessments and composite assessments) to a multi-level threshold model, where different corrective actions exist at different score thresholds. Corrective actions to take for different score thresholds are stored as data values in the policy data store 106B. For example:
      • Antivirus Agent Thresholds & Actions
        • 40%:
          • Prohibit the following applications from running:
            • Outlook
            • Outlook Express
            • Eudora
            • Thunderbird
            • Cisco VPN client
            • Nortel VPN client
            • Internet Explorer
            • Firefox
          • Block outbound POP protocol traffic
          • Restart antivirus if not running
          • Update virus signature files if greater than 15 days old
          • Enable realtime filesystem monitoring if not currently enabled
          • Prohibit all .doc and .xls files from opening
        • 60%:
          • Prohibit the following applications from running:
            • Cisco VPN client
            • Nortel VPN client
          • Update virus signature files if greater than 15 days old
          • Enable realtime filesystem monitoring if not currently enabled
        • 86%:
          • No restrictions
      • Personal Firewall Agent Thresholds & Actions:
        • 55%:
          • Restart firewall if not running
          • IF local IP address is 1023.1023.1023.x AND IF endpoint is able to send ICMP ping to host 1023.1023.1023.56, THEN permit only wired Ethernet access, ELSE block all outbound network access on all transports
        • 91%:
          • No restrictions
      • Composite Assessment Thresholds & Actions
        • 51%:
          • Prohibit the following applications from running:
            • Cisco VPN client
            • Nortel VPN client
            • Oracle financials
            • SAP payroll manager
          • Restrict HTTP access to the following domains:
            • Symantec.com
            • Windowsupdate.com
            • BigFix.com
            • Customer.com
          • Block outbound SMB protocol traffic
          • Block write access to the My Documents folder and all underlying subfolders
        • 75%:
          • Prohibit the following applications from running:
            • Cisco VPN client
            • Nortel VPN client
        • 85%:
          • No restrictions
            Continuous Reporting Versus Exception Reporting Threshold Analysis and Enforcement
  • In each of the examples above, all collected data points are analyzed for compliance or given a compliance score that may be examined individually or included in a broader composite compliance assessment process. An alternative implementation is to not provide a value to a composite compliance assessment routine unless there is a compliance violation and have the composite compliance assessment routine assume that component is in compliance unless notified otherwise, i.e. utilize exception-based compliance notifications. In the example previously described:
    Agent
    Raw score Threshold Relative Adjusted score
    Sensor (points) (points) Weighting (points)
    Antivirus agent 65 75 15% 9.75
    Personal firewall 93 90 70% 65.1
    agent
    Antispyware agent 0 70 100% 0
    Content filtering 100 60 5% 5
    agent
    Composite Score 79.95
    Composite 75.00
    Threshold
  • The individual raw scores for antivirus, personal firewall, anti-spyware agent, and content filtering must be fed into the composite scoring software process in order for the composite score to be determined. Conversely, in the exception-based model, the composite scoring software routine assumes the individual agent thresholds have been met, (e.g. the antivirus agent score is 75, the personal firewall agent score is 90, the anti-spyware agent score is 70 and the content filtering agent score is 60) unless informed otherwise. The exception when reported is used to update the composite score data set and a revised composite score is calculated. This exception-based approach is also supported by the invention.
  • Note also that the methods can be combined when so enabled via a policy setting. Continuing with the example above, the composite scoring software routine assumes that the antivirus agent score is 75 points and assumes the personal firewall agent score is assumed to be 90, unless otherwise notified. However the composite scoring software routine makes no assumption regarding the anti-spyware agent score or the content filtering agent score and requires that the antivirus compliance scoring software routine as well as the content filtering compliance scoring software routine both report actual raw compliance scores. Combinations of this type are also supported by the invention.
  • Different users may wish to have different sources utilize exception-based reporting and different sources utilize mandatory reporting. Such variations and adjustment capabilities are supported by the invention through the use of policy settings and values residing in the data store.
  • Matrix Algebra-Based Analytical Model for Policy Enforcement
  • Additional analytical models supported by the present invention utilize different matrix algebra methods. This model extends upon the scoring based analytical model previously described.
  • Matrix Method #1
  • In one matrix algebra method, different agents report different types of information regarding the state of the endpoint, such as:
      • Antivirus agent
      • Personal firewall
      • Anti-spyware agent
      • Endpoint vulnerability management
      • Content filtering
  • While these agents monitor and inspect different aspects of the endpoint environment, from a policy compliance perspective, there are common policies or target states of interest across each of these data sources, such as:
      • Whether the agent is running
      • Whether it is a desired or required vendor
      • Whether it is up to date with signature updates
      • Whether it is configured correctly or optimally
  • Relative weights regarding the importance of compliance for each attribute can be assigned for each monitored condition. The collection of information can then be represented in tabular form in anticipation of making the data available for matrix algebra or other linear and nonlinear analysis methods. For example, the following Table 7 shows how one operator has identified 3 data sources of interest, identified 3 attributes of interest, and assigned levels of relative importance to each data source/attribute pairing. These data sources, attributes and values are stored in the policy data store. The policy data store also contains the specific target values or thresholds for each of these attributes, e.g. the desired antivirus agent is product XYZ, the maximum age in days of the most recent anti-spyware agent is 30 days, the required configuration settings and values for the personal firewall are: no inbound access permitted, outbound access using HTTP protocol permitted, etc.
    TABLE 7
    Agent From
    Approved Required
    Vendor Updated Configuration
    Currently Within X Settings
    Data Source Running Days Enabled Total
    Antivirus agent 80 15 5 100
    Personal firewall agent 60 20 20 100
    Antispyware agent 70 25 5 100
  • It will be apparent to the reader that fewer, alternative and/or additional data sources could be used instead of those shown above. Obviously, fewer, alternative and/or additional attributes could be used instead of those shown above.
  • When the real time or periodic measurement of a given condition is in compliance relative to the security policy, all possible points are awarded. When a given condition is not in compliance relative to the policy, no points are awarded.
  • In the following example:
      • The antivirus agent is running, is from an approved vendor and has been updated recently. However one or more critical configuration settings are not set correctly.
      • The personal firewall agent is running, is from an approved vendor, has been updated recently and has configuration settings set correctly. However it has not been updated in the past 21 days.
      • There is no anti-spyware agent running on the endpoint (and possibly is not even installed on the endpoint).
  • The resulting matrix that represents the current state of the endpoint is as follows:
    Required
    Agent From Updated Configuration
    Approved Vendor Within Settings
    Data Source Currently Running 21 Days Enabled Total
    Antivirus agent 80 15 0 95
    Personal firewall 60 20 20 100
    agent
    Antispyware 0 25 5 212
    agent
  • As this is an n×n matrix, the matrix determinant can be calculated using the following Formula 1: a 1 a 2 a 3 b 1 b 2 b 3 c 1 c 2 c 3 = a 1 b 2 c 3 - a 1 b 3 c 2 - a 2 b 1 c 3 + a 2 b 3 c 1 + a 3 b 1 c 2 - a 3 b 2 c 1 = - 36 , 500 Formula 1
  • The determinant derived from assessing the current state of the endpoint can be compared against a minimum threshold defined in the policy data store 106B that must be met in order for the endpoint to be considered in compliance.
  • Matrix Method #2
  • The matrix method described above can be further extended by assigning relative weightings to the data sources, treating the resulting values as a row or column vector matrix, and performing matrix multiplication of the data source relative importance matrix and the current state matrix. This allows the evaluation of compliance in a given dimension or attribute across a number of data sources, factoring in the relative compliance importance of the different data sources.
  • For example the following vector shows how the relative weights of these data sources assigned by one user:
      • Antivirus agent: 20%
      • Personal firewall agent: 70%
      • Anti-spyware agent: 10%
  • This relative weighting can be represented as a matrix row vector: A=[0.2,0.7,0.1].
  • The relative weighting matrix and the current state matrix are multiplied using conventional matrix algebra to yield: [ 0.2 0.7 0.1 ] × [ 80 15 0 60 20 20 0 25 5 ] = [ 16.0 19.5 14.5 ]
  • Therefore, the current assessment of the endpoint's overall compliance using these sample data sources, sample relative data source weightings, sample data sources attributes, and current state values are:
      • Security applications current running using approved vendor agents compliance score: 16.0
      • Security applications recent updates compliance score: 19.5
      • Security applications current configuration compliance score: 14.5
  • These compliance scores are compared to policy-defined thresholds in order to make a compliance assessment. For example assume the following values exist for these policies in the policy store:
      • Required current running security agents with approved vendor compliance score: 20.0
      • Required security agent software and signature files currency compliance score: 15.0
      • Required security agent current configuration compliance score: 10.0
  • In this situation, the endpoint is out of compliance with regards to currently running security agents and their vendor, in compliance with regards to current configuration settings, and in compliance with regard to configuration settings.
  • It will now be apparent to the reader that these methods can be extended and/or modified in a number of ways with regards to the data sources, attributes, data source relative weightings, attribute relative weightings, compliance thresholds, etc.
  • Context-Sensitive Threshold and Weighting Adjustments to Quantitative Analytical Models for Policy Enforcement
  • In any of the numeric-base methods supported by the client, examples of which are shown above, scores, thresholds, weightings, etc. may be scaled up or down using a global weighting adjustment or discrete weighting adjustments stored as policy values in the policy data store. Similarly, situation-specific policy-based adjustments can be made to scores and thresholds for other analytical models that may be added to the policy management system in the future.
  • For example, a user directly connected to the corporate network likely benefits from levels of protection or compliance monitoring systems integrated by the employer into the local network, reducing the criticality that one or more security applications are running or correctly configured on the user's machine. Therefore, an administrator may wish to relax the minimum compliance score required to be able to access the corporate network, or specific computers and/or applications on the corporate network by a number of points. In this situation, the analysis engine would query the policy data store for the minimum compliance score required to allow a certain system event to occur, determine the user's location (e.g. on the corporate network or not), if on the corporate network determine if the minimum compliance threshold should be adjusted by retrieving the policy value for the on-campus network security adjustment policy, adjust the compliance threshold as necessary, and then finally assess the compliance state of the endpoint using this adjusted threshold.
  • Other policy-based, situation-specific or context-sensitive adjustments are possible based on endpoint state information and such adjustment capabilities are supported by the policy management system.
  • Statistics-Based Analytical Model for Policy Enforcement
  • Additional analytical methods supported by policy management system 106 are based on statistical analysis methods. These methods differ from methods previously described herein in that compliance analysis methods described below are based on evaluation of a population sample comprised of multiple data points collected over a period of time, rather than a evaluation of a single collected data point.
  • As an illustrative example of single data point methods previously described herein, the policy management system 106 can be configured via a policy setting within policy store 106B to query the operating system or an external agent within endpoint 104 every X seconds, where X is a policy-defined value (e.g. interval in seconds=60) to determine the value of any system metric, e.g. CPU utilization. This value can be passed immediately to the compliance analysis engine upon collection as an indicator of the instant CPU utilization. In this case, the sample size is one. The following examples illustrate several of the methods the client supports for utilizing larger sample sizes to assess compliance with regards to CPU utilization.
  • The ability to apply these methods to other measurable metrics on the endpoint are capabilities of the policy management system. While the examples cited here utilize CPU utilization as the metric under evaluation, the same capabilities and options can be readily applied to any other numeric endpoint metric including but not limited to:
      • Network bytes received
      • Network bytes transmitted
      • Physical memory in use
      • Queries to virtual memory
      • Free virtual memory
      • Transaction response time for specific application transactions
      • Number of times a specific application transaction occurs
      • Number of times an application is opened
      • Emails sent
      • Emails received
      • Email arrival rate (e.g. emails arriving per minute)
      • Email reception rate
      • Email attachment count
      • Email attachment size
      • Number of recipients in emails sent
      • DNS queries
      • DNS queries serviced by local DNS cache
      • ICMP messages transmitted
      • ICMP messages received
      • HTTP requests sent
      • HTTP request transmission rate
      • File open rate (e.g. files opened per minute)
      • Etc.
  • Additionally, as described previously herein, the analysis engine 106C is able to apply these methods to ratings or scores that are derived from inspecting numeric or non-numeric attributes of the endpoint, evaluating their state, comparing the current state with policy values that define numeric weightings or scores for a given state of a given endpoint attribute, and assigning a numeric value to that state. The assigned numeric value then becomes one data sample of a sample population.
  • Data Summary-Based Statistical Analysis Methods
  • The analysis engine 106C is able to utilize statistical analysis methods for assessing compliance against a single, related group or arbitrary group of numeric conditions for the purposes of calculating a central tendency value of raw (i.e. reported directly from one of various exemplary agents 104E) and/or computed (i.e. normalized by passing raw numeric or non-numeric condition identifiers and values to the analysis engine 106C and having the analysis engine query the policy data store 106B to determine the appropriate score to apply to the raw numeric or non-numeric value) condition(s), comparing the calculated value to corresponding policy values residing in the policy data store 106B that define compliance value(s) and/or ranges for the data element(s), and making an assessment about compliance of that/those data element(s). The central tendency of a value given a sample population is commonly termed an ‘average’, however that is a general term and there are in fact several statistical analysis methods for calculating the central tendency of a sample population. The analysis engine 106C does in fact support several methods as described below. The specific method used for calculating the central tendency value of a given data element is selected by the operator. It will be apparent to the reader that the nature of the distribution makes certain methods more or less appropriate or optimal.
  • Specific averaging methods supported by the analysis engine 106C include the following.
  • Mean-Based Analysis Method
  • Using an average (or mean) statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=5) at a policy-defined sampling interval (e.g. interval=60 seconds) and then calculate an average or mean value over the consecutive data samples. The average or mean value is determined by summing the values of the collected samples and then dividing the sum by the number of samples. This calculated average or mean is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. An updated average or mean is passed to the compliance assessment routine at a frequency roughly equivalent to the sampling window size, immediately following calculation of the mean.
  • Moving Average-Based Statistical Analysis Method
  • Using a moving average statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=5) at a policy-defined sampling interval (e.g. interval=60 seconds) and then calculate an average or mean value over the consecutive data samples. The average or mean value is determined by summing the values of the collected samples and then dividing the sum by the number of samples. This calculated average or mean is the value passed to the compliance assessment process at the completion of the sampling window and used in subsequent compliance analyses. An updated average or mean is passed to the compliance assessment routine at a frequency roughly equivalent to the sampling interval, immediately following calculation of the moving average over the last X samples.
  • Median-Based Statistical Analysis Method
  • Using a median statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=5) at a policy-defined sampling interval (e.g. interval=60 seconds) and then determine the midpoint between the highest and the lowest value among all the collected samples. This median value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • Mode-Based Statistical Analysis Method
  • Using a mode statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=5) at a policy-defined sampling interval (e.g. interval=60 seconds) and then determine the value that occurs most frequently among all the collected samples. This mode value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. In the event that no mode value exists, which is possible if all values in the sample population are equal, the compliance analysis engine will pass the average or mean value to the compliance assessment routine at the completion of the sampling window.
  • Geometric Mean-Based Statistical Analysis Method
  • Using a geometric mean statistical analysis method, the compliance analysis engine is configured to perform a system query, e.g. for TCP segment window size a policy-defined number of times, (e.g. count=5) at a policy-defined sampling interval (e.g. interval=60 seconds) and then determine the geometric mean of the rate of change. For example, when a new TCP connection is opened between the endpoint and a remote server application across the network, the measured values of the segment window size in successive samples might be as follows:
      • Sample 1: 604 bytes:
      • Sample 2: 72 bytes (increase of 12.5%)
      • Sample 3: 100 bytes (increase of 38.89%)
      • Sample 4: 150 bytes (increase of 50%)
      • Sample 5: 250 bytes (increase of 606.67%)
  • In this case the geometric mean is
    [1.125×1.3889×1.5×1.6667]1/4−1=0.4058=40.58%
  • This geometric mean value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • Rate-Based Statistical Analysis Method
  • Using a rate-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, CPU temperature, number of emails sent, antivirus agent compliance score, personal firewall compliance score, composite security score, etc.) two times at a policy-defined sampling interval (e.g. interval=100 seconds). The analysis engine performs a calculation of the difference between the two sampled values (or calculated compliance scores), performs a calculation of the difference between the two sampling times (or alternatively uses the policy-defined sampling interval), and divides the value difference by the time difference to obtain a rate, e.g. emails per second, change in CPU temperature per second, number of HTTP requests to a given DNS domain per minute, change in antivirus compliance score per minute, authentication failures per minute, etc. This rate value is the value passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. This rate calculation result can also be used by the client to predict the value of the data element (either raw data or calculated score) at a future time. This predicted value can be used in subsequent compliance analysis. It will be understood that rates can be determined from many other sampling processes.
  • Acceleration Rate-Based Statistical Analysis Method
  • Using an acceleration rate-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, CPU temperature number of emails sent, antivirus agent compliance, etc.) two times at a policy-defined sampling interval (e.g. interval=100 seconds). The compliance analysis engine performs a calculation of the difference between the two values, performs a calculation of the difference between the two sampling times (or alternatively uses the policy-defined sampling interval), and divides the value difference by the time difference to obtain a rate (e.g. emails per second, change in CPU temperature per second, number of HTTP requests to a given DNS domain per minute, change in antivirus compliance score per minute, authentication failures per minute, etc. Rather than passing this value to the compliance assessment routine at the completion of the sampling window as described in the previous method, the compliance analysis engine repeats this activity at a later time, where the time interval between the first rate sampling window (which collects two samples at a policy-defined sampling interval) and the second rate sampling window (which collects two additional samples at the same policy-defined sampling interval) is defined as an acceleration policy setting in the client policy data store.
  • The compliance analysis engine performs a calculation of the difference between the two rate values, performs a calculation of the difference between the two sampling times (or alternatively uses the policy-defined acceleration sampling interval), and divides the value difference by the time difference to obtain a change in rate per unit time (i.e. just as the physical property acceleration is the measurement of change in velocity per unit time, where velocity itself is the measurement of the change in distance (the raw value being measured) per unit time. This acceleration value is the value passed to the compliance assessment routine at the completion of the acceleration sampling window and used in subsequent compliance analyses. This acceleration calculation result is also able to be used by the client to predict the value of the rate at a future time. This predicted value can be used in subsequent compliance analysis.
  • Variability-Based Statistical Analysis Methods
  • The compliance analysis engine is able to utilize statistical analysis methods for assessing compliance against a single, related group or arbitrary group of data elements for the purposes of calculating the variability value of raw, computed and/or mapped data element(s), comparing the calculated variability value to corresponding policy values that define compliance value(s) and/or ranges for the data element(s), and making an assessment about compliance of that/those data element(s).
  • Specific variability methods supported by the client are set out below. The specific method that should be used for calculating the variability value of a given data element or combination of data elements is selected by the administrator, as the nature of the distribution makes certain methods more or less appropriate or optimal for evaluating compliance of a given data element or combination of data elements.
  • Min-Based, Max-Based and Range-Based Statistical Analysis Method
  • Using a minimum, maximum or range-based statistical analysis method, the client is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=5) at a policy-defined sampling interval (e.g. interval=60 seconds) and then determine the minimum and maximum values that were observed in the collected sample. If range information is necessary, the client will also calculate the range based on the observed minimum and maximum. The minimum, maximum and/or values are passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • Variance-Based Statistical Analysis Method
  • Using a variance-based statistical analysis method, the client is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=100 seconds) and then determine the variance of the collected sample using a standard formula for calculating sample variances: s 2 = 1 n - 1 × i = 1 n ( x i - x _ ) 2 where x _ = 1 n × i = 1 n x i
  • The calculated variance is passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • Standard Deviation-Based Statistical Analysis Method
  • Using a standard deviation-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=100 seconds) and then determine the standard deviation s of the collected sample, where the standard deviation is equal to the square root of the variance. The method for calculating the variance was just described in the preceding variance-based statistical analysis method description
  • The calculated standard deviation is passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • Coefficient of Variation-Based Statistical Analysis Method
  • Using a coefficient of variation (COV)-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=100 seconds) and then determine the COV of the collected sample using a standard formula for calculating COV: COV = Sample Standard Deviation Sample Mean
  • Where the sample standard deviation is equal to the square root of the sample variance, and where the sample variance is equal to: s 2 = 1 n - 1 × i = 1 n ( x i - x _ ) 2 where x _ = 1 n × i = 1 n x i
  • And where the sample mean is determined by summing the values of the collected samples and then dividing the sum by the number of samples.
  • The calculated COV is passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses.
  • Number of Occurrences-Based Statistical Analysis Method
  • Using a number of occurrences-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=1 second) and count the number of occurrences of each different value collected. The list of values and their frequency of occurrence is then passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. This method is useful in situations where the action policy is triggered based on the number of occurrences of a specific value or values of a given data element in a sampling window.
  • Occurrence Frequency-Based Statistical Analysis Method
  • Using a percentage of occurrence-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=1 second) and count the number of occurrences of each different value collected. The number of occurrences of a given value is divided by the number of samples to determine the relative frequency of occurrence of that value. This will normally be expressed as a decimal value or a percentage. The list of values and their frequency of occurrence is then passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. This method is useful in situations where the action policy is triggered based on the relative frequency of occurrences of a specific value or values of a given data element in a sampling window.
  • Cumulative Distribution-Based Statistical Analysis Method
  • Using a cumulative distribution-based statistical analysis method, the compliance analysis engine is configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=1 second), sort the collected samples in ascending order, count the number of occurrences of each different value collected and determines the relative frequency of each value as described above. The compliance analysis engine then calculates the cumulative frequency distribution of each value by adding the relative frequency of that value to the sum of the relative frequencies of all lesser values. The list of values and their cumulative frequency of occurrence is then passed to the compliance assessment routine at the completion of the sampling window and used in subsequent compliance analyses. This method is useful in situations where the action policy is triggered when the relative cumulative frequency exceeds a policy-defined threshold. For example, analysis of a sample of 100 transactions of type X concludes for this population sample that 90% of the transactions completed within 3.5 seconds. This result is compared to a predefined policy in the policy data store that specifies that 90% of type X transactions must complete within 4 seconds to determine whether or not a condition exists that warrants taking a policy-defined action on the endpoint.
  • Sampling Distribution-Based Statistical Analysis Method
  • Using a sampling distribution-based method, an administrator may measure successive values of a data element of interest a large number of times in either a controlled or typical endpoint environment to determine the distribution type, mean, variance and standard deviation of the values of that data element. Alternatively an administrator may define a target mean and standard deviation he believes reasonably describes the distribution of the values of the data element of interest. These values are stored in the client policy data store as policy values such that they can be changed in the future as needed.
  • Alternatively a policy can be enabled in the compliance analysis engine that causes the compliance analysis engine to monitor a particular data element for a period of time until a sufficiently large sample to accurately represent the population of possible data values is collected, and then calculate a mean and standard deviation for the very large sample. These values also can be stored in the client policy data store as target policy values that represent the steady state behavior of that particular data element. The monitoring and data collection activity performed by the client can be started or stopped at any time using policy settings or commands issued to the client. The calculated properties (e.g. mean, standard deviation, etc) can be discarded at a policy-defined interval (e.g. every 60 days) or date (e.g. Dec. 31, 2005) and the procedure repeated, such that the client periodically refreshes the values stored in the policy data store that describe the population.
  • These values can further be used to calculate the probability of a sample event having a value greater than a specified policy value, less than a specified policy value, or within a specified range of policy values. This capability is supported in the client by transforming the sample value into a normal random variable with mean equal to zero and a variance of one. This transformation is done by subtracting the population mean specified value and dividing the result by the population standard deviation. The client includes a standard normal distribution data table in its local data store for looking up the probability of a given value or range of values of this transformed or normalized random variable.
  • The compliance analysis engine also allows an administrator to specify a mean and/or variance threshold relative to the population's mean and/or variance for a given value of a given data element or group of data elements. The compliance analysis engine can be configured to perform a system query (e.g. CPU utilization, antivirus agent compliance, etc.) a policy-defined number of times, (e.g. count=100) at a policy-defined sampling interval (e.g. interval=1 second). The mean, variance and/or standard deviation of the sample can be calculated using standard methods such as those previously described. The calculated properties of the sample (e.g. mean, standard deviation) are then passed to the compliance assessment routine at the completion of the sampling window and compared by the compliance analysis engine to the policy-defined values that describe the population and that were previously defined by the administrator or calculated by the client. This method is useful in situations where the action policy is triggered when the properties of a sample, e.g. the mean or standard deviation, exceeds a policy-defined threshold. For example, the client locally observes a population sample of 100,000 events of a particular type, calculates the mean and the standard
  • Linear Regression-Based Analysis Method
  • Using a linear regression-based method, an administrator may measure successive values of an (x, y) data pair of interest comprised of an independent and a dependent variable. The measurement may occur a large number of times in either a controlled or typical endpoint environment to determine the coefficients (a, b) of a line equation that represents the relationship between the dependent variable (y) and the independent variable (x) using the standard line equation y=ax+b. Alternatively an administrator may define target coefficients he believes reasonably describes the fitted relationship of the values of the data pair of interest. These values are stored in the client policy data store as policy values such that they can be changed in the future as needed.
  • When the required number of samples is collected, the administrator utilizes the method of least squares for estimating the regression coefficients (a, b) of a line equation that represents the relationship between the dependent variable (y) and the independent variable (x) using the standard line equation y=ax+b, where b = n i = 1 n x i y i - [ ( i = 1 n x i ) × ( i = 1 n y i ) ] n i = 1 n x i 2 - ( i = 1 n x i ) 2
    and where a = i = 1 n y i - b i = 1 n x i n
  • These values are then stored as policy values.
  • There are several analyses methods supported by the client that can subsequently make use of these policy values. In one method supported by the compliance analysis engine, the compliance analysis engine is configured to perform a system query of a data pair of interest (e.g. response time as a function of number of bytes or records in transaction request, number of network messages transmitted per minute as a function of number of active programs, etc.) a policy-defined number of times, (e.g. count=50) at a policy-defined sampling interval (e.g. interval=1 second) or when the event actually occurs, (e.g. a message being sent to a specific remote computer). A mathematical analysis is performed to calculate the actual regression coefficients of the sample. The calculated coefficients of the sample are then passed to the compliance assessment routine and compared by the client to the policy-defined values. A compliance assessment is subsequently made.
  • In another method supported by the compliance analysis engine, the policy-defined coefficients are combined with the sampled value of the independent variable (x) to determine an estimated value of the dependent variable (y). The actual value of the dependent variable (y) is then compared to the estimated value of the dependent variable (y). If the actual value differs from the estimated value by more than a specified, policy-defined difference (positive, negative and/or absolute magnitude), a policy violation is deemed to have occurred.
  • In another method supported by the compliance analysis engine, the actual regression coefficients of the sample are used to predict the value of the dependent variable given a value of the independent variable. The predicted value of the dependent variable can then be used as a dynamically derived policy value. Should the specified value of the independent variable occur in the future, the actual value of the dependent variable at that time is compared by the compliance analysis engine with the dynamically derived policy value. If the actual value differs from the predicted value by more than a specified, policy-defined difference (positive, negative and/or absolute magnitude), a policy violation is deemed to have occurred.
  • Filtering Analysis
  • Another analytical method supported by the client is based on filtering theory. A filter in this context is a piece of purpose-built software that analyzes a particular data set, applies a threshold function of some type to that data set, and extracts only information of interest. Filtering in this context therefore is the act of extracting interesting data by applying a threshold against individual data points within a data set. Examples of the types of data the client can collect and policy-based thresholds the client can evaluate were previously described above.
  • The compliance analysis engine supports several different filtering approaches and is extensible to support future additional filtering approaches as well. One supported filtering method previously described involves by collecting a specific type of data from the environment, comparing the data point against policy-defined thresholds, and taking a policy-based action when a compliance threshold is exceeded.
  • In another filtering method supported by the client, the compliance analysis module assumes a particular aspect of the endpoint is in compliance unless otherwise notified by the data collection module. In this filtering approach, the filtering method continuously collects a specific type of data from the environment and performs a comparison of that single point of data against the policy-defined threshold for that single point of data. Only when a compliance violation is detected, is the data, or alternatively a descriptive message identifying the compliance violation, passed to an alternate compliance analysis engine responsible for combining the results of assessments of individual data points, i.e. performing a holistic compliance assessment. The overall compliance analysis module assumes complete compliance with respect to any given data element unless it is informed otherwise. This is commonly referred to as an exception-based notification system. It is an advantageous approach as the software routine responsible for determining overall assessment has to process less data and thus can more quickly reach decisions with respect to required policy enforcement actions.
  • In a statistical approach to smoothing and prediction, there must be certain statistical parameters available such as a mean function or a correlation function. In particular, there must be a difference between the values of these functions for the interesting information and the function values for the noise. The filter is set to pass interesting information and filter noise by setting the filtering level appropriately.
  • Application of Methods to all Endpoint State Data Elements
  • Many of the examples of analysis methods described herein for measuring quantitative endpoint state information utilize one or two endpoint data elements (e.g. CPU utilization, antivirus agent compliance score) as an example. These same data elements are cited as examples throughout simply for reader convenience, and the reader will realize that the invention is not thus limited. The policy management system fully supports the ability to apply these methods to any number of endpoint data elements, either raw or derived as a result of an upstream compliance assessment and calculation performed by the policy management system.
  • Application of Methods to Non-Numeric Endpoint State Information
  • The above-described models and methods for measuring quantitative endpoint state information can be applied to non-numeric compliance assessments by mapping the environmental data to numeric values using policy-defined values, as noted above.
  • As an example, the state of the antivirus agent and a review of policy settings might result in an antivirus compliance score of 65 points or 65%. Rather than treat this as a single data point and form an immediate compliance assessment, it might be preferable to sample the antivirus agent state information at a periodic interval for a period of time, where both the sampling interval and sampling window are policy-defined values, calculate the compliance score at each sampling, and treat the collection of compliance scores as a population sample. Such capabilities are supported by the policy management system. While this example cites the translation of antivirus agent state information into an antivirus compliance score, translation of other endpoint state information such as those data elements previously identified herein into compliance scores is also supported by the present invention. Collection of population samples of numeric compliance scores for other pieces of endpoint state information is likewise supported by the present invention.
  • Application of Analytical Methods to Composite Endpoint Compliance Assessments
  • Just as statistical and other analytical methods can be applied to compliance assessments of discrete data elements (e.g. CPU utilization) or data sources (e.g. antivirus agent state including version, running state, vendor, date of last signatures update, configuration settings, etc.), these methods can also be applied to composite compliance assessments.
  • In a previous example, the real time compliance assessment at a given point was as follows:
    Raw Agent
    score Threshold Relative Adjusted score
    Sensor (points) (points) Weighting (points)
    Antivirus agent 65 75 15% 9.75
    Personal firewall agent 93 90 70% 65.1
    Antispyware agent 0 70 100% 0
    Content filtering agent 100 60 5% 5
    Composite Score 79.95
    Composite Threshold 75.00
  • As previously mentioned, the policy management system is able to use statistical and other analysis methods to calculate one or more raw score inputs into this composite score.
  • The policy management system is also able to use statistical analysis methods cited above, including but not limited to mean, median, mode, moving average and geometric mean to calculate a composite score by applying a statistical analysis method to a population sample of individual composite scores calculated at different times. Sampling intervals and sample count are controlled via policy settings. The policy management system is able to perform this function using all of the statistical analysis methods previously described. The client is able to perform this function for all monitored data elements and all composite scoring functions.
  • Exception Reporting of Analyses Result
  • Recalling the exception-based optional approach previously described, in another embodiment the instant CPU utilization, the average CPU utilization, or moving average CPU utilization can be reported every time the value is determined, or only reported when it exceeds a policy defined threshold.
  • Non-Exclusivity of Analyses Methods
  • In the examples cited, the instant CPU utilization, average CPU utilization, moving average, etc. are distinctly different data elements, however the different data elements can be used simultaneously for different compliance evaluation purposes, i.e. collection and usage of instant CPU utilization and average CPU utilization are not mutually exclusive. For example, one compliance evaluation method may require the instant CPU utilization value in order to perform a compliance evaluation, whereas a different compliance evaluation method may simultaneously require the average CPU utilization in order to perform a compliance evaluation. The present invention supports the ability to use these different measurement methods for different compliance tests using the same data source simultaneously. The present invention further supports this simultaneous use capability for all other supported monitored data sources as well, including both numeric sources and non-numeric sources that are converted to numeric values or scores.
  • Combining Analyses Methods
  • In the examples cited herein, average, mode, moving average, coefficient of variation, standard deviation, etc. are different analysis methods supported by the policy management system. It will be understood that the policy management system provides the ability to use logical combinations (e.g. AND, OR, ELSE, IF, THEN, NOT, etc.) of different compliance measurement methods for performing compliance evaluation of the same data element or group of data elements simultaneously. Examples of policy-driven capabilities of the policy management system include:
      • CPU utilization policy: Median of past 100 consecutive samples must be less than 98% AND trailing 5 minute moving average must be less than 80%
      • File open rate policy: Mean of past 5 consecutive samples must be less than 100 AND standard deviation on those same samples must be less than 7.
      • Antivirus compliance policy: Most recent calculation of antivirus compliance based on most recent antivirus state inspection must have a compliance score greater than 50 OR mean of past 5 consecutive samples must be greater than 70.
  • The policy management system supports this simultaneous use capability for all other supported monitored data elements as well, including both numeric sources and non-numeric sources that are mapped to numeric values or scores.
  • Similarly, it is important to note that simultaneously used combinations of these methods, as well as other methods cited herein are possible and are supported by the policy management system. For example, the business rules method cited previously could be used for compliance monitoring and enforcement with regards to physical ports on the endpoint, such as USB ports, serial ports, printer ports, IR or RF communication ports, etc., while the Boolean rules method cited previously could be used for compliance monitoring and enforcement with regards to permitted applications, while a matrix algebra method could simultaneously be used for compliance monitoring and enforcement with regards to network connectivity or VPN tunnel establishment. Other combinations are of course possible as well. These combinations are considered in accordance with one of the above-described methods, for example in Boolean combinations or as otherwise described herein. Such combinations are also supported by the policy management system.
  • Real Time Adjustment of Sampling Frequency
  • When an endpoint is compliant with security policies, a reduction in endpoint inspection frequency reduces the load on the system, e.g. memory, file access, etc. Conversely, when an endpoint is out of compliance, and in particular when certain critical security situations exist, it is appropriate to inspect the endpoint with much higher frequency so that a highly up-to-date view of the endpoint's state exists at all times. Therefore condition data relating to monitored items (e.g. CPU utilization, antivirus compliance score, security agents composite compliance score, etc.) can be collected at different sampling intervals, for thresholds (or the range) above which or below which the new sampling frequency parameters take effect. The policy management system provides the ability to support this very capability through the use of policy settings where these parameters can be specified and configured.
  • Managing Endpoint and Host Operation
  • Continuing with reference to FIG. 2, when policy violations are detected it may be desired to take one or more discrete actions to either bring the endpoint into compliance, prevent harm from coming to the local and/or remote computers, restrict user actions, or perform any number of different actions (step 212). Examples of discrete actions which may be initiated by policy management system 106, and executed by host system 102, and endpoint system 104, include those set out below. The solution is extensible to allow additional actions to be added in the future and configurable to allow different groups to customize different actions to best meet their needs. It will be understood that that the process of managing the endpoint and host operations repeats as frequently as necessary (step 214). As noted herein above, it may be desirable to repeat the steps, including the collection of data, analysis of data, and the management of the systems, multiple times during a single connection session.
  • With reference back again to FIG. 4, there is shown how the above described operation of compliance analysis engine 106C results in the generation of output actions 402, these actions used to control the operation of the agents within the endpoint. These policy actions are selected based upon the above-described comparison of the state of the conditions 14F in comparison to the compliance rules in data store 16B, and specify actions to permit, prevent or automatically initiate on the endpoint. Policy actions may be endpoint actions allowed to take place because the endpoint system 104 is in compliance with security policies, actions to take to partially or wholly restrict access to endpoint resources because the endpoint system 104 is not in compliance with security policies, or a combination thereof. Additionally, the invention may log event information locally in the policy data store and/or create and transmit event and state information across a data communications network to a remote policy management system 106 or a remote computer for logging, operator notification, transaction triggering, reporting, or other administrative purposes. FIG. 4 in particular illustrates the notion of endpoint agent closed loop control feedback as a central part of the invention where endpoint policy actions taken may be targeted to a one or more specific endpoint agents 104E as a direct result of endpoint condition information 104F obtained from that endpoint agent 104E and other various exemplary agents. For example the antivirus agent may be queried for its current state. That information may then be combined with other information from other endpoint agents and analyzed by the analysis engine 106C to determine if any noncompliance conditions exist. If so, the invention may direct the antivirus agent to take specific actions, change internal configuration settings, etc. to bring the endpoint back into compliance or to block or permit certain system or operator activities.
  • Examples of specific endpoint policy actions the invention is able to take are itemized previously in this document. Additional examples of endpoint actions the invention is able to take are now shown:
      • Certificate Actions
        • Grant or deny access to a locally stored digital certificate
        • Transmit a certificate revocation request message
      • Login Account Actions
        • Disable login account
        • Expire password
        • Initiate password reset
        • Automatically log a user out of an application, the system, a secure connection, etc.
      • Operating System Actions
        • Halt a named memory-resident process
        • Delete a specific file
        • Rename a specific file
        • Change the attribute of a file from read/write to read only, or reverse
        • Change the attribute of a folder from read/write to read only, or reverse
        • Etc.
      • System Hardware Actions
        • Enable or disable a parallel port
        • Enable or disable a serial port
        • Enable or disable a USB port
        • etc
      • Application Actions
        • General:
          • Launch a named application
          • Uninstall a named application
          • etc.
        • Email:
          • Adjust bandwidth available to email application
          • Remove recipients from outbound emails
          • Discard email
          • etc.
        • Application transactions
          • Initiation or blocking of specific transaction types for named applications
      • VPN Client Actions
        • Establish VPN tunnel
        • Disconnect VPN tunnel
        • Establish VPN tunnel to a specified VPN server
        • Update VPN profile
      • Antivirus Agent Actions
        • Delete a malicious file
        • Quarantine or otherwise disable a malicious file
        • Quarantine or otherwise disable infected files
      • Personal Firewall Agent Actions
        • Block outbound access from specific application(s)
        • Block outbound access to specific destination IP address(es)
        • Block outbound from specific communication protocols, e.g. TCP, HTTP, policy management client-server protocol, etc.)
        • etc.
      • Content Filtering Agent Actions
        • Block outbound access to specific DNS hostnames (e.g. www.cnn.com,) or specific realm(s) (e.g. *.si.com)
      • Spyware Management Agent Actions
        • Delete a malicious file
        • Quarantine or otherwise disable a malicious file
        • Prevent specific software from loading into memory
      • File System Actions
        • Delete a named file
        • Set the attributes of a named file to read-only
        • Move a named file to a specified local or remote location
        • etc.
      • Data Backup Actions
        • Initiate partial or full backup
        • Initiate a local or remote backup of selected files and/or folders.
        • Suspend a backup process
        • Restart/Resume a backup process
      • Data Access Actions
        • Restrict access privileges to specific data sources
        • Block write access privileges to specific data sources
        • Restrict copy privileges for specific data sources
        • etc.
      • Network Connectivity Actions
        • Permit or deny network connectivity on a named dial adapter
        • Permit or deny network connectivity on a named network adapter
        • Change TCP window size to throttle bandwidth consumption for all applications, for selected applications, for all communication protocols, and/or for selected communications protocols, for traffic destined to a specific destination IP address or address range, etc.
        • etc.
      • Network Services Actions
        • Disable DNS
        • Add default DNS server to endpoint configuration settings
        • Add entry to hosts file
        • etc.
      • Access Control List Actions
        • Permit or deny network access to an enumerated list of IP addresses or IP network numbers
        • Permit or deny network access to an enumerated list of TCP or UDP ports or port ranges
        • Permit or deny network access to an enumerated list of applications
      • Alerting Actions
        • Sending an email alert to a named email address
        • Send an alert to the user interface so the user is aware of the endpoint's state
        • Send an alert to the user interface so the user is aware of the policy violations
        • etc.
      • Logging Actions
        • Log the policy violation(s) detected on the local machine
        • Send a policy violation(s) log message to a remote machine
      • User Actions, Applications, Results, Restrictions, etc. Dimension (the OUTPUT dimension)
        • Allow certain applications
        • Block VPN connectivity
        • Execute remediate actions (could be nested depending upon issues remediated)
      • etc.
  • As noted and described above, examples and illustrations throughout are illustrative and not limiting. Numerous others will occur to the reader.
  • Having analyzed conditions and compared existing conditions to required conditions as described in the policy data store 106B, the analysis engine 106C determines what actions to initiate (step 212). The analysis engine 106C and it's operative models and algorithms provide the ability to proactively take an exhaustive and extensible list of permissive, corrective or restrictive actions. The actions can be taken immediately, scheduled to occur at some future point in time, upon completion of some predefined system event, or as a prerequisite to some predefined system event. The actions when taken can also be logged by the agent and made available to a central management reporting console. Also, the actions may result in notifications or alerts being displayed to the end user, and/or uploaded to a central management reporting console.
  • For example the analysis engine can initiate the following actions:
      • User management:
        • Disable a login account
        • Automatically log a user out of an application, the system, a secure connection, etc.
        • Require an immediate password reset.
      • Application management:
        • Launch a specified application
        • Tear down a specified application
        • Prevent a specified application from launching
        • etc.
      • Operating system management
        • Reprioritize running processes and threads
      • Network management:
        • Prevent network connectivity to a local network
        • Prevent network connectivity to a remote network
        • Prevent use of one or more network adapters
        • Etc.
      • Personal firewall:
        • Modify access control policies being enforced by firewall
        • Update access control list
      • VPN client:
        • Change tunnel state
        • Force profile
      • Data management:
        • Restrict access privileges to specific data sources
        • Block write access privileges to specific data sources
        • Restrict copy privileges for specific data sources
        • etc.
      • Application specific management:
        • Initiation or blocking of specific application transaction types
      • IT notification:
        • upon a new, previously unknown event, send an alert to a mail server to notify IT admin describing the issue and providing 2 links, one for approve, one for deny. IT selects one, clicks link, and is taken to web page where he logs in and submits the policy definition.
          With respect to actions that may be initiated regarding hardware remediation:
      • Issue end point software and/or hardware information update to IT asset management system
      • Issue repair request to IT computing hardware repair system
      • Issue device theft/loss message to IT asset management tracking system
      • etc.
        Communication of Endpoint State Information, Endpoint Compliance Analysis Results and/or Compliance Actions to a Remote Computer
  • There are a number of alternative implementations for how the invention can be instantiated and operated. Several examples of implementation methods supported by the invention follow. This list is exemplary and not exhaustive; others will now be apparent to the reader.
  • Implementation Method 1—Endpoint System 104 Only
  • In this implementation scenario, all components are deployed on the endpoint system 104 being managed. This implementation is representative of a consumer-type offering where the system owner, invention operator, system administrator and invention administrator roles are all performed by the same single person. In this implementation, the logical components of the invention might be distributed across different systems as follows:
      • Endpoint System 104 Components:
        • Endpoint state data collection of conditions
        • Endpoint state data analysis
        • Compliance analysis engine
        • Policy-based actions
        • Policy data store
        • Policy management functions
        • Reporting functions
        • (all as described above)
      • Policy management system 106 components:
        • None
      • Host system 102 components:
        • None
          Implementation Method 2—Centralized Endpoint System Policy Management
  • In this implementation, a central management user interface 106A on the policy management system 106 is used to configure policies that are then saved to a central policy data store 106B. The policies are synchronized or replicated to local policy databases residing in the endpoint system 104, for example in data store 104B, on a periodic basis when the endpoint system 104 checks in with the policy management system 106 to see if updates are available. An analysis engine, performing generally the same functions as engine 106C, residing on the endpoint system 104 is responsible for enforcing all compliance policies on the endpoint system 104 in accordance with policies received from the policy management system 106. This implementation is representative of a corporate-type offering or a managed services-type offering as might be provided by a service provider firm, where the endpoint system user is different from the endpoint system administrator or invention administrator roles. In this implementation, an exemplary distribution of invention components across different systems is as follows:
      • Endpoint system 104 components:
        • Endpoint state data collection of conditions
        • Endpoint state data analysis
        • Compliance analysis engine
        • Policy-based actions
        • Policy data store
        • Policy management console
        • Reporting console
        • (all as described above)
      • Policy management system 106 components:
        • Policy data store
        • Policy management functions
        • Reporting functions
      • Host system 102 components:
        • None
  • In this implementation, conditions information, compliance violations and policy enforcement actions can be logged locally on the endpoint system 104 and/or uploaded to any remote computer over a data communications network for centralized management reporting purposes. Data received from multiple endpoint systems 104 can also be aggregated for additional management reports. Information logged locally on the endpoint system 104 can also be viewed locally on the endpoint system by an operator of that system.
  • Implementation Method 3—Centralized Host System Policy Management
  • In this implementation scenario, a central management user interface 106A on the policy management system 106 is used to configure policies that are then saved to a central policy data store 106B. The policies are synchronized or replicated to a local policy database residing on the host system 102, for example in data store 102B, on a periodic basis when the host system 102 checks in with the policy management system 106 to see if updates are available. An analysis engine residing on the host system 102, performing generally the same functions as described with respect to engine 106B, is responsible for enforcing all compliance policies on the host system 102 in accordance with policies received from the policy management system 106. This implementation is representative of a client-server type application environment where client applications (e.g. web browser, database client, etc.) residing on endpoint systems 104 initiate communication sessions with server applications (e.g. web server, database management system, etc.) residing on host system 102 to upload and/or download application-specific data. In this type of client-server environment, it is important to ensure the host system 102 is protected at all times so that the host system 102 can not be compromised by a rogue endpoint system 104, or so that the host system 102 is prevented from sending malicious data or software code to endpoint system 104. In this implementation, an exemplary distribution of invention components across different systems is as follows:
      • Endpoint system 104 components:
        • None
      • Policy management system 106 components:
        • Policy data store
        • Policy management functions
        • Reporting functions
      • Host system 102 components:
        • Endpoint state data collection of conditions
        • Endpoint state data analysis
        • Compliance analysis engine
        • Policy-based actions
        • Policy data store
        • Policy management functions
        • Reporting functions
        • (all as described above)
  • In this implementation, conditions information, compliance violations and policy enforcement actions can be logged locally on the host system 102 and/or uploaded to any remote computer over a data communications network for centralized management reporting purposes. Data received from multiple host systems 102 can also be aggregated for additional management reports. Information logged locally on the host system 102 can also be viewed locally on the endpoint system by an operator of that system.
  • Implementation Method 4—Centralized Analysis Engine and Compliance Analysis of Individual Systems
  • In this implementation scenario, a policy management system 106 is used to configure compliance policies that are then saved to a policy data store 106B. Policies are also defined that identify what conditions 104F should be monitored by the agent monitoring components 104D, E residing on endpoint system 104 and/or host system 102. These policies are also stored in the policy data store 106B. Monitoring policies are subsequently distributed to endpoint system 104 and/or host system 102 periodically. An agent monitoring module residing on the endpoint system 104, performing generally this same functions as described with respect to engine 106B, collects endpoint condition information 104F and transmits it to the policy management system 106 where compliance analysis is performed using an analysis engine 106C. The analysis engine residing on the endpoint system (or equally the analysis engine residing on the host system 102) does not perform compliance analysis. The analysis engine 106B in the policy management system 106 decides what policy enforcement actions are necessary. The policy enforcement decisions are sent from the policy management system 106 to the endpoint system 104 or the host system 104 as appropriate where the local system executes the policy enforcement actions as instructed by the policy management system 106. In this implementation, an exemplary distribution of invention components across different systems is as follows:
      • Endpoint system 104 components:
        • Endpoint state data collection of conditions
        • Policy-based actions
      • Policy management system 106 components:
        • Policy data store
        • Policy management functions
        • Reporting functions
        • Compliance analysis engine
        • Identification of policy-based actions to take
      • Host system 102 components:
        • Endpoint state data collection of conditions
        • Policy-based actions
          Implementation Method 5—Centralized Analysis Engine and Compliance Analysis of Multiple Systems
  • In this implementation scenario, a policy management system 106 is used to configure compliance policies that are then saved to a policy data store 106B. The policy management system 106 can create one set of compliance policies it uses locally in its own analysis engine 106B and one or more sets of compliance policies it distributes to endpoint systems. Different sets of compliance policies may have the same or different values regarding items monitored, compliance thresholds, analysis methods to use, etc. Policies are also defined that identify what conditions 104F should be monitored by the agent monitoring components 104C, D residing on endpoint system 104 and/or host system 102. These policies are also stored in the policy data store 106B. Monitoring policies are subsequently distributed to endpoint system 104 and/or host system 102 periodically. An agent monitoring module residing on the endpoint system 104, performing generally the same functions as described with respect to engine 106C, collects endpoint condition information 104F and forwards the aggregate data set of endpoint condition information 104 to the local analysis engine residing on the endpoint system.
  • A host system 102 if similarly configured would behave in a similar way. Thus the analysis engine local to the endpoint system collects endpoint state data, performs local compliance analysis and makes local policy action decisions. In addition to the local system (endpoint system 104 and/or host system 102) analyzing the condition information, the local system uploads the information to the policy management system 106. The analysis engine 106C residing in the policy management system 106 examines the aggregated set of condition information across multiple or all endpoint systems simultaneously using one or more analytical methods previously described herein, e.g. a statistical analysis method, in order to look for trends across the endpoint population and to assess the overall level of compliance across the entire endpoint system population or across a specific endpoint system population sample, and will reach compliance decisions that are independent of and indeed may be different from compliance decisions made on endpoint systems due to different policy values used by the endpoint analysis engine and the policy management system analysis engine. The policy management system 106 will subsequently identify one or more policy enforcement actions that need to be taken, identify specific endpoint systems 104, 102 on which those actions need to be taken and send messages to the appropriate endpoint systems containing policy enforcement instructions. The policy management system will also send one or more policy enforcement action instructions to network access control devices such as VPN gateway, router, switch, remote access server, etc.
  • In this implementation, an exemplary distribution of invention components across different systems is as follows:
      • Endpoint system 104 components:
        • Endpoint state data collection of conditions
        • Endpoint state data analysis
        • Compliance analysis
        • Policy-based actions
        • Policy data store
        • Policy management functions
        • Reporting functions
      • Policy management system 106 components:
        • Policy data store
        • Policy management functions
        • Reporting functions
        • Endpoint state data collection of conditions
        • Endpoint state data analysis
        • Compliance analysis engine
        • Identification of policy-based actions to take and identification of specific endpoint and/or host systems that should take those actions.
      • Host system 102 components:
        • Endpoint state data collection of conditions
        • Endpoint state data analysis
        • Compliance analysis
        • Policy-based actions
        • Policy data store
        • Policy management functions
        • Reporting functions
          Implementation Method 6—Policy Management System as In-Band Access Control Mechanism
  • In this implementation scenario, a policy management system 106 is used to configure compliance policies that are then saved to a policy data store 106B. Policies identify what conditions 104F should be monitored by the agent monitoring components 104C, D residing on endpoint system 104 and/or host system 102. The policy management system is integrated with a network access control function such that user or application data exchanged between endpoint system 104 and host system 102 must pass through the combined policy management system/network access control function. When the endpoint system 104 tries to access the host system 102, the access control function challenges the endpoint system 104 to provide condition information (i.e. inputs to the endpoint analysis engine) and/or compliance evaluation results (i.e. outputs from the endpoint analysis engine). When the endpoint system 104 returns the requested information, the access control function relays the information to the policy management system 106.
  • The policy management system 106 evaluates the compliance state of the endpoint system 104 based on information provided by the endpoint system 104 and policy data residing in the policy management system policy data store 106B. The policy management system 106 then makes one or more access control decisions. Access decisions might result in unrestricted access, total denial of access or partially restricted access (e.g. specific destination IP addresses, address ranges, applications, protocols, etc.) to network resources such as applications residing on host system 102. The access control decisions made by the policy management system 106 are passed to the access control function. The access control function then automatically configures one or more access control rules for that endpoint system 104. Thereafter all endpoint system 104 data traffic sent through the access control function is either permitted or blocked in accordance with those access control rules. The access control function periodically issues challenges to the endpoint system 104 over the life of a communications session. The challenge requires the endpoint system 104 to re-submit compliance information in order to be permitted to maintain an active session with the network access function.
  • As the policy management system functionality and the access control function are two separate functions, they can be installed together on a shared computing device or alternatively can be installed separately on two different computing devices interconnected by a data communications network.
  • It will be obvious that the several methods just described are complementary. As such, various combinations of these methods are possible and are within the scope of this invention.
  • Data Sharing
  • The raw condition information collected by the agent monitor 104C, the compliance analysis conclusions reached by the analysis engine 106C, and/or compliance actions identified as necessary by the analysis engine 106C is available to external security-centric or other software agents running on the same system via the invention's API. The information is also available to remote systems via data communications networks and traditional client-server communication protocols (e.g. HTTP) or peer-to-peer communications protocols. This allows information collected or conclusions created by the invention to be utilized by other software and network access agents as part of their host or network assessment process.
  • While the various endpoint, host and policy management systems are described as communicating directly with one—another, it will be understood that the invention is not thus limited. Numerous intermediary parties may be associated with the collection and forwarding of agent information from endpoint system 104 to policy management system 106. Further, numerous additional intermediary systems may be associated with communicating the policy assessment and action information from policy management system 106 to host system 102.
  • Remote Administrator Notification and Control
  • The analysis engine 106C can be configured via policy settings to send a message to an administrator via a conventional data communications network and a commonly available data communications protocol, (e.g. via POP, SMTP, FTP, HTTP, etc.) when a specific policy event occurs, for example a specific noncompliance condition. Additionally, messages can be sent to an administrator when an unrecognized event occurs. In one embodiment, a message could be sent from the client to a policy-defined server using email or any other communication method. The server would in term create or forward an email message to a policy defined email address. The email can contain a description of the event and 2 links: One to approve the action and one to deny the action. Clicking on the link would causes the IT administrator's web browser to open and send an HTTP request to the policy management server. There the IT administrator can be authenticated and prompted to confirm his intent and desires on the particular policy question. When the IT administrator successfully authenticates and submits the transaction, the policy setting is updated on the server policy data store. The next time the client (or any client in the same policy group) checks in with the server, it will automatically retrieve and apply the updated policy. Other embodiments for sending policy event notifications to an administrator are also possible and are within the scope of this invention.
  • There have thus been provided new and improved methods and systems for securing access to electronic resources, for example remote access to a host system and resources. The present invention applies one or more compliance assessment algorithms to collected system conditions, comparing the results to a security policy to determine if the system is in compliance with a security policy. One or more actions may be taken responsively. The present invention can use one or more of a variety of algorithms to assess large numbers of state conditions, making decisions based upon an essentially infinitely flexible security policy. The invention has commercial application in the field of electronic resource security.
  • Advantages of the invention include, without limitation:
      • Heightened awareness and dynamic, autonomous adjustment to alert and enforcement thresholds based on condition data.
      • Having a host system self-modulate what local resources are allowed to be accessed by remote systems based on its own self-assessment of conditions
      • Having a policy management system alert a host system regarding conditions on the network as a whole (i.e. a plurality of end points) or specific end points and either A) explicitly instruct the host system regarding what local resources can be accessed by remote systems, or B) alert the host of conditions such that the host is able to incorporate this data into its own self assessment and subsequently self-modulate what local resources are allowed to be accessed by remote systems based on its own self-assessment of conditions
      • The use of industry standard vulnerability scores or risk indexes associated with published vulnerabilities, i.e. para 0053 and subsequent
      • The conversion of non-quantitative end point state info, or conditions into quantitative values
      • The use of quantitative analysis models in end point inspection, analysis and policy enforcement
      • Extensibility to support different and future quant models
      • Simultaneous and concurrent use of different analysis models, both quant and non quant to inspect different aspects of the end point
      • Granular inspections and a wide multitude of conditions data collected) in order to assess the end point state from a more holistic level
      • Granular and wide ranging policy enforcement capabilities, i.e. ability to influence a number of agents and conditions simultaneously
      • Specific use of the quant models defined herein
      • Extensibility of condition inspection capabilities
      • Extensibility of agents integrated with
      • Extensibility of compliance policies
      • Extensibility of policy enforcement actions
      • Ability to define compliance policies in terms of logical combinations of conditions
      • Ability to define compliance policies in terms of quantitative terms
      • Ability to define compliance policies for non quant conditions in quant terms
      • Ability to combine analysis methods and create N-stage analysis sequences
      • the notion of graduated levels of compliance and graduated levels of local permissions/restrictions depending on your level of compliance
  • While the invention has been shown and described with respect to particular embodiments, it is not thus limited. Numerous modifications, changes, enhancements and improvements within the scope of the invention will now be apparent to the reader.

Claims (28)

1. A method operable on a computer for controlling the operation of a computing system in response to a security vulnerability, comprising:
the computing system running software subject to at least one security vulnerability;
establishing a policy based on the status of the at least one security vulnerability including at least one rule and an analysis method for determining compliance with the rule;
receiving information relating to the status of the at least one security vulnerability of the software program;
processing the information relating to the status using the analysis method;
determining, based on the processing, the compliance of the at least one security vulnerability in relation to the rule; and
controlling, based on the determining, the operation of the computing system.
2. The method of claim 1 wherein the software is a commercial product and the information relating to the status of the at least one known security vulnerability is made available to users of the software.
3. The method of claim 2 wherein the step of receiving information includes the steps of:
identifying a remote data repository wherein the information relating to the status of the at least one security vulnerability is available;
periodically checking the remote data repository to determine the availability of the information relating to the status; and
retrieving the information relating to the status.
4. The method of claim 3 wherein the step of receiving information further includes the step of storing locally the information relating to the status.
5. The method of claim 4 wherein the information relating to the status is selected from the group including a quantitative value and a non-quantitative value.
6. The method of claim 5 and further including the step of, prior to the processing, converting a non-quantitative value to a quantitative value.
7. The method of claim 6 wherein the analysis method is a quantitative analysis method.
8. The method of claim 1 wherein the step of controlling includes the step of taking a first action to negate the security vulnerability.
9. The method of claim 8 further including the steps of:
determining if the first action to negate the security vulnerability was successful; and
taking, if the first action to negate the security vulnerability was not successful, a second action to diminish the threat of the security vulnerability.
10. The method of claim 9 wherein the second action is selected from a list comprising restricting access to a resource accessible using the computing system, automatically initiating an update to the software and automatically notifying an operator of the computing system.
11. The method of claim 1 and further including the steps of:
identifying within the computing system a plurality of conditions, each condition having a state; and
the policy further based upon the state of the conditions.
12. The method of claim 11 wherein at least one condition state is a quantitative value and at least one condition state is a non-quantitative value and wherein the analysis method includes the combination of a quantitative analysis method and a non-quantitative analysis method.
13. The method of claim 11 wherein the step of identifying includes using a software agent.
14. The method of claim 13 wherein the step of controlling includes transmitting to the software agent an instruction to take an action.
15. The method of claim 1 wherein the computing system comprises at least one of a host computing system including a computing resource and an end point computing system pursuing access to the resource of the host computing system.
16. The method of claim 15 wherein the steps of establishing, receiving, processing, determining, and controlling are performed on at least one of the group comprising the computing system, the endpoint computing system and a policy management system connected to at least one of the computing system and the endpoint computing system.
17. A system for controlling the operation of a computing system in response to a security vulnerability, comprising:
a processor;
a memory connected to the processor and storing instructions for controlling the operation of the processor to perform the steps of
identifying the computing system running software subject to at least one security vulnerability;
storing a policy based on the status of the at least one security vulnerability including at least one rule and an analysis method for determining compliance with the rule;
receiving information relating to the status of the at least one known security vulnerability of the software program;
processing the information relating to the status using the analysis method;
determining, based on the processing, the compliance of the at least one security vulnerability in relation to the rule; and
controlling, based on the determining, the operation of the host computing system.
17. A method operable on a computer for controlling the access of an endpoint computing system to a host computing system in response to a security vulnerability, comprising:
identifying within at least one of the endpoint and host systems a plurality of conditions, each condition having a state;
operating on at least one of the host computing system and the endpoint computing system a software program subject to at least one security vulnerability;
establishing a policy based on the status of the at least one security vulnerability and the state of each of the plurality of conditions, the policy including at least one rule and an analysis method for determining compliance with the rule;
receiving information relating to the status of the at least one known security vulnerability of the software program;
receiving information relating to the state of each of the plurality of conditions;
processing the information relating to the status of the at least one known security vulnerability and the state of each of the plurality of conditions using the analysis method;
determining, based on the processing, the compliance of the at least one security vulnerability and the plurality of conditions with the rule; and
controlling, based on the determining, access of the endpoint system to a resource of the host computing system.
18. The method of claim 17 wherein the step of receiving information relating to the status of the security vulnerability includes the steps of:
identifying a remote data repository wherein the information relating to the status of the at least one known security vulnerability is available;
periodically checking the remote data repository to determine the availability of the information relating to the status; and
retrieving the information relating to the status.
19. The method of claim 18 wherein the step of receiving information further includes the step of storing locally the information relating to the status.
20. The method of claim 17 wherein the step of receiving information relating to the state of each of the plurality of conditions includes using a plurality of software agents to collect state information and at least one manager to aggregate the state information collected by the software agents.
21. A system for controlling the access of an endpoint computing system to a host computing system in response to a security vulnerability, comprising:
means for identifying within at least one of the endpoint and host systems a plurality of conditions, each condition having a state;
means for operating on at least one of the host computing system and the endpoint computing system a software program subject to at least one security vulnerability;
means for establishing a policy based on the status of the at least one security vulnerability and the state of each of the plurality of conditions, the policy including at least one rule and an analysis method for determining compliance with the rule;
means for receiving information relating to the status of the at least one known security vulnerability of the software program;
means for receiving information relating to the state of each of the plurality of conditions;
means for processing the information relating to the status of the at least one known security vulnerability and the state of each of the plurality of conditions using the analysis method;
means for determining, based on the processing, the compliance of the at least one security vulnerability and the plurality of conditions with the rule; and
means for controlling, based on the determining, access of the endpoint system to a resource of the host computing system.
22. A method for generating signals to control the access of an endpoint computing system to a resource in a host computing system, comprising:
collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system;
collecting a status of a known security vulnerability for a software program operating on at least one of the host computing system and the endpoint computing system;
identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule;
processing, using the analysis method, the state of each of the plurality of conditions and the status of the known security vulnerability;
determining, based upon the processing, if the conditions and the known security vulnerability are in compliance with the rule; and
generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource.
23. The method of claim 22 wherein the endpoint computing system is selected from the group including a user of the host computing system and an endpoint computing system separate from the host system.
24. A program product containing instructions to control the operation of a computing system to control the access of an endpoint computing system to a resource in a host computing system, the instructions operable on the computing system to cause the computing system to perform a process comprising:
collecting a state for each of a plurality of conditions in at least one of the endpoint computing system and the host computing system;
collecting a status of a known security vulnerability for a software program operating on at least one of the host computing system and the endpoint computing system;
identifying a policy for determining access of the endpoint computing system to the resource, the policy including at least one rule and an analysis method for determining compliance with the rule;
processing, using the analysis method, the state of each of the plurality of conditions and the status of the known security vulnerability;
determining, based upon the processing, if the conditions and the known security vulnerability are in compliance with the rule; and
generating, based upon the determining, a signal usable to control the access of the endpoint computing system to the resource.
25. A method for developing a compliance policy to control the access of an endpoint computing system to a resource in a host computing system, comprising:
identifying a plurality of conditions in at least one of the endpoint computing system and the host computing system, each of the plurality of conditions including an associated state, at least one of the plurality of conditions relating to a risk of a known security vulnerability; and
developing a policy for determining the access of the endpoint computing system to the resource, the policy including a rule and at least one analysis method for processing the states of the plurality of conditions to determine if the plurality of conditions are in compliance with the rule.
27. The method of claim 25 wherein the at least one condition relating to a risk of a known security vulnerability includes a state determined at least in part by security risk information provided by a third-party.
28. A system for developing a compliance policy to control the access of an endpoint computing system to a resource in a host computing system, comprising:
means for identifying a plurality of conditions in at least one of the endpoint computing system and the host computing system, each of the plurality of conditions including an associated state, at least one of the plurality of conditions relating to a risk of a known security vulnerability; and
means for developing a policy for determining the access of the endpoint computing system to the resource, the policy including a rule and at least one analysis method for processing the states of the plurality of conditions to determine if the plurality of conditions are in compliance with the rule.
US11/451,950 2005-12-21 2006-06-13 Method and systems for controlling access to computing resources based on known security vulnerabilities Abandoned US20070143851A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US11/451,950 US20070143851A1 (en) 2005-12-21 2006-06-13 Method and systems for controlling access to computing resources based on known security vulnerabilities
EP06847879A EP1917757A2 (en) 2005-12-21 2006-12-20 Methods and systems for intelligently controlling access to computing resources
PCT/US2006/048720 WO2007075850A2 (en) 2005-12-21 2006-12-20 Methods and systems for controlling access to computing resources
US13/587,505 US8955038B2 (en) 2005-12-21 2012-08-16 Methods and systems for controlling access to computing resources based on known security vulnerabilities
US14/618,685 US9608997B2 (en) 2005-12-21 2015-02-10 Methods and systems for controlling access to computing resources based on known security vulnerabilities
US15/470,509 US9923918B2 (en) 2005-12-21 2017-03-27 Methods and systems for controlling access to computing resources based on known security vulnerabilities

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US75242405P 2005-12-21 2005-12-21
US11/451,950 US20070143851A1 (en) 2005-12-21 2006-06-13 Method and systems for controlling access to computing resources based on known security vulnerabilities

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/587,505 Continuation US8955038B2 (en) 2005-12-21 2012-08-16 Methods and systems for controlling access to computing resources based on known security vulnerabilities

Publications (1)

Publication Number Publication Date
US20070143851A1 true US20070143851A1 (en) 2007-06-21

Family

ID=38175342

Family Applications (4)

Application Number Title Priority Date Filing Date
US11/451,950 Abandoned US20070143851A1 (en) 2005-12-21 2006-06-13 Method and systems for controlling access to computing resources based on known security vulnerabilities
US13/587,505 Active US8955038B2 (en) 2005-12-21 2012-08-16 Methods and systems for controlling access to computing resources based on known security vulnerabilities
US14/618,685 Active US9608997B2 (en) 2005-12-21 2015-02-10 Methods and systems for controlling access to computing resources based on known security vulnerabilities
US15/470,509 Active US9923918B2 (en) 2005-12-21 2017-03-27 Methods and systems for controlling access to computing resources based on known security vulnerabilities

Family Applications After (3)

Application Number Title Priority Date Filing Date
US13/587,505 Active US8955038B2 (en) 2005-12-21 2012-08-16 Methods and systems for controlling access to computing resources based on known security vulnerabilities
US14/618,685 Active US9608997B2 (en) 2005-12-21 2015-02-10 Methods and systems for controlling access to computing resources based on known security vulnerabilities
US15/470,509 Active US9923918B2 (en) 2005-12-21 2017-03-27 Methods and systems for controlling access to computing resources based on known security vulnerabilities

Country Status (1)

Country Link
US (4) US20070143851A1 (en)

Cited By (554)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060075461A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization having a centralized policy
US20060075462A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization having embedded policies
US20060075492A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization with anomaly detection
US20070016675A1 (en) * 2005-07-13 2007-01-18 Microsoft Corporation Securing network services using network action control lists
US20070143827A1 (en) * 2005-12-21 2007-06-21 Fiberlink Methods and systems for intelligently controlling access to computing resources
US20070159481A1 (en) * 2006-01-11 2007-07-12 Naoki Abe Method and apparatus for presenting feature importance in predictive modeling
US20070195958A1 (en) * 2006-02-22 2007-08-23 Czuchry Andrew J Extensible closed-loop security system
US20070230486A1 (en) * 2006-03-29 2007-10-04 Emile Zafirov Communication and compliance monitoring system
US20070261121A1 (en) * 1998-06-25 2007-11-08 Jacobson Andrea M Network Policy Management And Effectiveness System
US20070289016A1 (en) * 2006-06-13 2007-12-13 Sanjay Pradhan Bi-modular system and method for detecting and removing harmful files using signature scanning
US20080016563A1 (en) * 2006-07-12 2008-01-17 Verizon Services Corp. Systems and methods for measuring cyber based risks in an enterprise organization
US20080022378A1 (en) * 2006-06-21 2008-01-24 Rolf Repasi Restricting malicious libraries
US20080059643A1 (en) * 2006-09-06 2008-03-06 Harold Moss Compliance initiative navigation
US20080082538A1 (en) * 2006-09-28 2008-04-03 Microsoft Corporation Access management in an off-premise environment
US20080086761A1 (en) * 2006-07-14 2008-04-10 At&T Intellectual Property, Inc. Methods, devices, and computer program products for controlling wireless connection access
US20080107274A1 (en) * 2006-06-21 2008-05-08 Rf Code, Inc. Location-based security, privacy, assess control and monitoring system
US20080115190A1 (en) * 2006-11-13 2008-05-15 Jeffrey Aaron Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
US20080120691A1 (en) * 2006-11-21 2008-05-22 Novell, Inc. Control of communication ports of computing devices using policy-based decisions
US20080120611A1 (en) * 2006-10-30 2008-05-22 Jeffrey Aaron Methods, systems, and computer program products for controlling software application installations
US20080148346A1 (en) * 2006-12-15 2008-06-19 Ravinder Gill Compliance control system
US20080162338A1 (en) * 2006-12-30 2008-07-03 Maurice Samuels Method and system for mitigating risk of fraud in internet banking
US20080168529A1 (en) * 2007-01-04 2008-07-10 Kay Schwendimann Anderson System and method for security planning with soft security constraints
US20080172716A1 (en) * 2006-09-12 2008-07-17 Rajesh Talpade IP network vulnerability and policy compliance assessment by IP device analysis
US20080195560A1 (en) * 2007-02-11 2008-08-14 Blake Stanton Sutherland Methods and system for determining licensing/billing fees for computer security software
US20080208866A1 (en) * 2007-02-23 2008-08-28 International Business Machines Corporation Identification, notification, and control of data access quantity and patterns
US20080229420A1 (en) * 2007-03-16 2008-09-18 Jeschke Konikaye Predictive Assessment of Network Risks
US20080235801A1 (en) * 2007-03-20 2008-09-25 Microsoft Corporation Combining assessment models and client targeting to identify network security vulnerabilities
US20080244690A1 (en) * 2007-04-02 2008-10-02 Microsoft Corporation Deriving remediations from security compliance rules
US20080256638A1 (en) * 2007-04-12 2008-10-16 Core Sdi, Inc. System and method for providing network penetration testing
US20080276295A1 (en) * 2007-05-04 2008-11-06 Bini Krishnan Ananthakrishnan Nair Network security scanner for enterprise protection
US20080284581A1 (en) * 2005-12-29 2008-11-20 Daniel Sheleheda Method and apparatus for suppressing duplicate alarms
US20080295169A1 (en) * 2007-05-25 2008-11-27 Crume Jeffery L Detecting and defending against man-in-the-middle attacks
US20090006859A1 (en) * 2007-06-28 2009-01-01 Zimmer Vincent J System and method for out-of-band assisted biometric secure boot
WO2009019701A2 (en) * 2007-08-07 2009-02-12 Feldman, Moshe A network element and an infrastructure for a network risk management system
US7496201B2 (en) 2007-03-02 2009-02-24 Westintech Llc Portable host-pluggable appliance tracking system
US20090086252A1 (en) * 2007-10-01 2009-04-02 Mcafee, Inc Method and system for policy based monitoring and blocking of printing activities on local and network printers
US20090113044A1 (en) * 2007-10-31 2009-04-30 Lancaster Arthur L System and method of configuring a network
US20090113551A1 (en) * 2007-10-24 2009-04-30 Jong Moon Lee Device and method for inspecting network equipment for vulnerabilities using search engine
US20090113548A1 (en) * 2007-10-31 2009-04-30 Bank Of America Corporation Executable Download Tracking System
US7530106B1 (en) * 2008-07-02 2009-05-05 Kaspersky Lab, Zao System and method for security rating of computer processes
US20090126012A1 (en) * 2007-11-14 2009-05-14 Bank Of America Corporation Risk Scoring System For The Prevention of Malware
US20090144446A1 (en) * 2007-11-29 2009-06-04 Joseph Olakangil Remediation management for a network with multiple clients
US20090172818A1 (en) * 2007-11-25 2009-07-02 Blake Stanton Sutherland Methods and system for determining performance of filters in a computer intrusion prevention detection system
US20090172778A1 (en) * 2007-12-26 2009-07-02 Randall Stephens Rule-based security system and method
US20090172768A1 (en) * 2007-12-28 2009-07-02 Huifeng Le Methods and apparatus for operating embedded information technology applications with a service operating system
US20090193495A1 (en) * 2008-01-30 2009-07-30 International Business Machines Corporation System and methods for efficiently classifying and selecting among security policy alternatives for outbound network communications
US7571483B1 (en) * 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
US20090199265A1 (en) * 2008-02-04 2009-08-06 Microsoft Corporation Analytics engine
US20090204964A1 (en) * 2007-10-12 2009-08-13 Foley Peter F Distributed trusted virtualization platform
US20090217346A1 (en) * 2008-02-22 2009-08-27 Manring Bradley A C Dhcp centric network access management through network device access control lists
US20090276546A1 (en) * 2008-05-01 2009-11-05 Broadcom Corporation Techniques for detection and serial communication for a non-usb serial interface over usb connector
US20090293100A1 (en) * 2008-05-22 2009-11-26 Electronics & Telecommunications Research Institut Apparatus and method for checking pc security
US20090300712A1 (en) * 2008-03-27 2009-12-03 Tzach Kaufmann System and method for dynamically enforcing security policies on electronic files
US20090300711A1 (en) * 2008-05-30 2009-12-03 Fujitsu Limited Access control policy compliance check process
US20100037295A1 (en) * 2008-08-07 2010-02-11 Oh Seung-Hee Method and system for exchanging security situation information between mobile terminals
US20100043059A1 (en) * 2008-08-14 2010-02-18 International Business Machines Corporation Trusted Electronic Communication Through Shared Vulnerability
US20100040059A1 (en) * 2006-05-03 2010-02-18 Trapeze Networks, Inc. System and method for restricting network access using forwarding databases
US20100063950A1 (en) * 2008-09-11 2010-03-11 International Business Machines Corporation Computing environment climate dependent policy management
US20100115092A1 (en) * 2007-03-02 2010-05-06 Westin Tech, Inc. Mobile device or computer theft recovery system and method
US20100121964A1 (en) * 2008-11-12 2010-05-13 David Rowles Methods for identifying an application and controlling its network utilization
WO2010055515A1 (en) * 2008-11-15 2010-05-20 Vibesec Ltd. Network security server suitable for unified communications network
US20100125897A1 (en) * 2008-11-20 2010-05-20 Rahul Jain Methods and apparatus for establishing a dynamic virtual private network connection
US20100169668A1 (en) * 2008-12-31 2010-07-01 Clint Gordon-Carroll Obtaining backups using a portable storage device
US20100169590A1 (en) * 2008-12-31 2010-07-01 Clint Gordon-Carroll Providing backups using a portable storage device
US20100180332A1 (en) * 2009-01-09 2010-07-15 Microsoft Corporation Information protection applied by an intermediary device
US20100192228A1 (en) * 2009-01-28 2010-07-29 Hewlett-Packard Development Company, L.P. Device, method and program product for prioritizing security flaw mitigation tasks in a business service
US7805752B2 (en) 2005-11-09 2010-09-28 Symantec Corporation Dynamic endpoint compliance policy configuration
US20100272258A1 (en) * 2007-02-02 2010-10-28 Microsoft Corporation Bidirectional dynamic offloading of tasks between a host and a mobile device
WO2010126733A1 (en) * 2009-04-30 2010-11-04 Netwitness Corporation Systems and methods for sensitive data remediation
US20100305990A1 (en) * 2009-05-29 2010-12-02 Verizon Patent And Licensing Inc. Device classification system
US20110040983A1 (en) * 2006-11-09 2011-02-17 Grzymala-Busse Withold J System and method for providing identity theft security
US20110055382A1 (en) * 2009-09-03 2011-03-03 Mcafee, Inc. Host entry synchronization
US20110061089A1 (en) * 2009-09-09 2011-03-10 O'sullivan Patrick J Differential security policies in email systems
US20110085498A1 (en) * 2009-08-24 2011-04-14 Kabushiki Kaisha Toshiba Plmn selection and inter-system mobility policy conflict resolution for multi-interface user
US7930746B1 (en) * 2005-12-29 2011-04-19 At&T Intellectual Property Ii, L.P. Method and apparatus for detecting anomalous network activities
US20110093842A1 (en) * 2004-09-07 2011-04-21 Mcafee, Inc., A Delaware Corporation Solidifying the executable software set of a computer
US20110125548A1 (en) * 2009-11-25 2011-05-26 Michal Aharon Business services risk management
US20110131324A1 (en) * 2007-05-24 2011-06-02 Animesh Chaturvedi Managing network security
US20110138461A1 (en) * 2006-03-27 2011-06-09 Mcafee, Inc., A Delaware Corporation Execution environment file inventory
US20110138483A1 (en) * 2009-12-04 2011-06-09 International Business Machines Corporation Mobile phone and ip address correlation service
US7966665B1 (en) * 2007-11-16 2011-06-21 Open Invention Network, Llc Compliance validator for restricted network access control
WO2011082412A1 (en) * 2010-01-04 2011-07-07 Bank Of America Corporation Dynamic employee security risk scoring
US20110185056A1 (en) * 2010-01-26 2011-07-28 Bank Of America Corporation Insider threat correlation tool
US20110184877A1 (en) * 2010-01-26 2011-07-28 Bank Of America Corporation Insider threat correlation tool
US20110197253A1 (en) * 2010-02-08 2011-08-11 Comodo Security Solutions, Inc. Method and System of Responding to Buffer Overflow Vulnerabilities
US20110202969A1 (en) * 2010-02-15 2011-08-18 Bank Of America Corporation Anomalous activity detection
US20110209139A1 (en) * 2010-02-23 2011-08-25 Lutz Dominick Application platform
US20110213435A1 (en) * 2008-10-29 2011-09-01 Sorin Crm Sas Optimal cardiac pacing with q learning
US20110246498A1 (en) * 2008-06-05 2011-10-06 International Business Machines Corporation Context-based security policy evaluation using weighted search trees
CN102222192A (en) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 Optimizing anti-malicious software treatment by automatically correcting detection rules
US20110258234A1 (en) * 2009-12-03 2011-10-20 International Business Machines Corporation Dynamic access control for documents in electronic communications within a networked computing environment
US20110270965A1 (en) * 2010-04-29 2011-11-03 Yahoo! Inc. Methods for Web Site Analysis
WO2011156754A1 (en) * 2010-06-11 2011-12-15 M86 Security, Inc. System and method for detecting malicious content
WO2012007402A1 (en) * 2010-07-13 2012-01-19 Cassidian Sas Supervision of the security in a computer system
WO2012012438A1 (en) * 2010-07-21 2012-01-26 Citrix Systems, Inc. Systems and methods for providing a smart group for access control
US20120023324A1 (en) * 2010-07-22 2012-01-26 Bank Of America Corporation Insider threat correlation tool
US20120030731A1 (en) * 2010-07-28 2012-02-02 Rishi Bhargava System and Method for Local Protection Against Malicious Software
US8161557B2 (en) 2005-01-31 2012-04-17 Microsoft Corporation System and method of caching decisions on when to scan for malware
US20120102169A1 (en) * 2010-10-22 2012-04-26 Microsoft Corporation Automatic identification of travel and non-travel network addresses
US20120110174A1 (en) * 2008-10-21 2012-05-03 Lookout, Inc. System and method for a scanning api
US8199965B1 (en) 2007-08-17 2012-06-12 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US8209740B1 (en) * 2011-06-28 2012-06-26 Kaspersky Lab Zao System and method for controlling access to network resources
US20120167198A1 (en) * 2010-12-27 2012-06-28 International Business Machines Corporation Resource Protection from Unauthorized Access Using State Transition Histories
US20120185952A1 (en) * 2010-05-27 2012-07-19 International Business Machines Corporation Context aware data protection
US8239915B1 (en) * 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US8255971B1 (en) * 2008-03-03 2012-08-28 Jpmorgan Chase Bank, N.A. Authentication system and method
US20120221652A1 (en) * 2011-02-28 2012-08-30 Nokia Corporation Method and apparatus for providing a proxy-based access list
US20120233571A1 (en) * 2011-03-08 2012-09-13 Nokia Corporation Method and apparatus for providing quick access to media functions from a locked screen
US8281403B1 (en) * 2009-06-02 2012-10-02 Symantec Corporation Methods and systems for evaluating the health of computing systems based on when operating-system changes occur
US20120291106A1 (en) * 2010-01-19 2012-11-15 Nec Corporation Confidential information leakage prevention system, confidential information leakage prevention method, and confidential information leakage prevention program
US20120290544A1 (en) * 2011-05-09 2012-11-15 International Business Machines Corporation Data compliance management
US20120324591A1 (en) * 2011-06-14 2012-12-20 International Business Machines Corporation System and method to protect a resource using an active avatar
US20130007267A1 (en) * 2007-03-02 2013-01-03 Pegasystems Inc. Proactive Performance Management for Multi-User Enterprise Software Systems
US20130047253A1 (en) * 2011-08-15 2013-02-21 Bank Of America Corporation Method and apparatus for token-based real-time risk updating
US20130055344A1 (en) * 2010-12-30 2013-02-28 Axiomatics Ab System and method for evaluating a reverse query
US8413129B1 (en) * 2007-08-17 2013-04-02 Mcafee, Inc. Application repair system, method, and computer program product for generating an alert based on information describing at least one update
US20130086376A1 (en) * 2011-09-29 2013-04-04 Stephen Ricky Haynes Secure integrated cyberspace security and situational awareness system
US20130091574A1 (en) * 2011-10-07 2013-04-11 Joshua Z. Howes Incident triage engine
US20130091539A1 (en) * 2011-10-11 2013-04-11 Honeywell International Inc. System and method for insider threat detection
US8423631B1 (en) * 2009-02-13 2013-04-16 Aerohive Networks, Inc. Intelligent sorting for N-way secure split tunnel
TWI396078B (en) * 2009-06-18 2013-05-11 Fineart Technology Co Ltd Control method applied into central control system
US20130137392A1 (en) * 2009-12-02 2013-05-30 At&T Mobility Ii, Llc System and Method for Monitoring Usage of a User Device
WO2013090124A1 (en) 2011-12-16 2013-06-20 Microsoft Corporation Discovery and mining of performance information of a device for anticipatorily sending updates to the device
US20130167252A1 (en) * 2011-12-22 2013-06-27 Research In Motion Limited Autonomous access control
US20130166746A1 (en) * 2011-12-23 2013-06-27 Cisco Technology, Inc. System and method for policy selection and switching function in a network environment
US20130174217A1 (en) * 2010-09-27 2013-07-04 Nec Corporation Access control information generating system
US20130191919A1 (en) * 2012-01-19 2013-07-25 Mcafee, Inc. Calculating quantitative asset risk
US20130205042A1 (en) * 2008-03-31 2013-08-08 Amazon Technologies, Inc. Authorizing communications between computing nodes
US20130205360A1 (en) * 2012-02-08 2013-08-08 Microsoft Corporation Protecting user credentials from a computing device
US8516597B1 (en) * 2010-12-02 2013-08-20 Symantec Corporation Method to calculate a risk score of a folder that has been scanned for confidential information
US8515075B1 (en) 2008-01-31 2013-08-20 Mcafee, Inc. Method of and system for malicious software detection using critical address space protection
US8514827B2 (en) 2005-10-13 2013-08-20 Trapeze Networks, Inc. System and network for wireless network monitoring
US20130239166A1 (en) * 2012-03-06 2013-09-12 Microsoft Corporation Operating Large Scale Systems and Cloud Services With Zero-Standing Elevated Permissions
US8539063B1 (en) 2003-08-29 2013-09-17 Mcafee, Inc. Method and system for containment of networked application client software by explicit human input
US20130247189A1 (en) * 2008-06-27 2013-09-19 Lokesh Kumar System, method, and computer program product for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device
US8544003B1 (en) 2008-12-11 2013-09-24 Mcafee, Inc. System and method for managing virtual machine configurations
US8544100B2 (en) 2010-04-16 2013-09-24 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US8549546B2 (en) 2003-12-17 2013-10-01 Mcafee, Inc. Method and system for containment of usage of language interfaces
US8549003B1 (en) 2010-09-12 2013-10-01 Mcafee, Inc. System and method for clustering host inventories
US8555404B1 (en) 2006-05-18 2013-10-08 Mcafee, Inc. Connectivity-based authorization
US20130305346A1 (en) * 2006-01-13 2013-11-14 Fortinet, Inc. Computerized system and method for advanced network content processing
US8589354B1 (en) * 2008-12-31 2013-11-19 Emc Corporation Probe based group selection
US8590002B1 (en) * 2006-11-29 2013-11-19 Mcafee Inc. System, method and computer program product for maintaining a confidentiality of data on a network
WO2013187989A1 (en) * 2012-06-12 2013-12-19 International Business Machines Corporation Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network
US20130339331A1 (en) * 2012-06-13 2013-12-19 International Business Machines Corporation Tracking file content originality
US20130340032A1 (en) * 2012-06-15 2013-12-19 Infosys Limited System and method for achieving compliance through a closed loop integrated compliance framework and toolkit
US20130340086A1 (en) * 2012-06-13 2013-12-19 Nokia Corporation Method and apparatus for providing contextual data privacy
US8615502B2 (en) 2008-04-18 2013-12-24 Mcafee, Inc. Method of and system for reverse mapping vnode pointers
US8621008B2 (en) 2007-04-26 2013-12-31 Mcafee, Inc. System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US20140007241A1 (en) * 2012-06-27 2014-01-02 Tenable Network Security, Inc. System and method for identifying exploitable weak points in a network
US8677448B1 (en) 2010-12-14 2014-03-18 Symantec Corporation Graphical user interface including usage trending for sensitive files
US8683598B1 (en) * 2012-02-02 2014-03-25 Symantec Corporation Mechanism to evaluate the security posture of a computer system
US20140096181A1 (en) * 2012-09-28 2014-04-03 Tripwire, Inc. Event integration frameworks
US8694738B2 (en) 2011-10-11 2014-04-08 Mcafee, Inc. System and method for critical address space protection in a hypervisor environment
US20140101757A1 (en) * 2012-10-09 2014-04-10 Dell Products L.P. Adaptive integrity validation for portable information handling systems
US8701199B1 (en) * 2011-12-23 2014-04-15 Emc Corporation Establishing a trusted session from a non-web client using adaptive authentication
US8701182B2 (en) 2007-01-10 2014-04-15 Mcafee, Inc. Method and apparatus for process enforced configuration management
US8707446B2 (en) 2006-02-02 2014-04-22 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US8713468B2 (en) 2008-08-06 2014-04-29 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US8713668B2 (en) 2011-10-17 2014-04-29 Mcafee, Inc. System and method for redirected firewall discovery in a network environment
EP2727042A1 (en) * 2011-07-01 2014-05-07 Fiberlink Communications Corporation Rules based actions for mobile device management
US8726391B1 (en) 2008-10-10 2014-05-13 Symantec Corporation Scheduling malware signature updates in relation to threat awareness and environmental safety
US20140143542A1 (en) * 2012-11-20 2014-05-22 Cloudioh Inc. Method and Apparatus for Managing Encrypted Folders in Network System
US8739272B1 (en) 2012-04-02 2014-05-27 Mcafee, Inc. System and method for interlocking a host and a gateway
US20140173085A1 (en) * 2012-12-13 2014-06-19 Cellco Partnership D/B/A Verizon Wireless Dynamic flow management at a firewall based on error messages
US20140173684A1 (en) * 2012-12-14 2014-06-19 Nymity, Inc. Methods, software, and devices for automatically scoring privacy protection measures
US8762724B2 (en) 2009-04-15 2014-06-24 International Business Machines Corporation Website authentication
US8763118B2 (en) 2005-07-14 2014-06-24 Mcafee, Inc. Classification of software on networked systems
US8782794B2 (en) 2010-04-16 2014-07-15 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US8782796B2 (en) * 2012-06-22 2014-07-15 Stratum Security, Inc. Data exfiltration attack simulation technology
US8788462B1 (en) * 2008-12-31 2014-07-22 Emc Corporation Multi-factor probe triggers
US8793802B2 (en) 2007-05-22 2014-07-29 Mcafee, Inc. System, method, and computer program product for preventing data leakage utilizing a map of data
US8793789B2 (en) 2010-07-22 2014-07-29 Bank Of America Corporation Insider threat correlation tool
US20140215622A1 (en) * 2008-03-26 2014-07-31 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US8800034B2 (en) 2010-01-26 2014-08-05 Bank Of America Corporation Insider threat correlation tool
US8800024B2 (en) 2011-10-17 2014-08-05 Mcafee, Inc. System and method for host-initiated firewall discovery in a network environment
US8806638B1 (en) * 2010-12-10 2014-08-12 Symantec Corporation Systems and methods for protecting networks from infected computing devices
US8806629B1 (en) * 2008-01-02 2014-08-12 Cisco Technology, Inc. Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks
US20140237545A1 (en) * 2013-02-19 2014-08-21 Marble Security Hierarchical risk assessment and remediation of threats in mobile networking environment
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US20140244840A1 (en) * 2013-02-28 2014-08-28 Adam James Sweeney System and method for access control list conversion
US8838988B2 (en) 2011-04-12 2014-09-16 International Business Machines Corporation Verification of transactional integrity
US20140280870A1 (en) * 2013-03-14 2014-09-18 Alcatel-Lucent Usa Inc Protection of sensitive data of a user from being utilized by web services
US20140283066A1 (en) * 2013-03-15 2014-09-18 John D. Teddy Server-assisted anti-malware client
US8862752B2 (en) 2007-04-11 2014-10-14 Mcafee, Inc. System, method, and computer program product for conditionally preventing the transfer of data based on a location thereof
US8869265B2 (en) 2009-08-21 2014-10-21 Mcafee, Inc. System and method for enforcing security policies in a virtual environment
US20140317677A1 (en) * 2013-04-19 2014-10-23 Vmware, Inc. Framework for coordination between endpoint security and network security services
US20140331276A1 (en) * 2013-05-03 2014-11-06 Vmware, Inc. Methods and apparatus to measure compliance of a virtual computing environment
US8893278B1 (en) 2011-07-12 2014-11-18 Trustwave Holdings, Inc. Detecting malware communication on an infected computing device
US8893285B2 (en) 2008-03-14 2014-11-18 Mcafee, Inc. Securing data using integrated host-based data loss agent with encryption detection
US8892875B1 (en) * 2011-07-29 2014-11-18 Trend Micro Incorporated Methods and apparatus for controlling access to encrypted computer files
US20140351401A1 (en) * 2013-05-26 2014-11-27 Connectloud, Inc. Method and Apparatus to Raise Alerts Based on a Sliding Window Algorithm
US8904506B1 (en) * 2011-11-23 2014-12-02 Amazon Technologies, Inc. Dynamic account throttling
US20140359697A1 (en) * 2013-06-04 2014-12-04 Hangzhou H3C Technologies Co., Ltd. Active Security Defense for Software Defined Network
US20140358715A1 (en) * 2012-01-11 2014-12-04 Saguna Networks Ltd. Methods, Circuits, Devices, Systems and Associated Computer Executable Code for Facilitating Local Hosting and Access of Internet Based Information
US8917826B2 (en) 2012-07-31 2014-12-23 International Business Machines Corporation Detecting man-in-the-middle attacks in electronic transactions using prompts
US20150012630A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Enforcing runtime policies in a networked computing environment
US8938800B2 (en) 2010-07-28 2015-01-20 Mcafee, Inc. System and method for network level protection against malicious software
US8955038B2 (en) 2005-12-21 2015-02-10 Fiberlink Communications Corporation Methods and systems for controlling access to computing resources based on known security vulnerabilities
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US8973144B2 (en) 2011-10-13 2015-03-03 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US8972352B1 (en) 2008-12-31 2015-03-03 Emc Corporation Probe based backup
US8973146B2 (en) 2012-12-27 2015-03-03 Mcafee, Inc. Herd based scan avoidance system in a network environment
US20150066577A1 (en) * 2007-04-30 2015-03-05 Evantix Grc, Llc Method and system for assessing, managing and monitoring information technology risk
US20150096004A1 (en) * 2013-09-29 2015-04-02 Tencent Technology (Shenzhen) Co., Ltd. Method and apparatus for service login based on third party's information
US20150101066A1 (en) * 2013-10-08 2015-04-09 Dr Systems, Inc. System and method for the display of restricted information on private displays
US9069586B2 (en) 2011-10-13 2015-06-30 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US9075993B2 (en) 2011-01-24 2015-07-07 Mcafee, Inc. System and method for selectively grouping and managing program files
US9081967B2 (en) 2013-08-07 2015-07-14 Kaspersky Lab Zao System and method for protecting computers from software vulnerabilities
AU2010210166B2 (en) * 2009-02-05 2015-07-16 Ipanema Technologies Method for managing data stream exchanges in a standalone telecommunications network
US9088615B1 (en) * 2008-07-31 2015-07-21 Pulse Secure, Llc Determining a reduced set of remediation actions for endpoint integrity
US20150215282A1 (en) 2005-12-13 2015-07-30 Cupp Computing As System and method for implementing content and network security inside a chip
US9106683B2 (en) 2008-08-04 2015-08-11 Cupp Computing As Systems and methods for providing security services during power management mode
US9112830B2 (en) 2011-02-23 2015-08-18 Mcafee, Inc. System and method for interlocking a host and a gateway
US9143519B2 (en) 2013-03-15 2015-09-22 Mcafee, Inc. Remote malware remediation
US20150271198A1 (en) * 2014-03-20 2015-09-24 International Business Machines Corporation Comparing source and sink values in security analysis
US20150295939A1 (en) * 2010-12-30 2015-10-15 Axiomatics Ab System and method for evaluating a reverse query
US9195936B1 (en) 2011-12-30 2015-11-24 Pegasystems Inc. System and method for updating or modifying an application without manual coding
US20150341311A1 (en) * 2014-05-21 2015-11-26 Fortinet, Inc. Automated configuration of endpoint security management
US9215075B1 (en) 2013-03-15 2015-12-15 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US9246899B1 (en) 2008-03-03 2016-01-26 Jpmorgan Chase Bank, N.A. Authentication and interaction tracking system and method
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US20160042006A1 (en) * 2014-08-05 2016-02-11 Dell Products L.P. System and Method of Optimizing the User Application Experience
US20160044114A1 (en) * 2014-05-21 2016-02-11 Fortinet, Inc. Automated configuration of endpoint security management
US9270743B2 (en) 2011-02-18 2016-02-23 Pegasystems Inc. Systems and methods for distributed rules processing
US20160062344A1 (en) * 2014-08-29 2016-03-03 Electronics And Telecommunications Research Institute Apparatus and method for identifying web page for industrial control system
US9282114B1 (en) * 2011-06-30 2016-03-08 Emc Corporation Generation of alerts in an event management system based upon risk
US9282005B1 (en) * 2007-11-01 2016-03-08 Emc Corporation IT infrastructure policy breach investigation interface
US20160078120A1 (en) * 2014-09-11 2016-03-17 Salesforce.Com, Inc. Extracting and processing metrics from system generated events
US9317574B1 (en) 2012-06-11 2016-04-19 Dell Software Inc. System and method for managing and identifying subject matter experts
US20160110558A1 (en) * 2013-05-24 2016-04-21 Ubs Ag Client identifying data (cid) target-state-compliant computer-executable applications
US9335897B2 (en) 2013-08-08 2016-05-10 Palantir Technologies Inc. Long click display of a context menu
US9349016B1 (en) * 2014-06-06 2016-05-24 Dell Software Inc. System and method for user-context-based data loss prevention
US20160173535A1 (en) * 2014-12-15 2016-06-16 International Business Machines Corporation Context-aware network service policy management
US9379931B2 (en) 2014-05-16 2016-06-28 Cisco Technology, Inc. System and method for transporting information to services in a network environment
US20160191413A1 (en) * 2014-12-29 2016-06-30 Nicira, Inc. Introspection method and apparatus for network access filtering
US9386027B2 (en) * 2014-08-11 2016-07-05 Indiana University Research & Technology Corporation Detection of pileup vulnerabilities in mobile operating systems
US9390240B1 (en) 2012-06-11 2016-07-12 Dell Software Inc. System and method for querying data
US9391956B2 (en) 2007-05-30 2016-07-12 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20160210447A1 (en) * 2015-01-19 2016-07-21 Dell Products Lp System and Method for Providing an Authentication Engine in a Persistent Authentication Framework
US9407652B1 (en) 2015-06-26 2016-08-02 Palantir Technologies Inc. Network anomaly detection
US9407656B1 (en) 2015-01-09 2016-08-02 International Business Machines Corporation Determining a risk level for server health check processing
US20160234242A1 (en) * 2015-02-11 2016-08-11 Honeywell International Inc. Apparatus and method for providing possible causes, recommended actions, and potential impacts related to identified cyber-security risk items
US9419992B2 (en) * 2014-08-13 2016-08-16 Palantir Technologies Inc. Unwanted tunneling alert system
US20160241573A1 (en) * 2015-02-13 2016-08-18 Fisher-Rosemount Systems, Inc. Security event detection through virtual machine introspection
US9424154B2 (en) 2007-01-10 2016-08-23 Mcafee, Inc. Method of and system for computer system state checks
US9467455B2 (en) 2014-12-29 2016-10-11 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9479443B2 (en) 2014-05-16 2016-10-25 Cisco Technology, Inc. System and method for transporting information to services in a network environment
CN106060087A (en) * 2016-07-26 2016-10-26 中国南方电网有限责任公司信息中心 Multi-factor host security access control system and method
US9501744B1 (en) 2012-06-11 2016-11-22 Dell Software Inc. System and method for classifying data
US9529815B1 (en) * 2013-10-04 2016-12-27 Veritas Technologies Llc System and method to integrate backup and compliance systems
US9537880B1 (en) 2015-08-19 2017-01-03 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US20170011109A1 (en) * 2014-05-03 2017-01-12 Pinplanet Corporation System and method for dynamic and secure communication and synchronization of personal data records
US9552497B2 (en) 2009-11-10 2017-01-24 Mcafee, Inc. System and method for preventing data loss using virtual machine wrapped applications
US9563782B1 (en) 2015-04-10 2017-02-07 Dell Software Inc. Systems and methods of secure self-service access to content
US9569626B1 (en) 2015-04-10 2017-02-14 Dell Software Inc. Systems and methods of reporting content-exposure events
US9578060B1 (en) 2012-06-11 2017-02-21 Dell Software Inc. System and method for data loss prevention across heterogeneous communications platforms
US9578052B2 (en) 2013-10-24 2017-02-21 Mcafee, Inc. Agent assisted malicious application blocking in a network environment
US20170063840A1 (en) * 2015-08-24 2017-03-02 Paypal, Inc. Optimizing tokens for identity platforms
US9594881B2 (en) 2011-09-09 2017-03-14 Mcafee, Inc. System and method for passive threat detection using virtual memory inspection
US20170083205A1 (en) * 2015-09-17 2017-03-23 Hewlett-Packard Development Company, L.P. Operating system events of a kiosk device
US9614865B2 (en) 2013-03-15 2017-04-04 Mcafee, Inc. Server-assisted anti-malware client
US9641555B1 (en) 2015-04-10 2017-05-02 Dell Software Inc. Systems and methods of tracking content-exposure events
US9648036B2 (en) 2014-12-29 2017-05-09 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US20170139765A1 (en) * 2015-11-13 2017-05-18 Sandisk Technologies Llc Data logger
US9658735B2 (en) 2006-03-30 2017-05-23 Pegasystems Inc. Methods and apparatus for user interface optimization
US9678719B1 (en) 2009-03-30 2017-06-13 Pegasystems Inc. System and software for creation and modification of software
US9680858B1 (en) * 2013-09-09 2017-06-13 BitSight Technologies, Inc. Annotation platform for a security risk system
US20170208098A1 (en) * 2011-11-10 2017-07-20 Blackberry Limited Managing access to resources
US9727733B2 (en) * 2011-08-24 2017-08-08 International Business Machines Corporation Risk-based model for security policy management
US9747444B1 (en) 2005-12-13 2017-08-29 Cupp Computing As System and method for providing network security to mobile devices
US9762402B2 (en) 2015-05-20 2017-09-12 Cisco Technology, Inc. System and method to facilitate the assignment of service functions for service chains in a network environment
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
US9762614B2 (en) 2014-02-13 2017-09-12 Cupp Computing As Systems and methods for providing network security using a secure digital device
WO2017152742A1 (en) * 2016-03-08 2017-09-14 中兴通讯股份有限公司 Risk assessment method and apparatus for network security device
US20170286676A1 (en) * 2014-08-11 2017-10-05 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US9800604B2 (en) 2015-05-06 2017-10-24 Honeywell International Inc. Apparatus and method for assigning cyber-security risk consequences in industrial process control environments
US20170324733A1 (en) * 2014-11-21 2017-11-09 Interdigital Patent Holdings, Inc. Using security posture information to determine access to services
US20170324756A1 (en) * 2015-03-31 2017-11-09 Juniper Networks, Inc. Remote remediation of malicious files
US9830569B2 (en) 2010-09-24 2017-11-28 BitSight Technologies, Inc. Security assessment using service provider digital asset information
US9836598B2 (en) * 2015-04-20 2017-12-05 Splunk Inc. User activity monitoring
US20170352028A1 (en) * 2016-06-03 2017-12-07 U.S. Bancorp, National Association Access control and mobile security app
US9842218B1 (en) 2015-04-10 2017-12-12 Dell Software Inc. Systems and methods of secure self-service access to content
US9842220B1 (en) 2015-04-10 2017-12-12 Dell Software Inc. Systems and methods of secure self-service access to content
US20170359311A1 (en) * 2016-06-09 2017-12-14 LGS Innovations LLC Methods and systems for controlling traffic to vpn servers
US9860790B2 (en) 2011-05-03 2018-01-02 Cisco Technology, Inc. Mobile service routing in a network environment
US20180027606A1 (en) * 2016-07-19 2018-01-25 Fuji Xerox Co., Ltd. Terminal apparatus and terminal control method
US9888039B2 (en) 2015-12-28 2018-02-06 Palantir Technologies Inc. Network-based permissioning system
US9917814B2 (en) 2014-05-21 2018-03-13 Fortinet, Inc. Automated configuration of endpoint security management
US9916465B1 (en) 2015-12-29 2018-03-13 Palantir Technologies Inc. Systems and methods for automatic and customizable data minimization of electronic data stores
US20180077195A1 (en) * 2016-09-12 2018-03-15 Qualcomm Incorporated Methods And Systems For On-Device Real-Time Adaptive Security Based On External Threat Intelligence Inputs
US20180089652A1 (en) * 2016-09-27 2018-03-29 Adobe Systems Incorporated Determination of Paywall Metrics
US9946887B2 (en) 2012-06-04 2018-04-17 Nokia Technologies Oy Method and apparatus for determining privacy policy based on data and associated values
US20180121296A1 (en) * 2015-02-11 2018-05-03 International Business Machines Corporation Method for automatically configuring backup client systems and backup server systems in a backup environment
US9973501B2 (en) 2012-10-09 2018-05-15 Cupp Computing As Transaction security systems and methods
US9973524B2 (en) 2010-09-24 2018-05-15 BitSight Technologies, Inc. Information technology security assessment system
US20180152981A1 (en) * 2015-04-17 2018-05-31 Barracuda Networks, Inc. System for connecting, securing and managing network devices with a dedicated private virtual network
US9992025B2 (en) 2012-06-05 2018-06-05 Lookout, Inc. Monitoring installed applications on user devices
US9990506B1 (en) 2015-03-30 2018-06-05 Quest Software Inc. Systems and methods of securing network-accessible peripheral devices
US20180167812A1 (en) * 2016-12-09 2018-06-14 Arris Enterprises Llc Wireless network authorization using a trusted authenticator
US10021119B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Apparatus and method for automatic handling of cyber-security risk events
US10021125B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Infrastructure monitoring tool for collecting industrial process control and automation system risk data
US10027473B2 (en) 2013-12-30 2018-07-17 Palantir Technologies Inc. Verifiable redactable audit log
US20180205611A1 (en) * 2017-01-13 2018-07-19 Gigamon Inc. Network enumeration at a network visibility node
US10044745B1 (en) 2015-10-12 2018-08-07 Palantir Technologies, Inc. Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US10055594B2 (en) 2012-06-07 2018-08-21 Amazon Technologies, Inc. Virtual service provider zones
CN108476135A (en) * 2016-02-08 2018-08-31 黑莓有限公司 The access control of numerical data
US10075465B2 (en) 2014-10-09 2018-09-11 Bank Of America Corporation Exposure of an apparatus to a technical hazard
US10075474B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications
US10075471B2 (en) 2012-06-07 2018-09-11 Amazon Technologies, Inc. Data loss prevention techniques
US10075475B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Apparatus and method for dynamic customization of cyber-security risk item rules
US10079832B1 (en) 2017-10-18 2018-09-18 Palantir Technologies Inc. Controlling user creation of data resources on a data processing platform
US10084809B1 (en) * 2016-05-06 2018-09-25 Wells Fargo Bank, N.A. Enterprise security measures
US10084802B1 (en) 2016-06-21 2018-09-25 Palantir Technologies Inc. Supervisory control and data acquisition
US10084818B1 (en) * 2012-06-07 2018-09-25 Amazon Technologies, Inc. Flexibly configurable data modification services
CN108650237A (en) * 2018-04-13 2018-10-12 烽火通信科技股份有限公司 A kind of packet safety detection method and system based on the time-to-live
US10120451B1 (en) 2014-01-09 2018-11-06 D.R. Systems, Inc. Systems and user interfaces for dynamic interaction with two- and three-dimensional medical image data using spatial positioning of mobile devices
US10135863B2 (en) 2014-11-06 2018-11-20 Palantir Technologies Inc. Malicious software detection in a computing system
US20180336356A1 (en) * 2015-03-12 2018-11-22 Whitehat Security, Inc. Auto-remediation workflow for computer security testing utilizing pre-existing security controls
US10142391B1 (en) 2016-03-25 2018-11-27 Quest Software Inc. Systems and methods of diagnosing down-layer performance problems via multi-stream performance patternization
US10148577B2 (en) 2014-12-11 2018-12-04 Cisco Technology, Inc. Network service header metadata for load balancing
US20180349615A1 (en) * 2013-08-05 2018-12-06 Netflix, Inc. Dynamic security testing
US10157358B1 (en) 2015-10-05 2018-12-18 Quest Software Inc. Systems and methods for multi-stream performance patternization and interval-based prediction
US10157280B2 (en) * 2009-09-23 2018-12-18 F5 Networks, Inc. System and method for identifying security breach attempts of a website
US10162887B2 (en) 2014-06-30 2018-12-25 Palantir Technologies Inc. Systems and methods for key phrase characterization of documents
US10171648B2 (en) * 2010-11-19 2019-01-01 Mobile Iron, Inc. Mobile posture-based policy, remediation and access control for enterprise resources
US10176445B2 (en) 2016-02-16 2019-01-08 BitSight Technologies, Inc. Relationships among technology assets and services and the entities responsible for them
US10185924B1 (en) * 2014-07-01 2019-01-22 Amazon Technologies, Inc. Security risk response impact analysis
US10187306B2 (en) 2016-03-24 2019-01-22 Cisco Technology, Inc. System and method for improved service chaining
US10198587B2 (en) 2007-09-05 2019-02-05 Mcafee, Llc System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US20190058729A1 (en) * 2017-08-15 2019-02-21 Level 3 Communications, Llc Local DDOS mitigation announcements in a telecommunications network
US10218588B1 (en) 2015-10-05 2019-02-26 Quest Software Inc. Systems and methods for multi-stream performance patternization and optimization of virtual meetings
US10218616B2 (en) 2016-07-21 2019-02-26 Cisco Technology, Inc. Link selection for communication with a service function cluster
US10218697B2 (en) * 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
US10218593B2 (en) 2016-08-23 2019-02-26 Cisco Technology, Inc. Identifying sources of packet drops in a service function chain environment
US10223535B2 (en) * 2016-12-14 2019-03-05 International Business Machines Corporation Ranking security scans based on vulnerability information from third party resources
US10225270B2 (en) 2016-08-02 2019-03-05 Cisco Technology, Inc. Steering of cloned traffic in a service function chain
US10225187B2 (en) 2017-03-22 2019-03-05 Cisco Technology, Inc. System and method for providing a bit indexed service chain
US20190075124A1 (en) * 2017-09-04 2019-03-07 ITsMine Ltd. System and method for conducting a detailed computerized surveillance in a computerized environment
US10230746B2 (en) 2014-01-03 2019-03-12 Palantir Technologies Inc. System and method for evaluating network threats and usage
US10230588B2 (en) * 2005-07-07 2019-03-12 Sciencelogic, Inc. Dynamically deployable self configuring distributed network management system using a trust domain specification to authorize execution of network collection software on hardware components
US10237379B2 (en) 2013-04-26 2019-03-19 Cisco Technology, Inc. High-efficiency service chaining with agentless service nodes
US10250401B1 (en) 2017-11-29 2019-04-02 Palantir Technologies Inc. Systems and methods for providing category-sensitive chat channels
US20190104156A1 (en) * 2017-10-04 2019-04-04 Servicenow, Inc. Systems and methods for automated governance, risk, and compliance
US10255415B1 (en) 2018-04-03 2019-04-09 Palantir Technologies Inc. Controlling access to computer resources
US10257033B2 (en) 2017-04-12 2019-04-09 Cisco Technology, Inc. Virtualized network functions and service chaining in serverless computing infrastructure
US20190132336A1 (en) * 2017-10-30 2019-05-02 Bank Of America Corporation System for across rail silo system integration and logic repository
US10284579B2 (en) * 2017-03-22 2019-05-07 Vade Secure, Inc. Detection of email spoofing and spear phishing attacks
US10291637B1 (en) 2016-07-05 2019-05-14 Palantir Technologies Inc. Network anomaly detection and profiling
US10289838B2 (en) * 2014-02-21 2019-05-14 Entit Software Llc Scoring for threat observables
US10298608B2 (en) 2015-02-11 2019-05-21 Honeywell International Inc. Apparatus and method for tying cyber-security risk analysis to common risk methodologies and risk levels
US10313368B2 (en) 2005-12-13 2019-06-04 Cupp Computing As System and method for providing data and device security between external and host devices
US10320829B1 (en) * 2016-08-11 2019-06-11 Balbix, Inc. Comprehensive modeling and mitigation of security risk vulnerabilities in an enterprise network
US10320664B2 (en) 2016-07-21 2019-06-11 Cisco Technology, Inc. Cloud overlay for operations administration and management
US10326748B1 (en) 2015-02-25 2019-06-18 Quest Software Inc. Systems and methods for event-based authentication
US10326786B2 (en) 2013-09-09 2019-06-18 BitSight Technologies, Inc. Methods for using organizational behavior for risk ratings
US20190190929A1 (en) * 2017-12-20 2019-06-20 Sophos Limited Electronic mail security using root cause analysis
US10333855B2 (en) 2017-04-19 2019-06-25 Cisco Technology, Inc. Latency reduction in service function paths
US10356032B2 (en) 2013-12-26 2019-07-16 Palantir Technologies Inc. System and method for detecting confidential information emails
US10361969B2 (en) 2016-08-30 2019-07-23 Cisco Technology, Inc. System and method for managing chained services in a network environment
US10367815B2 (en) * 2009-03-17 2019-07-30 Sophos Limited Protecting sensitive information from a secure data store
WO2019145473A1 (en) * 2018-01-28 2019-08-01 AVAST Software s.r.o. Computer network security assessment engine
US10375100B2 (en) * 2017-10-27 2019-08-06 Cisco Technology, Inc. Identifying anomalies in a network
US10397229B2 (en) 2017-10-04 2019-08-27 Palantir Technologies, Inc. Controlling user creation of data resources on a data processing platform
US10397271B2 (en) 2017-07-11 2019-08-27 Cisco Technology, Inc. Distributed denial of service mitigation for web conferencing
US10417613B1 (en) 2015-03-17 2019-09-17 Quest Software Inc. Systems and methods of patternizing logged user-initiated events for scheduling functions
US10417025B2 (en) 2014-11-18 2019-09-17 Cisco Technology, Inc. System and method to chain distributed applications in a network environment
US10417400B2 (en) 2008-11-19 2019-09-17 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US10419550B2 (en) 2016-07-06 2019-09-17 Cisco Technology, Inc. Automatic service function validation in a virtual network environment
US10419452B2 (en) 2015-07-28 2019-09-17 Sap Se Contextual monitoring and tracking of SSH sessions
US10425380B2 (en) 2017-06-22 2019-09-24 BitSight Technologies, Inc. Methods for mapping IP addresses and domains to organizations using user activity data
US10432469B2 (en) 2017-06-29 2019-10-01 Palantir Technologies, Inc. Access controls through node-based effective policy identifiers
US10454955B2 (en) * 2015-07-28 2019-10-22 Sap Se Real-time contextual monitoring intrusion detection and prevention
US10469396B2 (en) 2014-10-10 2019-11-05 Pegasystems, Inc. Event processing with enhanced throughput
US10467200B1 (en) 2009-03-12 2019-11-05 Pegasystems, Inc. Techniques for dynamic data processing
US10474556B2 (en) * 2018-02-20 2019-11-12 Bank Of America Corporation Multiple ruleset version scanning, warning and correction tool
US10484407B2 (en) 2015-08-06 2019-11-19 Palantir Technologies Inc. Systems, methods, user interfaces, and computer-readable media for investigating potential malicious communications
US10491632B1 (en) * 2016-01-21 2019-11-26 F5 Networks, Inc. Methods for reducing compliance violations in mobile application management environments and devices thereof
US10498711B1 (en) 2016-05-20 2019-12-03 Palantir Technologies Inc. Providing a booting key to a remote system
US10505990B1 (en) 2016-01-20 2019-12-10 F5 Networks, Inc. Methods for deterministic enforcement of compliance policies and devices thereof
US10509910B2 (en) * 2008-10-21 2019-12-17 Lookout, Inc. Methods and systems for granting access to services based on a security state that varies with the severity of security events
US10521583B1 (en) 2018-10-25 2019-12-31 BitSight Technologies, Inc. Systems and methods for remote detection of software through browser webinjects
US10524130B2 (en) * 2017-07-13 2019-12-31 Sophos Limited Threat index based WLAN security and quality of service
US10530803B1 (en) * 2016-07-05 2020-01-07 Wells Fargo Bank, N.A. Secure online transactions
US20200014724A1 (en) * 2018-07-05 2020-01-09 Cisco Technology, Inc. Dynamic dns policy enforcement based on endpoint security posture
US10536352B1 (en) 2015-08-05 2020-01-14 Quest Software Inc. Systems and methods for tuning cross-platform data collection
US10534799B1 (en) * 2015-12-14 2020-01-14 Airbnb, Inc. Feature transformation and missing values
US10541893B2 (en) 2017-10-25 2020-01-21 Cisco Technology, Inc. System and method for obtaining micro-service telemetry data
US10554691B2 (en) * 2014-06-27 2020-02-04 Trend Micro Incorporated Security policy based on risk
US10554689B2 (en) 2017-04-28 2020-02-04 Cisco Technology, Inc. Secure communication session resumption in a service function chain
US10560453B2 (en) * 2013-03-15 2020-02-11 Airwatch Llc Certificate based profile confirmation
US10581960B2 (en) 2016-12-22 2020-03-03 Nicira, Inc. Performing context-rich attribute-based load balancing on a host
US10594723B2 (en) 2018-03-12 2020-03-17 BitSight Technologies, Inc. Correlated risk in cybersecurity
US10601872B1 (en) 2016-01-20 2020-03-24 F5 Networks, Inc. Methods for enhancing enforcement of compliance policies based on security violations and devices thereof
US10609160B2 (en) 2016-12-06 2020-03-31 Nicira, Inc. Performing context-rich attribute-based services on a host
US10616294B2 (en) * 2015-05-14 2020-04-07 Web Spark Ltd. System and method for streaming content from multiple servers
US10623433B1 (en) * 2017-09-25 2020-04-14 Amazon Technologies, Inc. Configurable event-based compute instance security assessments
US10637890B2 (en) 2016-06-09 2020-04-28 LGS Innovations LLC Methods and systems for establishment of VPN security policy by SDN application
US10636045B2 (en) * 2013-11-12 2020-04-28 Bank Of America Corporation Predicting economic conditions
US10643002B1 (en) 2017-09-28 2020-05-05 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a virtual computing environment
US10666612B2 (en) 2018-06-06 2020-05-26 Cisco Technology, Inc. Service chains for inter-cloud traffic
US10673698B2 (en) 2017-07-21 2020-06-02 Cisco Technology, Inc. Service function chain optimization using live testing
US20200177524A1 (en) * 2018-11-30 2020-06-04 Thomas James West Method for securing computing system networks through locking osi layers 2 and 3 on individual remote computing devices
US10686796B2 (en) 2017-12-28 2020-06-16 Palantir Technologies Inc. Verifying network-based permissioning rights
US10693722B2 (en) 2018-03-28 2020-06-23 Dell Products L.P. Agentless method to bring solution and cluster awareness into infrastructure and support management portals
US10698927B1 (en) 2016-08-30 2020-06-30 Palantir Technologies Inc. Multiple sensor session and log information compression and correlation system
US10698599B2 (en) 2016-06-03 2020-06-30 Pegasystems, Inc. Connecting graphical shapes using gestures
US10698647B2 (en) 2016-07-11 2020-06-30 Pegasystems Inc. Selective sharing for collaborative application usage
US10708272B1 (en) 2017-02-10 2020-07-07 Arista Networks, Inc. Optimized hash-based ACL lookup offload
US10706155B1 (en) * 2017-09-28 2020-07-07 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a computing environment
US10721262B2 (en) 2016-12-28 2020-07-21 Palantir Technologies Inc. Resource-centric network cyber attack warning system
US10726136B1 (en) 2019-07-17 2020-07-28 BitSight Technologies, Inc. Systems and methods for generating security improvement plans for entities
USRE48131E1 (en) 2014-12-11 2020-07-28 Cisco Technology, Inc. Metadata augmentation in a service function chain
US10728262B1 (en) 2016-12-21 2020-07-28 Palantir Technologies Inc. Context-aware network-based malicious activity warning systems
US10735275B2 (en) 2017-06-16 2020-08-04 Cisco Technology, Inc. Releasing and retaining resources for use in a NFV environment
US10735964B2 (en) 2011-10-17 2020-08-04 Blackberry Limited Associating services to perimeters
US10733293B2 (en) 2017-10-30 2020-08-04 Bank Of America Corporation Cross platform user event record aggregation system
US10742657B2 (en) * 2018-07-11 2020-08-11 International Business Machines Corporation Accessing shared resources without system groups
US10749893B1 (en) 2019-08-23 2020-08-18 BitSight Technologies, Inc. Systems and methods for inferring entity relationships via network communications of users or user devices
US10747893B2 (en) * 2012-08-22 2020-08-18 International Business Machines Corporation Device and method for determining content of access control of data
US10754708B2 (en) 2018-03-28 2020-08-25 EMC IP Holding Company LLC Orchestrator and console agnostic method to deploy infrastructure through self-describing deployment templates
US10754872B2 (en) 2016-12-28 2020-08-25 Palantir Technologies Inc. Automatically executing tasks and configuring access control lists in a data transformation system
US10762200B1 (en) 2019-05-20 2020-09-01 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
US10761889B1 (en) 2019-09-18 2020-09-01 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US10778721B1 (en) 2016-02-26 2020-09-15 Arista Networks, Inc. Hash-based ACL lookup offload
US10778651B2 (en) 2017-11-15 2020-09-15 Nicira, Inc. Performing context-rich attribute-based encryption on a host
US10791119B1 (en) * 2017-03-14 2020-09-29 F5 Networks, Inc. Methods for temporal password injection and devices thereof
US10791140B1 (en) 2020-01-29 2020-09-29 BitSight Technologies, Inc. Systems and methods for assessing cybersecurity state of entities based on computer network characterization
US10791065B2 (en) 2017-09-19 2020-09-29 Cisco Technology, Inc. Systems and methods for providing container attributes as part of OAM techniques
US10798058B2 (en) 2013-10-01 2020-10-06 Nicira, Inc. Distributed identity-based firewalls
US10795756B2 (en) 2018-04-24 2020-10-06 EMC IP Holding Company LLC System and method to predictively service and support the solution
US10798187B2 (en) 2017-06-19 2020-10-06 Cisco Technology, Inc. Secure service chaining
US10802857B2 (en) 2016-12-22 2020-10-13 Nicira, Inc. Collecting and processing contextual attributes on a host
US10803173B2 (en) 2016-12-22 2020-10-13 Nicira, Inc. Performing context-rich attribute-based process control services on a host
US10802893B2 (en) 2018-01-26 2020-10-13 Nicira, Inc. Performing process control services on endpoint machines
US10805332B2 (en) 2017-07-25 2020-10-13 Nicira, Inc. Context engine model
US10812266B1 (en) 2017-03-17 2020-10-20 F5 Networks, Inc. Methods for managing security tokens based on security violations and devices thereof
US10812451B2 (en) 2016-12-22 2020-10-20 Nicira, Inc. Performing appID based firewall services on a host
US10812520B2 (en) 2018-04-17 2020-10-20 BitSight Technologies, Inc. Systems and methods for external detection of misconfigured systems
US20200374284A1 (en) * 2019-05-20 2020-11-26 Citrix Systems, Inc. Virtual delivery appliance and system with remote authentication and related methods
US10862773B2 (en) 2018-01-26 2020-12-08 Nicira, Inc. Performing services on data messages associated with endpoint machines
US10862761B2 (en) 2019-04-29 2020-12-08 EMC IP Holding Company LLC System and method for management of distributed systems
US10867044B2 (en) * 2018-05-30 2020-12-15 AppOmni, Inc. Automatic computer system change monitoring and security gap detection system
US10868821B2 (en) 2017-12-20 2020-12-15 Sophos Limited Electronic mail security using a heartbeat
US10868887B2 (en) 2019-02-08 2020-12-15 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
US20200401556A1 (en) * 2014-12-29 2020-12-24 EMC IP Holding Company LLC Methods, systems, and computer readable mediums for implementing a data protection policy for a transferred enterprise application
US10878051B1 (en) 2018-03-30 2020-12-29 Palantir Technologies Inc. Mapping device identifiers
US10884807B2 (en) 2017-04-12 2021-01-05 Cisco Technology, Inc. Serverless computing and task scheduling
US10893067B1 (en) 2020-01-31 2021-01-12 BitSight Technologies, Inc. Systems and methods for rapidly generating security ratings
US20210019095A1 (en) * 2010-04-26 2021-01-21 Canon Kabushiki Kaisha Image sending apparatus and authentication method in image sending apparatus
US10904292B1 (en) * 2018-09-25 2021-01-26 Amazon Technologies, Inc. Secure data transfer device
US10929436B2 (en) 2014-07-03 2021-02-23 Palantir Technologies Inc. System and method for news events detection and visualization
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
US10931662B1 (en) 2017-04-10 2021-02-23 F5 Networks, Inc. Methods for ephemeral authentication screening and devices thereof
US10931793B2 (en) 2016-04-26 2021-02-23 Cisco Technology, Inc. System and method for automated rendering of service chaining
US10936984B2 (en) 2018-05-08 2021-03-02 Bank Of America Corporation System for mitigating exposure associated with identified impacts of technological system changes based on solution data modelling
US10938837B2 (en) 2016-08-30 2021-03-02 Nicira, Inc. Isolated network stack to manage security for virtual machines
US10949400B2 (en) 2018-05-09 2021-03-16 Palantir Technologies Inc. Systems and methods for tamper-resistant activity logging
US10949193B2 (en) * 2016-09-08 2021-03-16 AO Kaspersky Lab System and method of updating active and passive agents in a network
US10963465B1 (en) 2017-08-25 2021-03-30 Palantir Technologies Inc. Rapid importation of data including temporally tracked object recognition
US10970406B2 (en) 2018-05-08 2021-04-06 Bank Of America Corporation System for mitigating exposure associated with identified unmanaged devices in a network using solution data modelling
US10977370B2 (en) 2014-08-11 2021-04-13 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US10977283B2 (en) * 2018-05-08 2021-04-13 Bank Of America Corporation System for mitigating intentional and unintentional exposure using solution data modelling
US10984427B1 (en) 2017-09-13 2021-04-20 Palantir Technologies Inc. Approaches for analyzing entity relationships
US20210152586A1 (en) * 2017-08-08 2021-05-20 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11018981B2 (en) 2017-10-13 2021-05-25 Cisco Technology, Inc. System and method for replication container performance and policy validation using real time network traffic
US11023835B2 (en) 2018-05-08 2021-06-01 Bank Of America Corporation System for decommissioning information technology assets using solution data modelling
US11023585B1 (en) 2020-05-27 2021-06-01 BitSight Technologies, Inc. Systems and methods for managing cybersecurity alerts
US11032246B2 (en) 2016-12-22 2021-06-08 Nicira, Inc. Context based firewall services for data message flows for multiple concurrent users on one machine
US11030027B2 (en) 2017-11-15 2021-06-08 Bank Of America Corporation System for technology anomaly detection, triage and response using solution data modeling
US11032244B2 (en) 2019-09-30 2021-06-08 BitSight Technologies, Inc. Systems and methods for determining asset importance in security risk management
US11032283B2 (en) 2012-06-21 2021-06-08 Blackberry Limited Managing use of network resources
US11044203B2 (en) 2016-01-19 2021-06-22 Cisco Technology, Inc. System and method for hosting mobile packet core and value-added services using a software defined network and service chains
US11048488B2 (en) 2018-08-14 2021-06-29 Pegasystems, Inc. Software code optimizer and method
US11063856B2 (en) 2017-08-24 2021-07-13 Cisco Technology, Inc. Virtual network function monitoring in a network function virtualization deployment
US11075925B2 (en) 2018-01-31 2021-07-27 EMC IP Holding Company LLC System and method to enable component inventory and compliance in the platform
US11082452B2 (en) * 2018-10-15 2021-08-03 Paypal, Inc. Multi-dimensional drift nuance intelligence threat engine
US11086738B2 (en) * 2018-04-24 2021-08-10 EMC IP Holding Company LLC System and method to automate solution level contextual support
USRE48679E1 (en) 2004-04-30 2021-08-10 Blackberry Limited System and method for handling data transfers
US11093687B2 (en) 2014-06-30 2021-08-17 Palantir Technologies Inc. Systems and methods for identifying key phrase clusters within documents
US20210258307A1 (en) * 2016-06-29 2021-08-19 Duo Security, Inc. Systems and methods for endpoint management
US11100232B1 (en) * 2017-02-23 2021-08-24 Ivanti, Inc. Systems and methods to automate networked device security response priority by user role detection
US11100113B2 (en) 2014-07-21 2021-08-24 Splunk Inc. Object score adjustment based on analyzing machine data
US20210266157A1 (en) * 2020-02-24 2021-08-26 Electronics And Telecommunications Research Institute Quantum entity authentication apparatus and method
US11108728B1 (en) 2020-07-24 2021-08-31 Vmware, Inc. Fast distribution of port identifiers for rule processing
US11115425B2 (en) * 2016-08-25 2021-09-07 Clarion Co., Ltd. In-vehicle apparatus and log collection system
US11122042B1 (en) 2017-05-12 2021-09-14 F5 Networks, Inc. Methods for dynamically managing user access control and devices thereof
US11133925B2 (en) 2017-12-07 2021-09-28 Palantir Technologies Inc. Selective access to encrypted logs
US11157976B2 (en) 2013-07-08 2021-10-26 Cupp Computing As Systems and methods for providing digital content marketplace security
US11171990B1 (en) * 2017-11-01 2021-11-09 Entreda, Inc. Arbitrated network access using real-time risk metric
US11178150B1 (en) 2016-01-20 2021-11-16 F5 Networks, Inc. Methods for enforcing access control list based on managed application and devices thereof
US20210373721A1 (en) * 2018-06-19 2021-12-02 Palantir Technologies Inc. Artificial intelligence assisted evaluations and user interface for same
US11200323B2 (en) 2018-10-17 2021-12-14 BitSight Technologies, Inc. Systems and methods for forecasting cybersecurity ratings based on event-rate scenarios
US11201888B2 (en) * 2017-01-06 2021-12-14 Mastercard International Incorporated Methods and systems for discovering network security gaps
US11240014B1 (en) 2019-09-10 2022-02-01 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11244063B2 (en) 2018-06-11 2022-02-08 Palantir Technologies Inc. Row-level and column-level policy service
US20220046058A1 (en) * 2020-08-07 2022-02-10 Cisco Technology, Inc. Zero-trust dynamic discovery
US11265330B2 (en) 2020-02-26 2022-03-01 BitSight Technologies, Inc. Systems and methods for improving a security profile of an entity based on peer security profiles
US11282108B2 (en) * 2018-07-16 2022-03-22 James D. MacDonald-Korth Automatic login link for targeted users without previous account creation
US11281485B2 (en) 2015-11-03 2022-03-22 Nicira, Inc. Extended context delivery for context-based authorization
US11290491B2 (en) * 2019-03-14 2022-03-29 Oracle International Corporation Methods, systems, and computer readable media for utilizing a security service engine to assess security vulnerabilities on a security gateway element
WO2022069657A1 (en) * 2020-09-30 2022-04-07 Siemens Aktiengesellschaft Method for operating a network, and computer program product
US11301557B2 (en) 2019-07-19 2022-04-12 Dell Products L.P. System and method for data processing device management
US11303678B2 (en) * 2019-08-15 2022-04-12 ColorTokens, Inc. Determination and autocorrection of modified security policies
US11322050B1 (en) * 2020-01-30 2022-05-03 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11329878B2 (en) 2019-09-26 2022-05-10 BitSight Technologies, Inc. Systems and methods for network asset discovery and association thereof with entities
US20220150241A1 (en) * 2020-11-11 2022-05-12 Hewlett Packard Enterprise Development Lp Permissions for backup-related operations
US20220158889A1 (en) * 2020-11-18 2022-05-19 Vmware, Inc. Efficient event-type-based log/event-message processing in a distributed log-analytics system
US11343237B1 (en) 2017-05-12 2022-05-24 F5, Inc. Methods for managing a federated identity environment using security and access control data and devices thereof
US11343270B1 (en) * 2019-09-10 2022-05-24 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11350254B1 (en) 2015-05-05 2022-05-31 F5, Inc. Methods for enforcing compliance policies and devices thereof
US11374958B2 (en) * 2018-10-31 2022-06-28 International Business Machines Corporation Security protection rule prediction and enforcement
US11388143B2 (en) * 2016-04-12 2022-07-12 Cyxtera Cybersecurity, Inc. Systems and methods for protecting network devices by a firewall
US11449799B1 (en) 2020-01-30 2022-09-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11455561B2 (en) * 2019-11-14 2022-09-27 International Business Machines Corporation Alerting to model degradation based on distribution analysis using risk tolerance ratings
US11463443B2 (en) * 2019-09-19 2022-10-04 Bank Of America Corporation Real-time management of access controls
US11477016B1 (en) 2019-09-10 2022-10-18 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11475132B2 (en) * 2020-04-24 2022-10-18 Netapp, Inc. Systems and methods for protecting against malware attacks
US20220345477A1 (en) * 2021-04-21 2022-10-27 Google Llc Automatic Vulnerability Mitigation in Cloud Environments
US11496438B1 (en) 2017-02-07 2022-11-08 F5, Inc. Methods for improved network security using asymmetric traffic delivery and devices thereof
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US20220391733A1 (en) * 2016-10-11 2022-12-08 International Business Machines Corporation System, method and computer program product for detecting policy violations
US11533175B1 (en) 2020-01-30 2022-12-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography on a smartcard
US11533312B2 (en) * 2019-07-10 2022-12-20 ColorTokens, Inc. Dynamically enforcing context sensitive network access control policies
US11539718B2 (en) 2020-01-10 2022-12-27 Vmware, Inc. Efficiently performing intrusion detection
US11567945B1 (en) 2020-08-27 2023-01-31 Pegasystems Inc. Customized digital content generation systems and methods
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US20230063962A1 (en) * 2021-08-31 2023-03-02 At&T Intellectual Property I, L.P. Securing corporate assets in the home
US11599422B2 (en) 2018-10-16 2023-03-07 EMC IP Holding Company LLC System and method for device independent backup in distributed system
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11626983B1 (en) 2019-09-10 2023-04-11 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11632373B2 (en) * 2019-06-18 2023-04-18 Microsoft Technology Licensing, Llc Activity based authorization for accessing and operating enterprise infrastructure
US11637811B2 (en) * 2019-07-31 2023-04-25 Capital One Services, Llc Automated firewall feedback from network traffic analysis
US11640465B2 (en) * 2019-11-13 2023-05-02 Vmware, Inc. Methods and systems for troubleshooting applications using streaming anomaly detection
US20230134122A1 (en) * 2019-04-05 2023-05-04 David M.T. Ting Continuous risk assessment for electronic protected health information
US11658995B1 (en) 2018-03-20 2023-05-23 F5, Inc. Methods for dynamically mitigating network attacks and devices thereof
CN116303097A (en) * 2023-05-16 2023-06-23 中国工商银行股份有限公司 Fuzzy test method, device, equipment, medium and program product for intelligent contract
US11689555B2 (en) 2020-12-11 2023-06-27 BitSight Technologies, Inc. Systems and methods for cybersecurity risk mitigation and management
US11687653B2 (en) * 2012-05-09 2023-06-27 SunStone Information Defense, Inc. Methods and apparatus for identifying and removing malicious applications
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US11704441B2 (en) 2019-09-03 2023-07-18 Palantir Technologies Inc. Charter-based access controls for managing computer resources
US20230252024A1 (en) * 2022-02-09 2023-08-10 International Business Machines Corporation Machine-learning-based, adaptive updating of quantitative data in database system
CN116578995A (en) * 2023-07-13 2023-08-11 汉兴同衡科技集团有限公司 Anti-attack information security vulnerability analysis method, system, terminal and medium
US11757946B1 (en) 2015-12-22 2023-09-12 F5, Inc. Methods for analyzing network traffic and enforcing network policies and devices thereof
US11768917B2 (en) 2019-11-14 2023-09-26 International Business Machines Corporation Systems and methods for alerting to model degradation based on distribution analysis
US11785025B2 (en) 2021-04-15 2023-10-10 Bank Of America Corporation Threat detection within information systems
US11799894B2 (en) * 2018-09-28 2023-10-24 AVAST Software s.r.o. Dual network security assessment engine
US11810013B2 (en) 2019-11-14 2023-11-07 International Business Machines Corporation Systems and methods for alerting to model degradation based on survival analysis
US11838410B1 (en) 2020-01-30 2023-12-05 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11888872B2 (en) 2020-05-15 2024-01-30 International Business Machines Corporation Protecting computer assets from malicious attacks
US11888897B2 (en) 2018-02-09 2024-01-30 SentinelOne, Inc. Implementing decoys in a network environment
US11895151B1 (en) * 2022-01-12 2024-02-06 Cloudflare, Inc. Phishing email campaign identification
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US11930025B2 (en) 2021-04-15 2024-03-12 Bank Of America Corporation Threat detection and prevention for information systems

Families Citing this family (248)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8406748B2 (en) 2009-01-28 2013-03-26 Headwater Partners I Llc Adaptive ambient services
US8275830B2 (en) * 2009-01-28 2012-09-25 Headwater Partners I Llc Device assisted CDR creation, aggregation, mediation and billing
US8346225B2 (en) 2009-01-28 2013-01-01 Headwater Partners I, Llc Quality of service for device assisted services
US8589541B2 (en) 2009-01-28 2013-11-19 Headwater Partners I Llc Device-assisted services for protecting network capacity
US8331901B2 (en) 2009-01-28 2012-12-11 Headwater Partners I, Llc Device assisted ambient services
US8832777B2 (en) 2009-03-02 2014-09-09 Headwater Partners I Llc Adapting network policies based on device service processor configuration
US8402111B2 (en) 2009-01-28 2013-03-19 Headwater Partners I, Llc Device assisted services install
US9237175B2 (en) * 2008-12-22 2016-01-12 Microsoft Technology Licensing, Llc Internet protocol (IP) address virtualization for terminal server sessions
US10326800B2 (en) * 2009-01-28 2019-06-18 Headwater Research Llc Wireless network service interfaces
US9954975B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Enhanced curfew and protection associated with a device group
US10492102B2 (en) 2009-01-28 2019-11-26 Headwater Research Llc Intermediate networking devices
US10237757B2 (en) 2009-01-28 2019-03-19 Headwater Research Llc System and method for wireless network offloading
US10841839B2 (en) 2009-01-28 2020-11-17 Headwater Research Llc Security, fraud detection, and fraud mitigation in device-assisted services systems
US9565707B2 (en) 2009-01-28 2017-02-07 Headwater Partners I Llc Wireless end-user device with wireless data attribution to multiple personas
US10248996B2 (en) 2009-01-28 2019-04-02 Headwater Research Llc Method for operating a wireless end-user device mobile payment agent
US9392462B2 (en) 2009-01-28 2016-07-12 Headwater Partners I Llc Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy
US10798252B2 (en) 2009-01-28 2020-10-06 Headwater Research Llc System and method for providing user notifications
US10264138B2 (en) * 2009-01-28 2019-04-16 Headwater Research Llc Mobile device and service management
US9955332B2 (en) 2009-01-28 2018-04-24 Headwater Research Llc Method for child wireless device activation to subscriber account of a master wireless device
US9270559B2 (en) 2009-01-28 2016-02-23 Headwater Partners I Llc Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow
US10779177B2 (en) 2009-01-28 2020-09-15 Headwater Research Llc Device group partitions and settlement platform
US10783581B2 (en) 2009-01-28 2020-09-22 Headwater Research Llc Wireless end-user device providing ambient or sponsored services
US9572019B2 (en) 2009-01-28 2017-02-14 Headwater Partners LLC Service selection set published to device agent with on-device service selection
US11218854B2 (en) 2009-01-28 2022-01-04 Headwater Research Llc Service plan design, user interfaces, application programming interfaces, and device management
US10715342B2 (en) 2009-01-28 2020-07-14 Headwater Research Llc Managing service user discovery and service launch object placement on a device
US9706061B2 (en) 2009-01-28 2017-07-11 Headwater Partners I Llc Service design center for device assisted services
US10200541B2 (en) 2009-01-28 2019-02-05 Headwater Research Llc Wireless end-user device with divided user space/kernel space traffic policy system
US9609510B2 (en) 2009-01-28 2017-03-28 Headwater Research Llc Automated credential porting for mobile devices
US9980146B2 (en) 2009-01-28 2018-05-22 Headwater Research Llc Communications device with secure data path processing agents
US10484858B2 (en) 2009-01-28 2019-11-19 Headwater Research Llc Enhanced roaming services and converged carrier networks with device assisted services and a proxy
US9544143B2 (en) 2010-03-03 2017-01-10 Duo Security, Inc. System and method of notifying mobile devices to complete transactions
US9532222B2 (en) 2010-03-03 2016-12-27 Duo Security, Inc. System and method of notifying mobile devices to complete transactions after additional agent verification
US9467463B2 (en) 2011-09-02 2016-10-11 Duo Security, Inc. System and method for assessing vulnerability of a mobile device
US8856936B2 (en) 2011-10-14 2014-10-07 Albeado Inc. Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security
US9680763B2 (en) 2012-02-14 2017-06-13 Airwatch, Llc Controlling distribution of resources in a network
US10404615B2 (en) 2012-02-14 2019-09-03 Airwatch, Llc Controlling distribution of resources on a network
US9134984B2 (en) * 2012-05-11 2015-09-15 Hobnob, Inc. Virtual network adapter
DE102012012521A1 (en) * 2012-06-26 2014-01-02 Inter Control Hermann Köhler Elektrik GmbH & Co. KG Apparatus and method for a safety-critical application
US8782809B2 (en) 2012-11-09 2014-07-15 International Business Machines Corporation Limiting information leakage and piracy due to virtual machine cloning
US9794288B1 (en) * 2012-12-19 2017-10-17 EMC IP Holding Company LLC Managing policy
US20140187252A1 (en) * 2012-12-27 2014-07-03 Vivek G. Gupta Distributed policy architecture
US20140280955A1 (en) 2013-03-14 2014-09-18 Sky Socket, Llc Controlling Electronically Communicated Resources
US20140308919A1 (en) * 2013-04-11 2014-10-16 Rawllin International Inc. Application-level trusted third party solution based on an antiviral mobile client
US8856865B1 (en) * 2013-05-16 2014-10-07 Iboss, Inc. Prioritizing content classification categories
US9246945B2 (en) * 2013-05-29 2016-01-26 International Business Machines Corporation Techniques for reconciling permission usage with security policy for policy optimization and monitoring continuous compliance
US9323514B2 (en) * 2013-05-30 2016-04-26 Microsoft Technology Licensing, Llc Resource package indexing
US9516005B2 (en) * 2013-08-20 2016-12-06 Airwatch Llc Individual-specific content management
US20220012346A1 (en) * 2013-09-13 2022-01-13 Vmware, Inc. Risk assessment for managed client devices
US9781046B1 (en) * 2013-11-19 2017-10-03 Tripwire, Inc. Bandwidth throttling in vulnerability scanning applications
RU2589863C2 (en) * 2013-12-05 2016-07-10 Закрытое акционерное общество "Лаборатория Касперского" System and method for assessing resources in computer network with position of objects of interest
DE102014201234A1 (en) * 2014-01-23 2015-07-23 Siemens Aktiengesellschaft Method, management device and device for certificate-based authentication of communication partners in a device
GB2522918A (en) * 2014-02-11 2015-08-12 Ibm Adaptive access control in relational database system
US11405410B2 (en) * 2014-02-24 2022-08-02 Cyphort Inc. System and method for detecting lateral movement and data exfiltration
US11373189B2 (en) * 2014-03-27 2022-06-28 EMC IP Holding Company LLC Self-learning online multi-layer method for unsupervised risk assessment
US9660933B2 (en) * 2014-04-17 2017-05-23 Go Daddy Operating Company, LLC Allocating and accessing hosting server resources via continuous resource availability updates
US10122753B2 (en) * 2014-04-28 2018-11-06 Sophos Limited Using reputation to avoid false malware detections
US10007602B2 (en) 2014-05-06 2018-06-26 International Business Machines Corporation Flash copy relationship management
US9736182B1 (en) * 2014-05-20 2017-08-15 EMC IP Holding Company LLC Context-aware compromise assessment
US10587641B2 (en) 2014-05-20 2020-03-10 Micro Focus Llc Point-wise protection of application using runtime agent and dynamic security analysis
CN107209658A (en) 2014-10-17 2017-09-26 艾佛伦美国公司 User is verified based on the digital fingerprint signal as derived from out of band data
WO2016073457A2 (en) * 2014-11-03 2016-05-12 Level 3 Communications, Llc Identifying a potential ddos attack using statistical analysis
US9609069B2 (en) * 2014-12-15 2017-03-28 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Administering a remote session between a target computing device and a remote computing device
WO2016097757A1 (en) 2014-12-18 2016-06-23 Sophos Limited A method and system for network access control based on traffic monitoring and vulnerability detection using process related information
US10108352B2 (en) * 2015-03-03 2018-10-23 International Business Machines Corporation Incremental replication of a source data set
US9983853B2 (en) * 2015-04-29 2018-05-29 Facebook Inc. Controlling data logging based on a lifecycle of a product
ES2758755T3 (en) 2015-06-01 2020-05-06 Duo Security Inc Method of applying endpoint health standards
US10362113B2 (en) * 2015-07-02 2019-07-23 Prasenjit Bhadra Cognitive intelligence platform for distributed M2M/ IoT systems
US10078658B2 (en) 2015-07-10 2018-09-18 Whether or Knot LLC Systems and methods for electronic data distribution
US9454564B1 (en) 2015-09-09 2016-09-27 Palantir Technologies Inc. Data integrity checks
US9756065B2 (en) 2015-09-28 2017-09-05 International Business Machines Corporation Sequencing virtual machines
US20170142157A1 (en) * 2015-11-13 2017-05-18 International Business Machines Corporation Optimization of cloud compliance services based on events and trends
WO2017091434A1 (en) 2015-11-25 2017-06-01 Carrier Corporation Extraction of policies from static permissions and access events for physical access control
US10078571B2 (en) * 2015-12-09 2018-09-18 International Business Machines Corporation Rule-based adaptive monitoring of application performance
US9860250B2 (en) * 2015-12-14 2018-01-02 Mastercard International Incorporated Systems and methods for use in indexing applications based on security standards
JP6698165B2 (en) * 2016-01-08 2020-05-27 エヌイーシー ラボラトリーズ ヨーロッパ ゲーエムベーハー Network operation method, network and orchestrator used in the method
JP6614980B2 (en) 2016-01-20 2019-12-04 キヤノン株式会社 Information processing apparatus, control method therefor, and program
DE102016205321A1 (en) * 2016-03-31 2017-10-05 Siemens Aktiengesellschaft Reduce an attack on a vulnerability of a device via a network access point
US11244367B2 (en) 2016-04-01 2022-02-08 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US11004125B2 (en) 2016-04-01 2021-05-11 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US20220164840A1 (en) 2016-04-01 2022-05-26 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
RU2622882C1 (en) * 2016-05-20 2017-06-20 Акционерное общество "Лаборатория Касперского" System and method of assigning connection security level
JP6731789B2 (en) * 2016-06-03 2020-07-29 キヤノン株式会社 Network device, control method thereof, and program
US11277448B2 (en) 2016-06-10 2022-03-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10318761B2 (en) 2016-06-10 2019-06-11 OneTrust, LLC Data processing systems and methods for auditing data request compliance
US10944725B2 (en) 2016-06-10 2021-03-09 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US11410106B2 (en) 2016-06-10 2022-08-09 OneTrust, LLC Privacy management systems and methods
US11475136B2 (en) 2016-06-10 2022-10-18 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US11438386B2 (en) 2016-06-10 2022-09-06 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11343284B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10565161B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for processing data subject access requests
US11227247B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11144622B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Privacy management systems and methods
US10997315B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11025675B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10839102B2 (en) 2016-06-10 2020-11-17 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US11138299B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11354435B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US10467432B2 (en) 2016-06-10 2019-11-05 OneTrust, LLC Data processing systems for use in automatically generating, populating, and submitting data subject access requests
US10565236B1 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11238390B2 (en) 2016-06-10 2022-02-01 OneTrust, LLC Privacy management systems and methods
US10803200B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US10685140B2 (en) 2016-06-10 2020-06-16 OneTrust, LLC Consent receipt management systems and related methods
US11295316B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US10169609B1 (en) 2016-06-10 2019-01-01 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10592692B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Data processing systems for central consent repository and related methods
US10284604B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US11222139B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems and methods for automatic discovery and assessment of mobile software development kits
US10607028B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US11418492B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US10997318B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US10846433B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing consent management systems and related methods
US11562097B2 (en) 2016-06-10 2023-01-24 OneTrust, LLC Data processing systems for central consent repository and related methods
US11416589B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10896394B2 (en) 2016-06-10 2021-01-19 OneTrust, LLC Privacy management systems and methods
US10949565B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11188862B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Privacy management systems and methods
US10503926B2 (en) 2016-06-10 2019-12-10 OneTrust, LLC Consent receipt management systems and related methods
US11586700B2 (en) 2016-06-10 2023-02-21 OneTrust, LLC Data processing systems and methods for automatically blocking the use of tracking tools
US10282559B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US11366786B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing systems for processing data subject access requests
US11134086B2 (en) 2016-06-10 2021-09-28 OneTrust, LLC Consent conversion optimization systems and related methods
US10796260B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Privacy management systems and methods
US10909265B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Application privacy scanning systems and related methods
US11200341B2 (en) 2016-06-10 2021-12-14 OneTrust, LLC Consent receipt management systems and related methods
US11366909B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11222142B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for validating authorization for personal data collection, storage, and processing
US11544667B2 (en) 2016-06-10 2023-01-03 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11651104B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Consent receipt management systems and related methods
US11651106B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11461500B2 (en) 2016-06-10 2022-10-04 OneTrust, LLC Data processing systems for cookie compliance testing with website scanning and related methods
US10510031B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10678945B2 (en) 2016-06-10 2020-06-09 OneTrust, LLC Consent receipt management systems and related methods
US11294939B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11100444B2 (en) 2016-06-10 2021-08-24 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11074367B2 (en) 2016-06-10 2021-07-27 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US10853501B2 (en) 2016-06-10 2020-12-01 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11520928B2 (en) 2016-06-10 2022-12-06 OneTrust, LLC Data processing systems for generating personal data receipts and related methods
US11087260B2 (en) 2016-06-10 2021-08-10 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11392720B2 (en) 2016-06-10 2022-07-19 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11146566B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11481710B2 (en) 2016-06-10 2022-10-25 OneTrust, LLC Privacy management systems and methods
US11228620B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11354434B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11057356B2 (en) 2016-06-10 2021-07-06 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US11727141B2 (en) 2016-06-10 2023-08-15 OneTrust, LLC Data processing systems and methods for synching privacy-related user consent across multiple computing devices
US11625502B2 (en) 2016-06-10 2023-04-11 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US10592648B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Consent receipt management systems and related methods
US10885485B2 (en) 2016-06-10 2021-01-05 OneTrust, LLC Privacy management systems and methods
US11151233B2 (en) 2016-06-10 2021-10-19 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11138242B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11675929B2 (en) 2016-06-10 2023-06-13 OneTrust, LLC Data processing consent sharing systems and related methods
US10740487B2 (en) 2016-06-10 2020-08-11 OneTrust, LLC Data processing systems and methods for populating and maintaining a centralized database of personal data
US11416590B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11188615B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Data processing consent capture systems and related methods
US11341447B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Privacy management systems and methods
US11157600B2 (en) 2016-06-10 2021-10-26 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11301796B2 (en) 2016-06-10 2022-04-12 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11023842B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11328092B2 (en) 2016-06-10 2022-05-10 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US10873606B2 (en) 2016-06-10 2020-12-22 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11210420B2 (en) 2016-06-10 2021-12-28 OneTrust, LLC Data subject access request processing systems and related methods
US11403377B2 (en) 2016-06-10 2022-08-02 OneTrust, LLC Privacy management systems and methods
US11636171B2 (en) 2016-06-10 2023-04-25 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11336697B2 (en) 2016-06-10 2022-05-17 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11416109B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US11416798B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11222309B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10909488B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US10783256B2 (en) 2016-06-10 2020-09-22 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US10606916B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11038925B2 (en) * 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10878127B2 (en) 2016-06-10 2020-12-29 OneTrust, LLC Data subject access request processing systems and related methods
US10572245B1 (en) 2016-08-30 2020-02-25 Amazon Technologies, Inc. Identifying versions of running programs using signatures derived from object files
EP3586259B1 (en) * 2017-02-27 2022-06-08 Ivanti, Inc. Systems and methods for context-based mitigation of computer security risks
WO2018157127A1 (en) 2017-02-27 2018-08-30 Ivanti, Inc. Systems and methods for role-based computer security configurations
US10540190B2 (en) * 2017-03-21 2020-01-21 International Business Machines Corporation Generic connector module capable of integrating multiple applications into an integration platform
CN106998359A (en) * 2017-03-24 2017-08-01 百度在线网络技术(北京)有限公司 The method for network access and device of speech-recognition services based on artificial intelligence
US10644980B2 (en) * 2017-03-29 2020-05-05 Ca, Inc. Automated enforcement of architecture guidelines for application programming interfaces
US10339321B2 (en) * 2017-05-02 2019-07-02 Dignity Health Cybersecurity maturity forecasting tool/dashboard
US10013577B1 (en) 2017-06-16 2018-07-03 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
CN109218049B (en) * 2017-06-30 2021-10-26 华为技术有限公司 Control method, related equipment and system
EP3442162B1 (en) * 2017-08-11 2020-02-19 KONE Corporation Device management system
US10225278B1 (en) * 2017-09-18 2019-03-05 Syniverse Technologies, Llc Method of assessing real-time security of sequenced packet exchange (SPX) network connection
US10649758B2 (en) 2017-11-01 2020-05-12 International Business Machines Corporation Group patching recommendation and/or remediation with risk assessment
US10412113B2 (en) 2017-12-08 2019-09-10 Duo Security, Inc. Systems and methods for intelligently configuring computer security
US10803186B2 (en) * 2017-12-12 2020-10-13 Fmr Llc Systems and methods for dynamic application management
US10640328B2 (en) * 2017-12-13 2020-05-05 Thyssenkrupp Elevator Ag System for compiling and transferring elevator configuration data and methods of using same
US10432634B2 (en) * 2018-01-04 2019-10-01 International Business Machines Corporation Gating of full network access pending delivery of notification information
US11861024B1 (en) * 2018-01-26 2024-01-02 Wells Fargo Bank, N.A. Systems and methods for data risk assessment
CN108418715B (en) * 2018-02-28 2020-12-18 重庆邮电大学 Resource discovery method in wireless network virtualization environment
US11531531B1 (en) 2018-03-08 2022-12-20 Amazon Technologies, Inc. Non-disruptive introduction of live update functionality into long-running applications
US10893418B2 (en) 2018-03-08 2021-01-12 Hewlett Packard Enterprise Development Lp AP deployment in a network comprising a centralized system and a distributed system
US10915638B2 (en) 2018-05-16 2021-02-09 Target Brands Inc. Electronic security evaluator
CN110581835B (en) * 2018-06-11 2022-04-12 阿里巴巴集团控股有限公司 Vulnerability detection method and device and terminal equipment
US11144675B2 (en) 2018-09-07 2021-10-12 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US10803202B2 (en) 2018-09-07 2020-10-13 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US11544409B2 (en) 2018-09-07 2023-01-03 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US10341430B1 (en) 2018-11-27 2019-07-02 Sailpoint Technologies, Inc. System and method for peer group detection, visualization and analysis in identity management artificial intelligence systems using cluster based analysis of network identity graphs
US10681056B1 (en) 2018-11-27 2020-06-09 Sailpoint Technologies, Inc. System and method for outlier and anomaly detection in identity management artificial intelligence systems using cluster based analysis of network identity graphs
US11658962B2 (en) 2018-12-07 2023-05-23 Cisco Technology, Inc. Systems and methods of push-based verification of a transaction
US11134430B2 (en) 2018-12-10 2021-09-28 At&T Intellectual Property I, L.P. System and method for detecting and acting upon a violation of terms of service
US11868474B2 (en) 2019-01-08 2024-01-09 Hewlett Packard Enterprise Development Lp Securing node groups
US10523682B1 (en) 2019-02-26 2019-12-31 Sailpoint Technologies, Inc. System and method for intelligent agents for decision support in network identity graph based identity management artificial intelligence systems
US10554665B1 (en) 2019-02-28 2020-02-04 Sailpoint Technologies, Inc. System and method for role mining in identity management artificial intelligence systems using cluster based analysis of network identity graphs
US11540132B2 (en) 2019-04-29 2022-12-27 Sonicwall Inc. Method for providing an elastic content filtering security service in a mesh network
US11310665B2 (en) * 2019-04-29 2022-04-19 Sonicwall Inc. Elastic security services and load balancing in a wireless mesh network
US11438963B2 (en) 2019-04-29 2022-09-06 Sonicwall Inc. Method for providing an elastic content filtering security service in a mesh network
CA3170901A1 (en) 2019-06-21 2020-12-24 Cyemptive Technologies, Inc. Method to prevent root level access attack and measurable sla security and compliance platform
US11609820B2 (en) 2019-07-31 2023-03-21 Dell Products L.P. Method and system for redundant distribution and reconstruction of storage metadata
US11775193B2 (en) 2019-08-01 2023-10-03 Dell Products L.P. System and method for indirect data classification in a storage system operations
US11916912B2 (en) 2019-08-21 2024-02-27 Aeris Communications, Inc. Method and system for providing secure access to IoT devices using access control
US11165787B2 (en) 2019-08-26 2021-11-02 Bank Of America Corporation System for authorization of electronic data access and processing functions within a distributed server network
EP4029223A1 (en) * 2019-09-10 2022-07-20 ARRIS Enterprises LLC User interface for configuring device-specific iot applications
US11316885B1 (en) 2019-10-30 2022-04-26 Rapid7, Inc. Self-learning data collection of machine characteristics
US11416357B2 (en) 2020-03-06 2022-08-16 Dell Products L.P. Method and system for managing a spare fault domain in a multi-fault domain data cluster
US11461677B2 (en) 2020-03-10 2022-10-04 Sailpoint Technologies, Inc. Systems and methods for data correlation and artifact matching in identity management artificial intelligence systems
US11399023B2 (en) 2020-04-21 2022-07-26 Cisco Technology, Inc. Revisiting device classification rules upon observation of new endpoint attributes
US11418326B2 (en) 2020-05-21 2022-08-16 Dell Products L.P. Method and system for performing secure data transactions in a data cluster
US10862928B1 (en) 2020-06-12 2020-12-08 Sailpoint Technologies, Inc. System and method for role validation in identity management artificial intelligence systems using analysis of network identity graphs
US11736525B1 (en) 2020-06-17 2023-08-22 Amazon Technologies, Inc. Generating access control policies using static analysis
US11550563B2 (en) * 2020-06-21 2023-01-10 Veego Software Ltd. Remote detection of device updates
WO2022011142A1 (en) 2020-07-08 2022-01-13 OneTrust, LLC Systems and methods for targeted data discovery
EP4189569A1 (en) 2020-07-28 2023-06-07 OneTrust LLC Systems and methods for automatically blocking the use of tracking tools
US20230161900A1 (en) * 2020-07-31 2023-05-25 Terratrue Inc. Compliance with use of personal data
US11475165B2 (en) 2020-08-06 2022-10-18 OneTrust, LLC Data processing systems and methods for automatically redacting unstructured data from a data subject access request
US11436373B2 (en) 2020-09-15 2022-09-06 OneTrust, LLC Data processing systems and methods for detecting tools for the automatic blocking of consent requests
US10938828B1 (en) 2020-09-17 2021-03-02 Sailpoint Technologies, Inc. System and method for predictive platforms in identity management artificial intelligence systems using analysis of network identity graphs
US11526624B2 (en) * 2020-09-21 2022-12-13 OneTrust, LLC Data processing systems and methods for automatically detecting target data transfers and target data processing
EP4241173A1 (en) 2020-11-06 2023-09-13 OneTrust LLC Systems and methods for identifying data processing activities based on data discovery results
US11196775B1 (en) 2020-11-23 2021-12-07 Sailpoint Technologies, Inc. System and method for predictive modeling for entitlement diffusion and role evolution in identity management artificial intelligence systems using network identity graphs
WO2022132950A1 (en) 2020-12-15 2022-06-23 ClearVector, Inc. Computer-implemented methods, systems comprising computer-readable media, and electronic devices for resource preservation and intervention within a network computing environment
US11687528B2 (en) 2021-01-25 2023-06-27 OneTrust, LLC Systems and methods for discovery, classification, and indexing of data in a native computing system
US11442906B2 (en) 2021-02-04 2022-09-13 OneTrust, LLC Managing custom attributes for domain objects defined within microservices
WO2022170254A1 (en) 2021-02-08 2022-08-11 OneTrust, LLC Data processing systems and methods for anonymizing data samples in classification analysis
US11601464B2 (en) 2021-02-10 2023-03-07 OneTrust, LLC Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system
US11775348B2 (en) 2021-02-17 2023-10-03 OneTrust, LLC Managing custom workflows for domain objects defined within microservices
US11546661B2 (en) 2021-02-18 2023-01-03 OneTrust, LLC Selective redaction of media content
US11295241B1 (en) 2021-02-19 2022-04-05 Sailpoint Technologies, Inc. System and method for incremental training of machine learning models in artificial intelligence systems, including incremental training using analysis of network identity graphs
WO2022192269A1 (en) 2021-03-08 2022-09-15 OneTrust, LLC Data transfer discovery and analysis systems and related methods
US20220294796A1 (en) * 2021-03-11 2022-09-15 Jeffrey B. Mitchell Personal awareness system and method for personal safety and digital content safety of a user
US11550925B2 (en) 2021-03-24 2023-01-10 Bank Of America Corporation Information security system for identifying potential security threats in software package deployment
US20220321534A1 (en) * 2021-03-31 2022-10-06 Cisco Technology, Inc. Context-aware secure access service edge (sase) engine
US11562078B2 (en) 2021-04-16 2023-01-24 OneTrust, LLC Assessing and managing computational risk involved with integrating third party computing functionality within a computing system
DE102021206609A1 (en) 2021-06-25 2022-12-29 Infineon Technologies Ag Secure environment, controller and system comprising these entities
US11227055B1 (en) 2021-07-30 2022-01-18 Sailpoint Technologies, Inc. System and method for automated access request recommendations
WO2023092120A1 (en) * 2021-11-21 2023-05-25 Ivanti, Inc. Endpoint assessment deduplication
US11444911B1 (en) 2022-02-22 2022-09-13 Oversec, Uab Domain name system configuration during virtual private network connection
US11620142B1 (en) 2022-06-03 2023-04-04 OneTrust, LLC Generating and customizing user interfaces for demonstrating functions of interactive user environments

Citations (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5666411A (en) * 1994-01-13 1997-09-09 Mccarty; Johnnie C. System for computer software protection
US5673322A (en) * 1996-03-22 1997-09-30 Bell Communications Research, Inc. System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks
US5732074A (en) * 1996-01-16 1998-03-24 Cellport Labs, Inc. Mobile portable wireless communication system
US5987611A (en) * 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US6012100A (en) * 1997-07-14 2000-01-04 Freegate Corporation System and method of configuring a remotely managed secure network interface
US6061650A (en) * 1996-09-10 2000-05-09 Nortel Networks Corporation Method and apparatus for transparently providing mobile network functionality
US6081508A (en) * 1998-02-25 2000-06-27 Indus River Networks, Inc. Remote computer communication
US6151628A (en) * 1997-07-03 2000-11-21 3Com Corporation Network access methods, including direct wireless to internet access
US6185609B1 (en) * 1997-10-24 2001-02-06 Sun Microsystems, Inc. Method, apparatus and program to provide client access to a management information service residing on a server in a computer network system
US6253327B1 (en) * 1998-12-02 2001-06-26 Cisco Technology, Inc. Single step network logon based on point to point protocol
US6298445B1 (en) * 1998-04-30 2001-10-02 Netect, Ltd. Computer security
US6377982B1 (en) * 1997-10-14 2002-04-23 Lucent Technologies Inc. Accounting system in a network
US6453035B1 (en) * 1998-03-02 2002-09-17 Stentor Resource Centre Inc. Method and apparatus for providing virtual private network services over public switched telephone network
US20020138756A1 (en) * 2001-03-20 2002-09-26 Douglas Makofka Path sealed software object conditional access control
US6493349B1 (en) * 1998-11-13 2002-12-10 Nortel Networks Limited Extended internet protocol virtual private network architectures
US20020199203A1 (en) * 2001-05-18 2002-12-26 John Duffy Switched digital video gateway
US6539482B1 (en) * 1998-04-10 2003-03-25 Sun Microsystems, Inc. Network access authentication system
US20030074580A1 (en) * 2001-03-21 2003-04-17 Knouse Charles W. Access system interface
US20030105978A1 (en) * 2001-11-13 2003-06-05 Sun Microsystems, Inc. Filter-based attribute value access control
US20030135611A1 (en) * 2002-01-14 2003-07-17 Dean Kemp Self-monitoring service system with improved user administration and user access control
US20030172292A1 (en) * 2002-03-08 2003-09-11 Paul Judge Systems and methods for message threat management
US6643782B1 (en) * 1998-08-03 2003-11-04 Cisco Technology, Inc. Method for providing single step log-on access to a differentiated computer network
US6654891B1 (en) * 1998-10-29 2003-11-25 Nortel Networks Limited Trusted network binding using LDAP (lightweight directory access protocol)
US20040005886A1 (en) * 2002-06-25 2004-01-08 Telefonaktiebolaget Lm Ericsson (Publ) Radio terminal, radio terminal controlling apparatus and location registration auxiliary apparatus
US6694437B1 (en) * 1999-06-22 2004-02-17 Institute For Information Technology System and method for on-demand access concentrator for virtual private networks
US6732270B1 (en) * 2000-10-23 2004-05-04 Motorola, Inc. Method to authenticate a network access server to an authentication server
US20040088565A1 (en) * 2002-11-04 2004-05-06 Norman Andrew Patrick Method of identifying software vulnerabilities on a computer system
US20040107360A1 (en) * 2002-12-02 2004-06-03 Zone Labs, Inc. System and Methodology for Policy Enforcement
US6748543B1 (en) * 1998-09-17 2004-06-08 Cisco Technology, Inc. Validating connections to a network system
US6751729B1 (en) * 1998-07-24 2004-06-15 Spatial Adventures, Inc. Automated operation and security system for virtual private networks
US20040123162A1 (en) * 2002-12-11 2004-06-24 Lightbridge, Inc. Methods and systems for authentication
US6760444B1 (en) * 1999-01-08 2004-07-06 Cisco Technology, Inc. Mobile IP authentication
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US6778498B2 (en) * 2001-03-20 2004-08-17 Mci, Inc. Virtual private network (VPN)-aware customer premises equipment (CPE) edge router
US20040167984A1 (en) * 2001-07-06 2004-08-26 Zone Labs, Inc. System Providing Methodology for Access Control with Cooperative Enforcement
US6785823B1 (en) * 1999-12-03 2004-08-31 Qualcomm Incorporated Method and apparatus for authentication in a wireless telecommunications system
US20040193907A1 (en) * 2003-03-28 2004-09-30 Joseph Patanella Methods and systems for assessing and advising on electronic compliance
US20040221174A1 (en) * 2003-04-29 2004-11-04 Eric Le Saint Uniform modular framework for a host computer system
US20050015622A1 (en) * 2003-02-14 2005-01-20 Williams John Leslie System and method for automated policy audit and remediation management
US6850943B2 (en) * 2002-10-18 2005-02-01 Check Point Software Technologies, Inc. Security system and methodology for providing indirect access control
US20050033596A1 (en) * 2003-06-26 2005-02-10 Tummolo John F. Web-accessible, single-tier host-server-side computer programming application and the backend supporting business processes that represent a turnkey solution to "enable the turnkey activation of affordable, private, secure, scalable, sophisticated and extensible hierarchical communication networks for a plurality of American communities comprised of a plurality of members who may use any internet service provider (ISP) and who may use any relevant web browsing client in any relevant PC operating system to access the capability."
US20050044418A1 (en) * 2003-07-25 2005-02-24 Gary Miliefsky Proactive network security system to protect against hackers
US20050060537A1 (en) * 2003-01-23 2005-03-17 Verdasys, Inc. Managed distribution of digital assets
US6874139B2 (en) * 2000-05-15 2005-03-29 Interfuse Technology Corporation Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program
US20050086511A1 (en) * 2003-08-21 2005-04-21 Boris Balacheff Method of and apparatus for controlling access to data
US20050132225A1 (en) * 2003-12-16 2005-06-16 Glenn Gearhart Method and system for cyber-security vulnerability detection and compliance measurement (CDCM)
US20050144475A1 (en) * 2003-12-11 2005-06-30 Nec Corporation Security verification method and device
US20050154885A1 (en) * 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US20050166065A1 (en) * 2004-01-22 2005-07-28 Edward Eytchison Methods and apparatus for determining an identity of a user
US20050172142A1 (en) * 2004-02-04 2005-08-04 Microsoft Corporation System and method utilizing clean groups for security management
US20050188065A1 (en) * 2002-07-10 2005-08-25 Cisco Technology, Inc. System and method for communicating in a loadbalancing environment
US20050223221A1 (en) * 2001-11-22 2005-10-06 Proudler Graeme J Apparatus and method for creating a trusted environment
US20050246767A1 (en) * 2004-04-26 2005-11-03 Fazal Lookman Y Method and apparatus for network security based on device security status
US7058821B1 (en) * 2001-01-17 2006-06-06 Ipolicy Networks, Inc. System and method for detection of intrusion attacks on packets transmitted on a network
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
US20070124803A1 (en) * 2005-11-29 2007-05-31 Nortel Networks Limited Method and apparatus for rating a compliance level of a computer connecting to a network
US20070143827A1 (en) * 2005-12-21 2007-06-21 Fiberlink Methods and systems for intelligently controlling access to computing resources
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US7805752B2 (en) * 2005-11-09 2010-09-28 Symantec Corporation Dynamic endpoint compliance policy configuration

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7249187B2 (en) * 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US20050138408A1 (en) 2003-12-22 2005-06-23 International Business Machines Corporation Autonomic self-configuring alternate operating system environment which includes personalization
US20070143851A1 (en) 2005-12-21 2007-06-21 Fiberlink Method and systems for controlling access to computing resources based on known security vulnerabilities
US8104077B1 (en) * 2006-01-03 2012-01-24 Symantec Corporation System and method for adaptive end-point compliance
US8352998B1 (en) * 2006-08-17 2013-01-08 Juniper Networks, Inc. Policy evaluation in controlled environment
US9426179B2 (en) * 2009-03-17 2016-08-23 Sophos Limited Protecting sensitive information from a secure data store
US8856292B2 (en) * 2009-10-27 2014-10-07 Cisco Technology, Inc. Managing command compliance in internetworking devices
WO2013006553A1 (en) * 2011-07-01 2013-01-10 Fiberlink Communications Corporation Rules based actions for mobile device management

Patent Citations (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5666411A (en) * 1994-01-13 1997-09-09 Mccarty; Johnnie C. System for computer software protection
US5732074A (en) * 1996-01-16 1998-03-24 Cellport Labs, Inc. Mobile portable wireless communication system
US5673322A (en) * 1996-03-22 1997-09-30 Bell Communications Research, Inc. System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks
US6061650A (en) * 1996-09-10 2000-05-09 Nortel Networks Corporation Method and apparatus for transparently providing mobile network functionality
US5987611A (en) * 1996-12-31 1999-11-16 Zone Labs, Inc. System and methodology for managing internet access on a per application basis for client computers connected to the internet
US6151628A (en) * 1997-07-03 2000-11-21 3Com Corporation Network access methods, including direct wireless to internet access
US6012100A (en) * 1997-07-14 2000-01-04 Freegate Corporation System and method of configuring a remotely managed secure network interface
US6377982B1 (en) * 1997-10-14 2002-04-23 Lucent Technologies Inc. Accounting system in a network
US6185609B1 (en) * 1997-10-24 2001-02-06 Sun Microsystems, Inc. Method, apparatus and program to provide client access to a management information service residing on a server in a computer network system
US6081508A (en) * 1998-02-25 2000-06-27 Indus River Networks, Inc. Remote computer communication
US6453035B1 (en) * 1998-03-02 2002-09-17 Stentor Resource Centre Inc. Method and apparatus for providing virtual private network services over public switched telephone network
US6539482B1 (en) * 1998-04-10 2003-03-25 Sun Microsystems, Inc. Network access authentication system
US6298445B1 (en) * 1998-04-30 2001-10-02 Netect, Ltd. Computer security
US6751729B1 (en) * 1998-07-24 2004-06-15 Spatial Adventures, Inc. Automated operation and security system for virtual private networks
US6643782B1 (en) * 1998-08-03 2003-11-04 Cisco Technology, Inc. Method for providing single step log-on access to a differentiated computer network
US6748543B1 (en) * 1998-09-17 2004-06-08 Cisco Technology, Inc. Validating connections to a network system
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US6654891B1 (en) * 1998-10-29 2003-11-25 Nortel Networks Limited Trusted network binding using LDAP (lightweight directory access protocol)
US6493349B1 (en) * 1998-11-13 2002-12-10 Nortel Networks Limited Extended internet protocol virtual private network architectures
US6253327B1 (en) * 1998-12-02 2001-06-26 Cisco Technology, Inc. Single step network logon based on point to point protocol
US6760444B1 (en) * 1999-01-08 2004-07-06 Cisco Technology, Inc. Mobile IP authentication
US6694437B1 (en) * 1999-06-22 2004-02-17 Institute For Information Technology System and method for on-demand access concentrator for virtual private networks
US6785823B1 (en) * 1999-12-03 2004-08-31 Qualcomm Incorporated Method and apparatus for authentication in a wireless telecommunications system
US6766453B1 (en) * 2000-04-28 2004-07-20 3Com Corporation Authenticated diffie-hellman key agreement protocol where the communicating parties share a secret key with a third party
US6874139B2 (en) * 2000-05-15 2005-03-29 Interfuse Technology Corporation Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program
US20050154885A1 (en) * 2000-05-15 2005-07-14 Interfuse Technology, Inc. Electronic data security system and method
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
US6732270B1 (en) * 2000-10-23 2004-05-04 Motorola, Inc. Method to authenticate a network access server to an authentication server
US7058821B1 (en) * 2001-01-17 2006-06-06 Ipolicy Networks, Inc. System and method for detection of intrusion attacks on packets transmitted on a network
US20020138756A1 (en) * 2001-03-20 2002-09-26 Douglas Makofka Path sealed software object conditional access control
US6778498B2 (en) * 2001-03-20 2004-08-17 Mci, Inc. Virtual private network (VPN)-aware customer premises equipment (CPE) edge router
US20030074580A1 (en) * 2001-03-21 2003-04-17 Knouse Charles W. Access system interface
US20020199203A1 (en) * 2001-05-18 2002-12-26 John Duffy Switched digital video gateway
US20040167984A1 (en) * 2001-07-06 2004-08-26 Zone Labs, Inc. System Providing Methodology for Access Control with Cooperative Enforcement
US20030105978A1 (en) * 2001-11-13 2003-06-05 Sun Microsystems, Inc. Filter-based attribute value access control
US20050223221A1 (en) * 2001-11-22 2005-10-06 Proudler Graeme J Apparatus and method for creating a trusted environment
US20030135611A1 (en) * 2002-01-14 2003-07-17 Dean Kemp Self-monitoring service system with improved user administration and user access control
US7243148B2 (en) * 2002-01-15 2007-07-10 Mcafee, Inc. System and method for network vulnerability detection and reporting
US20030172292A1 (en) * 2002-03-08 2003-09-11 Paul Judge Systems and methods for message threat management
US20040005886A1 (en) * 2002-06-25 2004-01-08 Telefonaktiebolaget Lm Ericsson (Publ) Radio terminal, radio terminal controlling apparatus and location registration auxiliary apparatus
US20050188065A1 (en) * 2002-07-10 2005-08-25 Cisco Technology, Inc. System and method for communicating in a loadbalancing environment
US6850943B2 (en) * 2002-10-18 2005-02-01 Check Point Software Technologies, Inc. Security system and methodology for providing indirect access control
US20040088565A1 (en) * 2002-11-04 2004-05-06 Norman Andrew Patrick Method of identifying software vulnerabilities on a computer system
US20040107360A1 (en) * 2002-12-02 2004-06-03 Zone Labs, Inc. System and Methodology for Policy Enforcement
US20040123162A1 (en) * 2002-12-11 2004-06-24 Lightbridge, Inc. Methods and systems for authentication
US20050060537A1 (en) * 2003-01-23 2005-03-17 Verdasys, Inc. Managed distribution of digital assets
US20050015622A1 (en) * 2003-02-14 2005-01-20 Williams John Leslie System and method for automated policy audit and remediation management
US20040193907A1 (en) * 2003-03-28 2004-09-30 Joseph Patanella Methods and systems for assessing and advising on electronic compliance
US20040221174A1 (en) * 2003-04-29 2004-11-04 Eric Le Saint Uniform modular framework for a host computer system
US20050033596A1 (en) * 2003-06-26 2005-02-10 Tummolo John F. Web-accessible, single-tier host-server-side computer programming application and the backend supporting business processes that represent a turnkey solution to "enable the turnkey activation of affordable, private, secure, scalable, sophisticated and extensible hierarchical communication networks for a plurality of American communities comprised of a plurality of members who may use any internet service provider (ISP) and who may use any relevant web browsing client in any relevant PC operating system to access the capability."
US20050044418A1 (en) * 2003-07-25 2005-02-24 Gary Miliefsky Proactive network security system to protect against hackers
US20050086511A1 (en) * 2003-08-21 2005-04-21 Boris Balacheff Method of and apparatus for controlling access to data
US20050144475A1 (en) * 2003-12-11 2005-06-30 Nec Corporation Security verification method and device
US20050132225A1 (en) * 2003-12-16 2005-06-16 Glenn Gearhart Method and system for cyber-security vulnerability detection and compliance measurement (CDCM)
US20050166065A1 (en) * 2004-01-22 2005-07-28 Edward Eytchison Methods and apparatus for determining an identity of a user
US20050172142A1 (en) * 2004-02-04 2005-08-04 Microsoft Corporation System and method utilizing clean groups for security management
US20050246767A1 (en) * 2004-04-26 2005-11-03 Fazal Lookman Y Method and apparatus for network security based on device security status
US7805752B2 (en) * 2005-11-09 2010-09-28 Symantec Corporation Dynamic endpoint compliance policy configuration
US20070124803A1 (en) * 2005-11-29 2007-05-31 Nortel Networks Limited Method and apparatus for rating a compliance level of a computer connecting to a network
US20070143827A1 (en) * 2005-12-21 2007-06-21 Fiberlink Methods and systems for intelligently controlling access to computing resources

Cited By (1057)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8756653B2 (en) 1998-06-25 2014-06-17 Yaszistra Fund Iii, Llc Network policy management and effectiveness system
US7917938B2 (en) * 1998-06-25 2011-03-29 Jacobson Andrea M Network policy management and effectiveness system
US20110093914A1 (en) * 1998-06-25 2011-04-21 Yaszistra Fund Iii, Llc. Network policy management and effectiveness system
US8381305B2 (en) 1998-06-25 2013-02-19 Yaszistra Fund Iii, Llc Network policy management and effectiveness system
US20070261121A1 (en) * 1998-06-25 2007-11-08 Jacobson Andrea M Network Policy Management And Effectiveness System
US8539063B1 (en) 2003-08-29 2013-09-17 Mcafee, Inc. Method and system for containment of networked application client software by explicit human input
US8762928B2 (en) 2003-12-17 2014-06-24 Mcafee, Inc. Method and system for containment of usage of language interfaces
US8549546B2 (en) 2003-12-17 2013-10-01 Mcafee, Inc. Method and system for containment of usage of language interfaces
US8561082B2 (en) 2003-12-17 2013-10-15 Mcafee, Inc. Method and system for containment of usage of language interfaces
USRE48679E1 (en) 2004-04-30 2021-08-10 Blackberry Limited System and method for handling data transfers
USRE49721E1 (en) 2004-04-30 2023-11-07 Blackberry Limited System and method for handling data transfers
US8561051B2 (en) 2004-09-07 2013-10-15 Mcafee, Inc. Solidifying the executable software set of a computer
US20110093842A1 (en) * 2004-09-07 2011-04-21 Mcafee, Inc., A Delaware Corporation Solidifying the executable software set of a computer
US8931035B2 (en) 2004-10-01 2015-01-06 Microsoft Corporation Access authorization having embedded policies
US9069941B2 (en) 2004-10-01 2015-06-30 Microsoft Technology Licensing, Llc Access authorization having embedded policies
US7685632B2 (en) 2004-10-01 2010-03-23 Microsoft Corporation Access authorization having a centralized policy
US20110126260A1 (en) * 2004-10-01 2011-05-26 Microsoft Corporation Access authorization having embedded policies
US20060075461A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization having a centralized policy
US8453200B2 (en) 2004-10-01 2013-05-28 Microsoft Corporation Access authorization having embedded policies
US20060075462A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization having embedded policies
US8181219B2 (en) 2004-10-01 2012-05-15 Microsoft Corporation Access authorization having embedded policies
US7904956B2 (en) * 2004-10-01 2011-03-08 Microsoft Corporation Access authorization with anomaly detection
US20060075492A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization with anomaly detection
US8161557B2 (en) 2005-01-31 2012-04-17 Microsoft Corporation System and method of caching decisions on when to scan for malware
US10230588B2 (en) * 2005-07-07 2019-03-12 Sciencelogic, Inc. Dynamically deployable self configuring distributed network management system using a trust domain specification to authorize execution of network collection software on hardware components
US7603708B2 (en) * 2005-07-13 2009-10-13 Microsoft Corporation Securing network services using network action control lists
US20070016675A1 (en) * 2005-07-13 2007-01-18 Microsoft Corporation Securing network services using network action control lists
US8763118B2 (en) 2005-07-14 2014-06-24 Mcafee, Inc. Classification of software on networked systems
US7571483B1 (en) * 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
US8514827B2 (en) 2005-10-13 2013-08-20 Trapeze Networks, Inc. System and network for wireless network monitoring
US7805752B2 (en) 2005-11-09 2010-09-28 Symantec Corporation Dynamic endpoint compliance policy configuration
US10313368B2 (en) 2005-12-13 2019-06-04 Cupp Computing As System and method for providing data and device security between external and host devices
US11822653B2 (en) 2005-12-13 2023-11-21 Cupp Computing As System and method for providing network security to mobile devices
US10089462B2 (en) 2005-12-13 2018-10-02 Cupp Computing As System and method for providing network security to mobile devices
US10417421B2 (en) 2005-12-13 2019-09-17 Cupp Computing As System and method for providing network security to mobile devices
US9781164B2 (en) 2005-12-13 2017-10-03 Cupp Computing As System and method for providing network security to mobile devices
US10541969B2 (en) 2005-12-13 2020-01-21 Cupp Computing As System and method for implementing content and network security inside a chip
US20150215282A1 (en) 2005-12-13 2015-07-30 Cupp Computing As System and method for implementing content and network security inside a chip
US10839075B2 (en) 2005-12-13 2020-11-17 Cupp Computing As System and method for providing network security to mobile devices
US11461466B2 (en) 2005-12-13 2022-10-04 Cupp Computing As System and method for providing network security to mobile devices
US9747444B1 (en) 2005-12-13 2017-08-29 Cupp Computing As System and method for providing network security to mobile devices
US10621344B2 (en) 2005-12-13 2020-04-14 Cupp Computing As System and method for providing network security to mobile devices
US9923918B2 (en) 2005-12-21 2018-03-20 International Business Machines Corporation Methods and systems for controlling access to computing resources based on known security vulnerabilities
US8955038B2 (en) 2005-12-21 2015-02-10 Fiberlink Communications Corporation Methods and systems for controlling access to computing resources based on known security vulnerabilities
US20070143827A1 (en) * 2005-12-21 2007-06-21 Fiberlink Methods and systems for intelligently controlling access to computing resources
US9608997B2 (en) 2005-12-21 2017-03-28 International Business Machines Corporation Methods and systems for controlling access to computing resources based on known security vulnerabilities
US8643485B2 (en) 2005-12-29 2014-02-04 At&T Intellectual Property Ii, L.P. Method and apparatus for suppressing duplicate alarms
US7930746B1 (en) * 2005-12-29 2011-04-19 At&T Intellectual Property Ii, L.P. Method and apparatus for detecting anomalous network activities
US8248227B2 (en) 2005-12-29 2012-08-21 At&T Intellectual Property Ii, L.P. Method and apparatus for suppressing duplicate alarms
US20080284581A1 (en) * 2005-12-29 2008-11-20 Daniel Sheleheda Method and apparatus for suppressing duplicate alarms
US9286784B2 (en) 2005-12-29 2016-03-15 At&T Intellectual Property Ii, L.P. Method and apparatus for suppressing duplicate alarms
US7561158B2 (en) * 2006-01-11 2009-07-14 International Business Machines Corporation Method and apparatus for presenting feature importance in predictive modeling
US20070159481A1 (en) * 2006-01-11 2007-07-12 Naoki Abe Method and apparatus for presenting feature importance in predictive modeling
US20160127419A1 (en) * 2006-01-13 2016-05-05 Fortinet, Inc. Computerized system and method for advanced network content processing
US9825993B2 (en) * 2006-01-13 2017-11-21 Fortinet, Inc. Computerized system and method for advanced network content processing
US20130305346A1 (en) * 2006-01-13 2013-11-14 Fortinet, Inc. Computerized system and method for advanced network content processing
US10009386B2 (en) * 2006-01-13 2018-06-26 Fortinet, Inc. Computerized system and method for advanced network content processing
US20170302705A1 (en) * 2006-01-13 2017-10-19 Fortinet, Inc. Computerized system and method for advanced network content processing
US20150113630A1 (en) * 2006-01-13 2015-04-23 Fortinet, Inc. Computerized system and method for advanced network content processing
US9253155B2 (en) * 2006-01-13 2016-02-02 Fortinet, Inc. Computerized system and method for advanced network content processing
US8925065B2 (en) * 2006-01-13 2014-12-30 Fortinet, Inc. Computerized system and method for advanced network content processing
US9602515B2 (en) 2006-02-02 2017-03-21 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US8707446B2 (en) 2006-02-02 2014-04-22 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US9134998B2 (en) 2006-02-02 2015-09-15 Mcafee, Inc. Enforcing alignment of approved changes and deployed changes in the software change life-cycle
US20070195958A1 (en) * 2006-02-22 2007-08-23 Czuchry Andrew J Extensible closed-loop security system
US10360382B2 (en) 2006-03-27 2019-07-23 Mcafee, Llc Execution environment file inventory
US9576142B2 (en) 2006-03-27 2017-02-21 Mcafee, Inc. Execution environment file inventory
US20110138461A1 (en) * 2006-03-27 2011-06-09 Mcafee, Inc., A Delaware Corporation Execution environment file inventory
US20070230486A1 (en) * 2006-03-29 2007-10-04 Emile Zafirov Communication and compliance monitoring system
US10838569B2 (en) 2006-03-30 2020-11-17 Pegasystems Inc. Method and apparatus for user interface non-conformance detection and correction
US9658735B2 (en) 2006-03-30 2017-05-23 Pegasystems Inc. Methods and apparatus for user interface optimization
US20100040059A1 (en) * 2006-05-03 2010-02-18 Trapeze Networks, Inc. System and method for restricting network access using forwarding databases
US8964747B2 (en) * 2006-05-03 2015-02-24 Trapeze Networks, Inc. System and method for restricting network access using forwarding databases
US8555404B1 (en) 2006-05-18 2013-10-08 Mcafee, Inc. Connectivity-based authorization
US8966018B2 (en) 2006-05-19 2015-02-24 Trapeze Networks, Inc. Automated network device configuration and network deployment
US10327202B2 (en) 2006-06-09 2019-06-18 Trapeze Networks, Inc. AP-local dynamic switching
US9258702B2 (en) 2006-06-09 2016-02-09 Trapeze Networks, Inc. AP-local dynamic switching
US11432147B2 (en) 2006-06-09 2022-08-30 Trapeze Networks, Inc. Untethered access point mesh system and method
US9838942B2 (en) 2006-06-09 2017-12-05 Trapeze Networks, Inc. AP-local dynamic switching
US10798650B2 (en) 2006-06-09 2020-10-06 Trapeze Networks, Inc. AP-local dynamic switching
US11758398B2 (en) 2006-06-09 2023-09-12 Juniper Networks, Inc. Untethered access point mesh system and method
US8818322B2 (en) 2006-06-09 2014-08-26 Trapeze Networks, Inc. Untethered access point mesh system and method
US10834585B2 (en) 2006-06-09 2020-11-10 Trapeze Networks, Inc. Untethered access point mesh system and method
US11627461B2 (en) 2006-06-09 2023-04-11 Juniper Networks, Inc. AP-local dynamic switching
US20070289016A1 (en) * 2006-06-13 2007-12-13 Sanjay Pradhan Bi-modular system and method for detecting and removing harmful files using signature scanning
US20080022378A1 (en) * 2006-06-21 2008-01-24 Rolf Repasi Restricting malicious libraries
US20080107274A1 (en) * 2006-06-21 2008-05-08 Rf Code, Inc. Location-based security, privacy, assess control and monitoring system
US8577042B2 (en) * 2006-06-21 2013-11-05 Rf Code, Inc. Location-based security, privacy, access control and monitoring system
US8239915B1 (en) * 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
US8763076B1 (en) 2006-06-30 2014-06-24 Symantec Corporation Endpoint management using trust rating data
US8266701B2 (en) * 2006-07-12 2012-09-11 Verizon Services Corp. Systems and methods for measuring cyber based risks in an enterprise organization
US20080016563A1 (en) * 2006-07-12 2008-01-17 Verizon Services Corp. Systems and methods for measuring cyber based risks in an enterprise organization
US8032928B2 (en) * 2006-07-14 2011-10-04 At&T Intellectual Property I, L.P. Methods, devices, and computer program products for controlling wireless connection access
US20080086761A1 (en) * 2006-07-14 2008-04-10 At&T Intellectual Property, Inc. Methods, devices, and computer program products for controlling wireless connection access
US20080059643A1 (en) * 2006-09-06 2008-03-06 Harold Moss Compliance initiative navigation
US7620729B2 (en) * 2006-09-06 2009-11-17 International Business Machines Corporation Compliance initiative navigation
US20080172716A1 (en) * 2006-09-12 2008-07-17 Rajesh Talpade IP network vulnerability and policy compliance assessment by IP device analysis
US20080082538A1 (en) * 2006-09-28 2008-04-03 Microsoft Corporation Access management in an off-premise environment
US8341405B2 (en) * 2006-09-28 2012-12-25 Microsoft Corporation Access management in an off-premise environment
US20080120611A1 (en) * 2006-10-30 2008-05-22 Jeffrey Aaron Methods, systems, and computer program products for controlling software application installations
US8793682B2 (en) 2006-10-30 2014-07-29 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for controlling software application installations
US8413135B2 (en) * 2006-10-30 2013-04-02 At&T Intellectual Property I, L.P. Methods, systems, and computer program products for controlling software application installations
US20110040983A1 (en) * 2006-11-09 2011-02-17 Grzymala-Busse Withold J System and method for providing identity theft security
US7954143B2 (en) * 2006-11-13 2011-05-31 At&T Intellectual Property I, Lp Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
US20080115190A1 (en) * 2006-11-13 2008-05-15 Jeffrey Aaron Methods, network services, and computer program products for dynamically assigning users to firewall policy groups
US20080120691A1 (en) * 2006-11-21 2008-05-22 Novell, Inc. Control of communication ports of computing devices using policy-based decisions
US8590002B1 (en) * 2006-11-29 2013-11-19 Mcafee Inc. System, method and computer program product for maintaining a confidentiality of data on a network
US20080148346A1 (en) * 2006-12-15 2008-06-19 Ravinder Gill Compliance control system
US20080162338A1 (en) * 2006-12-30 2008-07-03 Maurice Samuels Method and system for mitigating risk of fraud in internet banking
US8788419B2 (en) * 2006-12-30 2014-07-22 First Data Corporation Method and system for mitigating risk of fraud in internet banking
US8132259B2 (en) * 2007-01-04 2012-03-06 International Business Machines Corporation System and method for security planning with soft security constraints
US20080168529A1 (en) * 2007-01-04 2008-07-10 Kay Schwendimann Anderson System and method for security planning with soft security constraints
US9864868B2 (en) 2007-01-10 2018-01-09 Mcafee, Llc Method and apparatus for process enforced configuration management
US9424154B2 (en) 2007-01-10 2016-08-23 Mcafee, Inc. Method of and system for computer system state checks
US8701182B2 (en) 2007-01-10 2014-04-15 Mcafee, Inc. Method and apparatus for process enforced configuration management
US8707422B2 (en) 2007-01-10 2014-04-22 Mcafee, Inc. Method and apparatus for process enforced configuration management
US20100272258A1 (en) * 2007-02-02 2010-10-28 Microsoft Corporation Bidirectional dynamic offloading of tasks between a host and a mobile device
US7966039B2 (en) * 2007-02-02 2011-06-21 Microsoft Corporation Bidirectional dynamic offloading of tasks between a host and a mobile device
US8112116B2 (en) 2007-02-02 2012-02-07 Microsoft Corporation Bidirectional dynamic offloading of tasks between a host and a mobile device
US20110214126A1 (en) * 2007-02-02 2011-09-01 Microsoft Corporation Bidirectional dynamic offloading of tasks between a host and a mobile device
US8762295B2 (en) 2007-02-11 2014-06-24 Trend Micro Incorporated Methods and system for determining licensing/billing fees for computer security software
US20080195560A1 (en) * 2007-02-11 2008-08-14 Blake Stanton Sutherland Methods and system for determining licensing/billing fees for computer security software
US7885976B2 (en) * 2007-02-23 2011-02-08 International Business Machines Corporation Identification, notification, and control of data access quantity and patterns
US20080208866A1 (en) * 2007-02-23 2008-08-28 International Business Machines Corporation Identification, notification, and control of data access quantity and patterns
US9189361B2 (en) * 2007-03-02 2015-11-17 Pegasystems Inc. Proactive performance management for multi-user enterprise software systems
US7496201B2 (en) 2007-03-02 2009-02-24 Westintech Llc Portable host-pluggable appliance tracking system
US20130007267A1 (en) * 2007-03-02 2013-01-03 Pegasystems Inc. Proactive Performance Management for Multi-User Enterprise Software Systems
US20100115092A1 (en) * 2007-03-02 2010-05-06 Westin Tech, Inc. Mobile device or computer theft recovery system and method
US9083624B2 (en) 2007-03-02 2015-07-14 Activetrak, Inc. Mobile device or computer theft recovery system and method
US10567403B2 (en) 2007-03-05 2020-02-18 Cupp Computing As System and method for providing data and device security between external and host devices
US10419459B2 (en) 2007-03-05 2019-09-17 Cupp Computing As System and method for providing data and device security between external and host devices
US10999302B2 (en) 2007-03-05 2021-05-04 Cupp Computing As System and method for providing data and device security between external and host devices
US11652829B2 (en) 2007-03-05 2023-05-16 Cupp Computing As System and method for providing data and device security between external and host devices
US8141155B2 (en) 2007-03-16 2012-03-20 Prevari Predictive assessment of network risks
US20110162073A1 (en) * 2007-03-16 2011-06-30 Prevari Predictive Assessment of Network Risks
US20080229420A1 (en) * 2007-03-16 2008-09-18 Jeschke Konikaye Predictive Assessment of Network Risks
US7900259B2 (en) * 2007-03-16 2011-03-01 Prevari Predictive assessment of network risks
US20080235801A1 (en) * 2007-03-20 2008-09-25 Microsoft Corporation Combining assessment models and client targeting to identify network security vulnerabilities
US8302196B2 (en) * 2007-03-20 2012-10-30 Microsoft Corporation Combining assessment models and client targeting to identify network security vulnerabilities
US20080244690A1 (en) * 2007-04-02 2008-10-02 Microsoft Corporation Deriving remediations from security compliance rules
US8533841B2 (en) * 2007-04-02 2013-09-10 Microsoft Corporation Deriving remediations from security compliance rules
US8862752B2 (en) 2007-04-11 2014-10-14 Mcafee, Inc. System, method, and computer program product for conditionally preventing the transfer of data based on a location thereof
US20080256638A1 (en) * 2007-04-12 2008-10-16 Core Sdi, Inc. System and method for providing network penetration testing
US8365289B2 (en) * 2007-04-12 2013-01-29 Core Sdi, Incorporated System and method for providing network penetration testing
US8621008B2 (en) 2007-04-26 2013-12-31 Mcafee, Inc. System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US8943158B2 (en) 2007-04-26 2015-01-27 Mcafee, Inc. System, method and computer program product for performing an action based on an aspect of an electronic mail message thread
US20150066577A1 (en) * 2007-04-30 2015-03-05 Evantix Grc, Llc Method and system for assessing, managing and monitoring information technology risk
US20080276295A1 (en) * 2007-05-04 2008-11-06 Bini Krishnan Ananthakrishnan Nair Network security scanner for enterprise protection
US8850587B2 (en) * 2007-05-04 2014-09-30 Wipro Limited Network security scanner for enterprise protection
US8793802B2 (en) 2007-05-22 2014-07-29 Mcafee, Inc. System, method, and computer program product for preventing data leakage utilizing a map of data
US20110131324A1 (en) * 2007-05-24 2011-06-02 Animesh Chaturvedi Managing network security
US8341739B2 (en) * 2007-05-24 2012-12-25 Foundry Networks, Llc Managing network security
US8650295B2 (en) * 2007-05-24 2014-02-11 Foundry Networks, Llc Managing network security
US8522349B2 (en) 2007-05-25 2013-08-27 International Business Machines Corporation Detecting and defending against man-in-the-middle attacks
US20080295169A1 (en) * 2007-05-25 2008-11-27 Crume Jeffery L Detecting and defending against man-in-the-middle attacks
US8533821B2 (en) * 2007-05-25 2013-09-10 International Business Machines Corporation Detecting and defending against man-in-the-middle attacks
US10951659B2 (en) 2007-05-30 2021-03-16 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US9391956B2 (en) 2007-05-30 2016-07-12 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US11757941B2 (en) 2007-05-30 2023-09-12 CUPP Computer AS System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10057295B2 (en) 2007-05-30 2018-08-21 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10904293B2 (en) 2007-05-30 2021-01-26 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10284603B2 (en) 2007-05-30 2019-05-07 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20180302444A1 (en) 2007-05-30 2018-10-18 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US9756079B2 (en) 2007-05-30 2017-09-05 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20090006859A1 (en) * 2007-06-28 2009-01-01 Zimmer Vincent J System and method for out-of-band assisted biometric secure boot
US9158920B2 (en) * 2007-06-28 2015-10-13 Intel Corporation System and method for out-of-band assisted biometric secure boot
WO2009019701A2 (en) * 2007-08-07 2009-02-12 Feldman, Moshe A network element and an infrastructure for a network risk management system
WO2009019701A3 (en) * 2007-08-07 2010-01-07 Feldman, Moshe A network element and an infrastructure for a network risk management system
US9215197B2 (en) 2007-08-17 2015-12-15 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US10489606B2 (en) 2007-08-17 2019-11-26 Mcafee, Llc System, method, and computer program product for preventing image-related data loss
US8199965B1 (en) 2007-08-17 2012-06-12 Mcafee, Inc. System, method, and computer program product for preventing image-related data loss
US8413129B1 (en) * 2007-08-17 2013-04-02 Mcafee, Inc. Application repair system, method, and computer program product for generating an alert based on information describing at least one update
US10198587B2 (en) 2007-09-05 2019-02-05 Mcafee, Llc System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US11645404B2 (en) 2007-09-05 2023-05-09 Mcafee, Llc System, method, and computer program product for preventing access to data with respect to a data access attempt associated with a remote data sharing session
US8446607B2 (en) 2007-10-01 2013-05-21 Mcafee, Inc. Method and system for policy based monitoring and blocking of printing activities on local and network printers
US20090086252A1 (en) * 2007-10-01 2009-04-02 Mcafee, Inc Method and system for policy based monitoring and blocking of printing activities on local and network printers
US20090204964A1 (en) * 2007-10-12 2009-08-13 Foley Peter F Distributed trusted virtualization platform
US20090113551A1 (en) * 2007-10-24 2009-04-30 Jong Moon Lee Device and method for inspecting network equipment for vulnerabilities using search engine
US20090113044A1 (en) * 2007-10-31 2009-04-30 Lancaster Arthur L System and method of configuring a network
US20120036240A1 (en) * 2007-10-31 2012-02-09 Affinegy, Inc. System and method of configuring a network
US8069230B2 (en) * 2007-10-31 2011-11-29 Affinegy, Inc. System and method of configuring a network
US20090113548A1 (en) * 2007-10-31 2009-04-30 Bank Of America Corporation Executable Download Tracking System
US8959624B2 (en) 2007-10-31 2015-02-17 Bank Of America Corporation Executable download tracking system
US8769061B2 (en) * 2007-10-31 2014-07-01 Affinegy, Inc. System and method of configuring a network
US9282005B1 (en) * 2007-11-01 2016-03-08 Emc Corporation IT infrastructure policy breach investigation interface
US8037536B2 (en) * 2007-11-14 2011-10-11 Bank Of America Corporation Risk scoring system for the prevention of malware
US20090126012A1 (en) * 2007-11-14 2009-05-14 Bank Of America Corporation Risk Scoring System For The Prevention of Malware
US9270677B1 (en) * 2007-11-16 2016-02-23 Open Invention Network, Llc Compliance validator for restricted network access control
US7966665B1 (en) * 2007-11-16 2011-06-21 Open Invention Network, Llc Compliance validator for restricted network access control
US9843586B1 (en) * 2007-11-16 2017-12-12 Open Invention Network, Llc Compliance validator for restricted network access control
US9473500B1 (en) * 2007-11-16 2016-10-18 Open Invention Network, Llc Compliance validator for restricted network access control
US8302208B1 (en) * 2007-11-16 2012-10-30 Open Invention Network Llc Compliance validator for restricted network access control
US8656505B1 (en) * 2007-11-16 2014-02-18 Open Invention Network, Llc Compliance validator for restricted network access control
US8893276B2 (en) 2007-11-25 2014-11-18 Trend Micro Incorporated Methods and system for determining performance of filters in a computer intrusion prevention detection system
US20090172818A1 (en) * 2007-11-25 2009-07-02 Blake Stanton Sutherland Methods and system for determining performance of filters in a computer intrusion prevention detection system
US8321937B2 (en) * 2007-11-25 2012-11-27 Trend Micro Incorporated Methods and system for determining performance of filters in a computer intrusion prevention detection system
US20090144446A1 (en) * 2007-11-29 2009-06-04 Joseph Olakangil Remediation management for a network with multiple clients
US20090172778A1 (en) * 2007-12-26 2009-07-02 Randall Stephens Rule-based security system and method
US20090172768A1 (en) * 2007-12-28 2009-07-02 Huifeng Le Methods and apparatus for operating embedded information technology applications with a service operating system
US8806629B1 (en) * 2008-01-02 2014-08-12 Cisco Technology, Inc. Automatic generation of policy-driven anti-malware signatures and mitigation of DoS (denial-of-service) attacks
US8799982B2 (en) * 2008-01-30 2014-08-05 International Business Machines Corporation System and methods for efficiently classifying and selecting among security policy alternatives for outbound network communications
US20090193495A1 (en) * 2008-01-30 2009-07-30 International Business Machines Corporation System and methods for efficiently classifying and selecting among security policy alternatives for outbound network communications
US8701189B2 (en) 2008-01-31 2014-04-15 Mcafee, Inc. Method of and system for computer system denial-of-service protection
US8515075B1 (en) 2008-01-31 2013-08-20 Mcafee, Inc. Method of and system for malicious software detection using critical address space protection
US8990947B2 (en) 2008-02-04 2015-03-24 Microsoft Technology Licensing, Llc Analytics engine
US20090199265A1 (en) * 2008-02-04 2009-08-06 Microsoft Corporation Analytics engine
US20090217346A1 (en) * 2008-02-22 2009-08-27 Manring Bradley A C Dhcp centric network access management through network device access control lists
US9697521B2 (en) * 2008-03-03 2017-07-04 Jpmorgan Chase Bank, N.A. Authentication system and method
US9246899B1 (en) 2008-03-03 2016-01-26 Jpmorgan Chase Bank, N.A. Authentication and interaction tracking system and method
US20160171500A1 (en) * 2008-03-03 2016-06-16 Jpmorgan Chase Bank, N.A. Authentication System and Method
US9734501B2 (en) 2008-03-03 2017-08-15 Jpmorgan Chase Bank, N.A. Authentication and interaction tracking system and method
US8255971B1 (en) * 2008-03-03 2012-08-28 Jpmorgan Chase Bank, N.A. Authentication system and method
US9269085B2 (en) * 2008-03-03 2016-02-23 Jpmorgan Chase Bank, N.A. Authentication system and method
US20140351140A1 (en) * 2008-03-03 2014-11-27 Jpmorgan Chase Bank, N.A. Authentication System and Method
US10600055B2 (en) 2008-03-03 2020-03-24 Jpmorgan Chase Bank, N.A. Authentication and interaction tracking system and method
US8893285B2 (en) 2008-03-14 2014-11-18 Mcafee, Inc. Securing data using integrated host-based data loss agent with encryption detection
US9843564B2 (en) 2008-03-14 2017-12-12 Mcafee, Inc. Securing data using integrated host-based data loss agent with encryption detection
US11632379B2 (en) 2008-03-26 2023-04-18 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US11050712B2 (en) 2008-03-26 2021-06-29 Cupp Computing As System and method for implementing content and network security inside a chip
US9654488B2 (en) 2008-03-26 2017-05-16 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US9609008B2 (en) 2008-03-26 2017-03-28 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US9386032B2 (en) 2008-03-26 2016-07-05 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US9967271B2 (en) 2008-03-26 2018-05-08 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US9122874B2 (en) * 2008-03-26 2015-09-01 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US9800599B2 (en) 2008-03-26 2017-10-24 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US11757835B2 (en) 2008-03-26 2023-09-12 Cupp Computing As System and method for implementing content and network security inside a chip
US20140215622A1 (en) * 2008-03-26 2014-07-31 Sophos Limited Method and system for detecting restricted content associated with retrieved content
US8769605B2 (en) * 2008-03-27 2014-07-01 Covertix Ltd. System and method for dynamically enforcing security policies on electronic files
US20090300712A1 (en) * 2008-03-27 2009-12-03 Tzach Kaufmann System and method for dynamically enforcing security policies on electronic files
US9577926B2 (en) * 2008-03-31 2017-02-21 Amazon Technologies, Inc. Authorizing communications between computing nodes
US20130205042A1 (en) * 2008-03-31 2013-08-08 Amazon Technologies, Inc. Authorizing communications between computing nodes
US10218613B2 (en) 2008-03-31 2019-02-26 Amazon Technologies, Inc. Authorizing communications between computing nodes
US9705792B2 (en) 2008-03-31 2017-07-11 Amazon Technologies, Inc. Authorizing communications between computing nodes
US11240092B2 (en) 2008-03-31 2022-02-01 Amazon Technologies, Inc. Authorizing communications between computing nodes
US10601708B2 (en) 2008-03-31 2020-03-24 Amazon Technologies, Inc. Authorizing communications between computing nodes
US8615502B2 (en) 2008-04-18 2013-12-24 Mcafee, Inc. Method of and system for reverse mapping vnode pointers
US20090276546A1 (en) * 2008-05-01 2009-11-05 Broadcom Corporation Techniques for detection and serial communication for a non-usb serial interface over usb connector
US8234711B2 (en) * 2008-05-22 2012-07-31 Electronics And Telecommunications Research Institute Apparatus and method for checking PC security
US20090293100A1 (en) * 2008-05-22 2009-11-26 Electronics & Telecommunications Research Institut Apparatus and method for checking pc security
US8413211B2 (en) * 2008-05-30 2013-04-02 Fujitsu Limited Access control policy compliance check process
JP2009289137A (en) * 2008-05-30 2009-12-10 Fujitsu Ltd Program for compliance check of access control policy
US20090300711A1 (en) * 2008-05-30 2009-12-03 Fujitsu Limited Access control policy compliance check process
US20110246498A1 (en) * 2008-06-05 2011-10-06 International Business Machines Corporation Context-based security policy evaluation using weighted search trees
US9514286B2 (en) * 2008-06-05 2016-12-06 International Business Machines Corporation Context-based security policy evaluation using weighted search trees
US8918872B2 (en) * 2008-06-27 2014-12-23 Mcafee, Inc. System, method, and computer program product for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device
US20130247189A1 (en) * 2008-06-27 2013-09-19 Lokesh Kumar System, method, and computer program product for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device
US9531748B2 (en) 2008-06-27 2016-12-27 Mcafee, Inc. System, method, and computer program product for reacting in response to a detection of an attempt to store a configuration file and an executable file on a removable device
US7530106B1 (en) * 2008-07-02 2009-05-05 Kaspersky Lab, Zao System and method for security rating of computer processes
US9088615B1 (en) * 2008-07-31 2015-07-21 Pulse Secure, Llc Determining a reduced set of remediation actions for endpoint integrity
US11775644B2 (en) 2008-08-04 2023-10-03 Cupp Computing As Systems and methods for providing security services during power management mode
US10084799B2 (en) * 2008-08-04 2018-09-25 Cupp Computing As Systems and methods for providing security services during power management mode
US10951632B2 (en) * 2008-08-04 2021-03-16 Cupp Computing As Systems and methods for providing security services during power management mode
US11449613B2 (en) 2008-08-04 2022-09-20 Cupp Computing As Systems and methods for providing security services during power management mode
US9516040B2 (en) 2008-08-04 2016-12-06 Cupp Computing As Systems and methods for providing security services during power management mode
US9106683B2 (en) 2008-08-04 2015-08-11 Cupp Computing As Systems and methods for providing security services during power management mode
US10404722B2 (en) * 2008-08-04 2019-09-03 Cupp Computing As Systems and methods for providing security services during power management mode
US9843595B2 (en) 2008-08-04 2017-12-12 Cupp Computing As Systems and methods for providing security services during power management mode
US8713468B2 (en) 2008-08-06 2014-04-29 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US9531656B2 (en) 2008-08-06 2016-12-27 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US9077684B1 (en) 2008-08-06 2015-07-07 Mcafee, Inc. System, method, and computer program product for determining whether an electronic mail message is compliant with an etiquette policy
US20100037295A1 (en) * 2008-08-07 2010-02-11 Oh Seung-Hee Method and system for exchanging security situation information between mobile terminals
US20100043059A1 (en) * 2008-08-14 2010-02-18 International Business Machines Corporation Trusted Electronic Communication Through Shared Vulnerability
US8261328B2 (en) * 2008-08-14 2012-09-04 International Business Machines Corporation Trusted electronic communication through shared vulnerability
US20100063950A1 (en) * 2008-09-11 2010-03-11 International Business Machines Corporation Computing environment climate dependent policy management
US9082085B2 (en) 2008-09-11 2015-07-14 International Business Machines Corporation Computing environment climate dependent policy management
US8726391B1 (en) 2008-10-10 2014-05-13 Symantec Corporation Scheduling malware signature updates in relation to threat awareness and environmental safety
US20120110174A1 (en) * 2008-10-21 2012-05-03 Lookout, Inc. System and method for a scanning api
US11080407B2 (en) 2008-10-21 2021-08-03 Lookout, Inc. Methods and systems for analyzing data after initial analyses by known good and known bad security components
US10509910B2 (en) * 2008-10-21 2019-12-17 Lookout, Inc. Methods and systems for granting access to services based on a security state that varies with the severity of security events
US9235704B2 (en) * 2008-10-21 2016-01-12 Lookout, Inc. System and method for a scanning API
US20110213435A1 (en) * 2008-10-29 2011-09-01 Sorin Crm Sas Optimal cardiac pacing with q learning
US8396550B2 (en) 2008-10-29 2013-03-12 Sorin Crm Sas Optimal cardiac pacing with Q learning
US8346923B2 (en) * 2008-11-12 2013-01-01 Sophos Plc Methods for identifying an application and controlling its network utilization
US20100121964A1 (en) * 2008-11-12 2010-05-13 David Rowles Methods for identifying an application and controlling its network utilization
US8555394B2 (en) * 2008-11-15 2013-10-08 Vibesec Ltd. Network security server suitable for unified communications network
US20110225656A1 (en) * 2008-11-15 2011-09-15 Vibesec Ltd. Network security server suitable for unified communications network
WO2010055515A1 (en) * 2008-11-15 2010-05-20 Vibesec Ltd. Network security server suitable for unified communications network
US11604861B2 (en) 2008-11-19 2023-03-14 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US10417400B2 (en) 2008-11-19 2019-09-17 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US11036836B2 (en) 2008-11-19 2021-06-15 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US20100125897A1 (en) * 2008-11-20 2010-05-20 Rahul Jain Methods and apparatus for establishing a dynamic virtual private network connection
US8544003B1 (en) 2008-12-11 2013-09-24 Mcafee, Inc. System and method for managing virtual machine configurations
US8972352B1 (en) 2008-12-31 2015-03-03 Emc Corporation Probe based backup
US8788462B1 (en) * 2008-12-31 2014-07-22 Emc Corporation Multi-factor probe triggers
US20100169590A1 (en) * 2008-12-31 2010-07-01 Clint Gordon-Carroll Providing backups using a portable storage device
US20100169668A1 (en) * 2008-12-31 2010-07-01 Clint Gordon-Carroll Obtaining backups using a portable storage device
US8266453B2 (en) 2008-12-31 2012-09-11 Decho Corporation Obtaining backups using a portable storage device
US8108636B2 (en) * 2008-12-31 2012-01-31 Decho Corporation Providing backups using a portable storage device
US8589354B1 (en) * 2008-12-31 2013-11-19 Emc Corporation Probe based group selection
US8341720B2 (en) * 2009-01-09 2012-12-25 Microsoft Corporation Information protection applied by an intermediary device
US20100180332A1 (en) * 2009-01-09 2010-07-15 Microsoft Corporation Information protection applied by an intermediary device
US20100192228A1 (en) * 2009-01-28 2010-07-29 Hewlett-Packard Development Company, L.P. Device, method and program product for prioritizing security flaw mitigation tasks in a business service
AU2010210166B2 (en) * 2009-02-05 2015-07-16 Ipanema Technologies Method for managing data stream exchanges in a standalone telecommunications network
US8423631B1 (en) * 2009-02-13 2013-04-16 Aerohive Networks, Inc. Intelligent sorting for N-way secure split tunnel
US9143466B2 (en) * 2009-02-13 2015-09-22 Aerohive Networks, Inc. Intelligent sorting for N-way secure split tunnel
US10116624B2 (en) * 2009-02-13 2018-10-30 Aerohive Networks, Inc. Intelligent sorting for N-way secure split tunnel
US20140040503A1 (en) * 2009-02-13 2014-02-06 Aerohive Networks, Inc. Intelligent sorting for n-way secure split tunnel
US20190132287A1 (en) * 2009-02-13 2019-05-02 Aerohive Networks, Inc. Intelligent sorting for n-way secure split tunnel
US20160014083A1 (en) * 2009-02-13 2016-01-14 Aerohive Networks, Inc. Intelligent sorting for n-way secure split tunnel
US10701034B2 (en) * 2009-02-13 2020-06-30 Extreme Networks, Inc. Intelligent sorting for N-way secure split tunnel
US9762541B2 (en) * 2009-02-13 2017-09-12 Aerohive Networks, Inc. Intelligent sorting for N-way secure split tunnel
US10467200B1 (en) 2009-03-12 2019-11-05 Pegasystems, Inc. Techniques for dynamic data processing
US11763019B2 (en) 2009-03-17 2023-09-19 Sophos Limited Protecting sensitive information from a secure data store
US10997310B2 (en) 2009-03-17 2021-05-04 Sophos Limited Protecting sensitive information from a secure data store
US10367815B2 (en) * 2009-03-17 2019-07-30 Sophos Limited Protecting sensitive information from a secure data store
US9678719B1 (en) 2009-03-30 2017-06-13 Pegasystems Inc. System and software for creation and modification of software
US8762724B2 (en) 2009-04-15 2014-06-24 International Business Machines Corporation Website authentication
US8549649B2 (en) 2009-04-30 2013-10-01 Emc Corporation Systems and methods for sensitive data remediation
US20100281543A1 (en) * 2009-04-30 2010-11-04 Netwitness Corporation Systems and Methods for Sensitive Data Remediation
WO2010126733A1 (en) * 2009-04-30 2010-11-04 Netwitness Corporation Systems and methods for sensitive data remediation
US20100305990A1 (en) * 2009-05-29 2010-12-02 Verizon Patent And Licensing Inc. Device classification system
US8856315B2 (en) * 2009-05-29 2014-10-07 Verizon Patent And Licensing Inc. Device classification system
US8281403B1 (en) * 2009-06-02 2012-10-02 Symantec Corporation Methods and systems for evaluating the health of computing systems based on when operating-system changes occur
TWI396078B (en) * 2009-06-18 2013-05-11 Fineart Technology Co Ltd Control method applied into central control system
US8869265B2 (en) 2009-08-21 2014-10-21 Mcafee, Inc. System and method for enforcing security policies in a virtual environment
US9652607B2 (en) 2009-08-21 2017-05-16 Mcafee, Inc. System and method for enforcing security policies in a virtual environment
US20110085498A1 (en) * 2009-08-24 2011-04-14 Kabushiki Kaisha Toshiba Plmn selection and inter-system mobility policy conflict resolution for multi-interface user
US8971239B2 (en) * 2009-08-24 2015-03-03 Kabushiki Kaisha Toshiba PLMN selection and inter-system mobility policy conflict resolution for multi-interface user
US20110055907A1 (en) * 2009-09-03 2011-03-03 Mcafee, Inc. Host state monitoring
US9049118B2 (en) 2009-09-03 2015-06-02 Mcafee, Inc. Probe election in failover configuration
US8881234B2 (en) 2009-09-03 2014-11-04 Mcafee, Inc. Host state monitoring
US20110055382A1 (en) * 2009-09-03 2011-03-03 Mcafee, Inc. Host entry synchronization
US8924721B2 (en) 2009-09-03 2014-12-30 Mcafee, Inc. Nonce generation
US20110055381A1 (en) * 2009-09-03 2011-03-03 Mcafee, Inc. Host information collection
US9391858B2 (en) 2009-09-03 2016-07-12 Mcafee, Inc. Host information collection
US8671181B2 (en) * 2009-09-03 2014-03-11 Mcafee, Inc. Host entry synchronization
US20110055580A1 (en) * 2009-09-03 2011-03-03 Mcafee, Inc. Nonce generation
US10812491B2 (en) 2009-09-09 2020-10-20 International Business Machines Corporation Differential security policies in email systems
US20110061089A1 (en) * 2009-09-09 2011-03-10 O'sullivan Patrick J Differential security policies in email systems
US9742778B2 (en) * 2009-09-09 2017-08-22 International Business Machines Corporation Differential security policies in email systems
US10157280B2 (en) * 2009-09-23 2018-12-18 F5 Networks, Inc. System and method for identifying security breach attempts of a website
US9552497B2 (en) 2009-11-10 2017-01-24 Mcafee, Inc. System and method for preventing data loss using virtual machine wrapped applications
US20110125548A1 (en) * 2009-11-25 2011-05-26 Michal Aharon Business services risk management
US20130137392A1 (en) * 2009-12-02 2013-05-30 At&T Mobility Ii, Llc System and Method for Monitoring Usage of a User Device
US8640207B2 (en) * 2009-12-02 2014-01-28 At&T Mobility Ii Llc System and method for monitoring usage of a user device
US9514318B2 (en) * 2009-12-03 2016-12-06 International Business Machines Corporation Dynamic access control for documents in electronic communications within a networked computing environment
US20110258234A1 (en) * 2009-12-03 2011-10-20 International Business Machines Corporation Dynamic access control for documents in electronic communications within a networked computing environment
US8683609B2 (en) 2009-12-04 2014-03-25 International Business Machines Corporation Mobile phone and IP address correlation service
US20110138483A1 (en) * 2009-12-04 2011-06-09 International Business Machines Corporation Mobile phone and ip address correlation service
WO2011082412A1 (en) * 2010-01-04 2011-07-07 Bank Of America Corporation Dynamic employee security risk scoring
US10282702B2 (en) 2010-01-04 2019-05-07 Bank Of America Corporation Dynamic employee security risk scoring
US20120291106A1 (en) * 2010-01-19 2012-11-15 Nec Corporation Confidential information leakage prevention system, confidential information leakage prevention method, and confidential information leakage prevention program
US8800034B2 (en) 2010-01-26 2014-08-05 Bank Of America Corporation Insider threat correlation tool
US8782209B2 (en) 2010-01-26 2014-07-15 Bank Of America Corporation Insider threat correlation tool
US20110185056A1 (en) * 2010-01-26 2011-07-28 Bank Of America Corporation Insider threat correlation tool
US9038187B2 (en) 2010-01-26 2015-05-19 Bank Of America Corporation Insider threat correlation tool
US8799462B2 (en) 2010-01-26 2014-08-05 Bank Of America Corporation Insider threat correlation tool
US20110184877A1 (en) * 2010-01-26 2011-07-28 Bank Of America Corporation Insider threat correlation tool
US20110197253A1 (en) * 2010-02-08 2011-08-11 Comodo Security Solutions, Inc. Method and System of Responding to Buffer Overflow Vulnerabilities
US8595789B2 (en) * 2010-02-15 2013-11-26 Bank Of America Corporation Anomalous activity detection
US20110202969A1 (en) * 2010-02-15 2011-08-18 Bank Of America Corporation Anomalous activity detection
US9154521B2 (en) 2010-02-15 2015-10-06 Bank Of America Corporation Anomalous activity detection
US9251312B2 (en) * 2010-02-23 2016-02-02 Siemens Aktiengesellschaft Application platform
US20110209139A1 (en) * 2010-02-23 2011-08-25 Lutz Dominick Application platform
US8782794B2 (en) 2010-04-16 2014-07-15 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US8544100B2 (en) 2010-04-16 2013-09-24 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US8719944B2 (en) 2010-04-16 2014-05-06 Bank Of America Corporation Detecting secure or encrypted tunneling in a computer network
US20210019095A1 (en) * 2010-04-26 2021-01-21 Canon Kabushiki Kaisha Image sending apparatus and authentication method in image sending apparatus
US20110270965A1 (en) * 2010-04-29 2011-11-03 Yahoo! Inc. Methods for Web Site Analysis
US8751632B2 (en) * 2010-04-29 2014-06-10 Yahoo! Inc. Methods for web site analysis
US20120185952A1 (en) * 2010-05-27 2012-07-19 International Business Machines Corporation Context aware data protection
US9767301B2 (en) * 2010-05-27 2017-09-19 International Business Machines Corporation Context aware data protection
US8914879B2 (en) 2010-06-11 2014-12-16 Trustwave Holdings, Inc. System and method for improving coverage for web code
US9489515B2 (en) 2010-06-11 2016-11-08 Trustwave Holdings, Inc. System and method for blocking the transmission of sensitive data using dynamic data tainting
US9081961B2 (en) 2010-06-11 2015-07-14 Trustwave Holdings, Inc. System and method for analyzing malicious code using a static analyzer
WO2011156754A1 (en) * 2010-06-11 2011-12-15 M86 Security, Inc. System and method for detecting malicious content
US8881278B2 (en) 2010-06-11 2014-11-04 Trustwave Holdings, Inc. System and method for detecting malicious content
FR2962826A1 (en) * 2010-07-13 2012-01-20 Eads Defence & Security Sys SUPERVISION OF THE SECURITY OF A COMPUTER SYSTEM
WO2012007402A1 (en) * 2010-07-13 2012-01-19 Cassidian Sas Supervision of the security in a computer system
US9015794B2 (en) 2010-07-13 2015-04-21 Airbus Ds Sas Determining several security indicators of different types for each gathering item in a computer system
WO2012012438A1 (en) * 2010-07-21 2012-01-26 Citrix Systems, Inc. Systems and methods for providing a smart group for access control
US8839346B2 (en) 2010-07-21 2014-09-16 Citrix Systems, Inc. Systems and methods for providing a smart group
US9363292B2 (en) 2010-07-21 2016-06-07 Citrix Systems, Inc. Systems and methods for providing a smart group
WO2012012279A2 (en) * 2010-07-22 2012-01-26 Bank Of America Corporation Insider threat correlation tool
AU2011279906B2 (en) * 2010-07-22 2015-04-30 Bank Of America Corporation Insider threat correlation tool
US8474042B2 (en) * 2010-07-22 2013-06-25 Bank Of America Corporation Insider threat correlation tool
US20120023324A1 (en) * 2010-07-22 2012-01-26 Bank Of America Corporation Insider threat correlation tool
WO2012012279A3 (en) * 2010-07-22 2013-02-21 Bank Of America Corporation Insider threat correlation tool
US8793789B2 (en) 2010-07-22 2014-07-29 Bank Of America Corporation Insider threat correlation tool
US9832227B2 (en) 2010-07-28 2017-11-28 Mcafee, Llc System and method for network level protection against malicious software
US8938800B2 (en) 2010-07-28 2015-01-20 Mcafee, Inc. System and method for network level protection against malicious software
US20120030731A1 (en) * 2010-07-28 2012-02-02 Rishi Bhargava System and Method for Local Protection Against Malicious Software
US8925101B2 (en) * 2010-07-28 2014-12-30 Mcafee, Inc. System and method for local protection against malicious software
US9467470B2 (en) 2010-07-28 2016-10-11 Mcafee, Inc. System and method for local protection against malicious software
US8843496B2 (en) 2010-09-12 2014-09-23 Mcafee, Inc. System and method for clustering host inventories
US8549003B1 (en) 2010-09-12 2013-10-01 Mcafee, Inc. System and method for clustering host inventories
US9830569B2 (en) 2010-09-24 2017-11-28 BitSight Technologies, Inc. Security assessment using service provider digital asset information
US10805331B2 (en) 2010-09-24 2020-10-13 BitSight Technologies, Inc. Information technology security assessment system
US11882146B2 (en) 2010-09-24 2024-01-23 BitSight Technologies, Inc. Information technology security assessment system
US11777976B2 (en) 2010-09-24 2023-10-03 BitSight Technologies, Inc. Information technology security assessment system
US9973524B2 (en) 2010-09-24 2018-05-15 BitSight Technologies, Inc. Information technology security assessment system
US9363290B2 (en) * 2010-09-27 2016-06-07 Nec Corporation Access control information generating system
US20130174217A1 (en) * 2010-09-27 2013-07-04 Nec Corporation Access control information generating system
US20120102169A1 (en) * 2010-10-22 2012-04-26 Microsoft Corporation Automatic identification of travel and non-travel network addresses
US8615605B2 (en) * 2010-10-22 2013-12-24 Microsoft Corporation Automatic identification of travel and non-travel network addresses
US10171648B2 (en) * 2010-11-19 2019-01-01 Mobile Iron, Inc. Mobile posture-based policy, remediation and access control for enterprise resources
US8516597B1 (en) * 2010-12-02 2013-08-20 Symantec Corporation Method to calculate a risk score of a folder that has been scanned for confidential information
US8806638B1 (en) * 2010-12-10 2014-08-12 Symantec Corporation Systems and methods for protecting networks from infected computing devices
US8677448B1 (en) 2010-12-14 2014-03-18 Symantec Corporation Graphical user interface including usage trending for sensitive files
US8640245B2 (en) 2010-12-24 2014-01-28 Kaspersky Lab, Zao Optimization of anti-malware processing by automated correction of detection rules
CN102222192A (en) * 2010-12-24 2011-10-19 卡巴斯基实验室封闭式股份公司 Optimizing anti-malicious software treatment by automatically correcting detection rules
EP2469445A1 (en) * 2010-12-24 2012-06-27 Kaspersky Lab Zao Optimization of anti-malware processing by automated correction of detection rules
US20120167198A1 (en) * 2010-12-27 2012-06-28 International Business Machines Corporation Resource Protection from Unauthorized Access Using State Transition Histories
US8806642B2 (en) * 2010-12-27 2014-08-12 International Business Machines Corporation Resource protection from unauthorized access using state transition histories
US10158641B2 (en) 2010-12-30 2018-12-18 Axiomatics Ab System and method for evaluating a reverse query
US20130055344A1 (en) * 2010-12-30 2013-02-28 Axiomatics Ab System and method for evaluating a reverse query
US20150295939A1 (en) * 2010-12-30 2015-10-15 Axiomatics Ab System and method for evaluating a reverse query
US9223992B2 (en) * 2010-12-30 2015-12-29 Axiomatics Ab System and method for evaluating a reverse query
US9646164B2 (en) * 2010-12-30 2017-05-09 Aziomatics Ab System and method for evaluating a reverse query
US9075993B2 (en) 2011-01-24 2015-07-07 Mcafee, Inc. System and method for selectively grouping and managing program files
US9270743B2 (en) 2011-02-18 2016-02-23 Pegasystems Inc. Systems and methods for distributed rules processing
US9112830B2 (en) 2011-02-23 2015-08-18 Mcafee, Inc. System and method for interlocking a host and a gateway
US9866528B2 (en) 2011-02-23 2018-01-09 Mcafee, Llc System and method for interlocking a host and a gateway
US20120221652A1 (en) * 2011-02-28 2012-08-30 Nokia Corporation Method and apparatus for providing a proxy-based access list
US20120233571A1 (en) * 2011-03-08 2012-09-13 Nokia Corporation Method and apparatus for providing quick access to media functions from a locked screen
CN103649892A (en) * 2011-03-08 2014-03-19 诺基亚公司 Method and apparatus for providing quick access to media functions from a locked screen
US9104288B2 (en) * 2011-03-08 2015-08-11 Nokia Technologies Oy Method and apparatus for providing quick access to media functions from a locked screen
US8838988B2 (en) 2011-04-12 2014-09-16 International Business Machines Corporation Verification of transactional integrity
US9860790B2 (en) 2011-05-03 2018-01-02 Cisco Technology, Inc. Mobile service routing in a network environment
US20120290544A1 (en) * 2011-05-09 2012-11-15 International Business Machines Corporation Data compliance management
US20120324591A1 (en) * 2011-06-14 2012-12-20 International Business Machines Corporation System and method to protect a resource using an active avatar
US10229280B2 (en) * 2011-06-14 2019-03-12 International Business Machines Corporation System and method to protect a resource using an active avatar
US8209740B1 (en) * 2011-06-28 2012-06-26 Kaspersky Lab Zao System and method for controlling access to network resources
US9282114B1 (en) * 2011-06-30 2016-03-08 Emc Corporation Generation of alerts in an event management system based upon risk
US9071518B2 (en) 2011-07-01 2015-06-30 Fiberlink Communications Corporation Rules based actions for mobile device management
EP2727042A4 (en) * 2011-07-01 2015-03-11 Fiberlink Comm Corp Rules based actions for mobile device management
EP2727042A1 (en) * 2011-07-01 2014-05-07 Fiberlink Communications Corporation Rules based actions for mobile device management
US8893278B1 (en) 2011-07-12 2014-11-18 Trustwave Holdings, Inc. Detecting malware communication on an infected computing device
US8892875B1 (en) * 2011-07-29 2014-11-18 Trend Micro Incorporated Methods and apparatus for controlling access to encrypted computer files
US20130047253A1 (en) * 2011-08-15 2013-02-21 Bank Of America Corporation Method and apparatus for token-based real-time risk updating
US9253197B2 (en) * 2011-08-15 2016-02-02 Bank Of America Corporation Method and apparatus for token-based real-time risk updating
US9727733B2 (en) * 2011-08-24 2017-08-08 International Business Machines Corporation Risk-based model for security policy management
US9594881B2 (en) 2011-09-09 2017-03-14 Mcafee, Inc. System and method for passive threat detection using virtual memory inspection
US20130086376A1 (en) * 2011-09-29 2013-04-04 Stephen Ricky Haynes Secure integrated cyberspace security and situational awareness system
US8732840B2 (en) * 2011-10-07 2014-05-20 Accenture Global Services Limited Incident triage engine
US20130091574A1 (en) * 2011-10-07 2013-04-11 Joshua Z. Howes Incident triage engine
US9369481B2 (en) 2011-10-07 2016-06-14 Accenture Global Services Limited Incident triage engine
US8694738B2 (en) 2011-10-11 2014-04-08 Mcafee, Inc. System and method for critical address space protection in a hypervisor environment
US8793790B2 (en) * 2011-10-11 2014-07-29 Honeywell International Inc. System and method for insider threat detection
US20130091539A1 (en) * 2011-10-11 2013-04-11 Honeywell International Inc. System and method for insider threat detection
US9465700B2 (en) 2011-10-13 2016-10-11 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US9946562B2 (en) 2011-10-13 2018-04-17 Mcafee, Llc System and method for kernel rootkit protection in a hypervisor environment
US9069586B2 (en) 2011-10-13 2015-06-30 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US8973144B2 (en) 2011-10-13 2015-03-03 Mcafee, Inc. System and method for kernel rootkit protection in a hypervisor environment
US10735964B2 (en) 2011-10-17 2020-08-04 Blackberry Limited Associating services to perimeters
US10652210B2 (en) 2011-10-17 2020-05-12 Mcafee, Llc System and method for redirected firewall discovery in a network environment
US9882876B2 (en) 2011-10-17 2018-01-30 Mcafee, Llc System and method for redirected firewall discovery in a network environment
US9356909B2 (en) 2011-10-17 2016-05-31 Mcafee, Inc. System and method for redirected firewall discovery in a network environment
US8713668B2 (en) 2011-10-17 2014-04-29 Mcafee, Inc. System and method for redirected firewall discovery in a network environment
US8800024B2 (en) 2011-10-17 2014-08-05 Mcafee, Inc. System and method for host-initiated firewall discovery in a network environment
US10848520B2 (en) * 2011-11-10 2020-11-24 Blackberry Limited Managing access to resources
US20170208098A1 (en) * 2011-11-10 2017-07-20 Blackberry Limited Managing access to resources
US8904506B1 (en) * 2011-11-23 2014-12-02 Amazon Technologies, Inc. Dynamic account throttling
EP2791812A4 (en) * 2011-12-16 2015-08-05 Microsoft Technology Licensing Llc Discovery and mining of performance information of a device for anticipatorily sending updates to the device
KR101998443B1 (en) 2011-12-16 2019-07-09 마이크로소프트 테크놀로지 라이센싱, 엘엘씨 Discovery and mining of performance information of a device for anticipatorily sending updates to the device
US10979290B2 (en) 2011-12-16 2021-04-13 Microsoft Technology Licensing, Llc Discovery and mining of performance information of a device for anticipatorily sending updates to the device
KR20140104959A (en) * 2011-12-16 2014-08-29 마이크로소프트 코포레이션 Discovery and mining of performance information of a device for anticipatorily sending updates to the device
US9531588B2 (en) 2011-12-16 2016-12-27 Microsoft Technology Licensing, Llc Discovery and mining of performance information of a device for anticipatorily sending updates to the device
WO2013090124A1 (en) 2011-12-16 2013-06-20 Microsoft Corporation Discovery and mining of performance information of a device for anticipatorily sending updates to the device
US20130167252A1 (en) * 2011-12-22 2013-06-27 Research In Motion Limited Autonomous access control
US20130166746A1 (en) * 2011-12-23 2013-06-27 Cisco Technology, Inc. System and method for policy selection and switching function in a network environment
US8701199B1 (en) * 2011-12-23 2014-04-15 Emc Corporation Establishing a trusted session from a non-web client using adaptive authentication
US9077661B2 (en) * 2011-12-23 2015-07-07 Cisco Technology, Inc. System and method for policy selection and switching function in a network environment
US9195936B1 (en) 2011-12-30 2015-11-24 Pegasystems Inc. System and method for updating or modifying an application without manual coding
US10572236B2 (en) 2011-12-30 2020-02-25 Pegasystems, Inc. System and method for updating or modifying an application without manual coding
US20140358715A1 (en) * 2012-01-11 2014-12-04 Saguna Networks Ltd. Methods, Circuits, Devices, Systems and Associated Computer Executable Code for Facilitating Local Hosting and Access of Internet Based Information
US10348573B2 (en) * 2012-01-11 2019-07-09 Saguna Networks Ltd. Methods, circuits, devices, systems and associated computer executable code for facilitating local hosting and access of internet based information
US20130191919A1 (en) * 2012-01-19 2013-07-25 Mcafee, Inc. Calculating quantitative asset risk
US8595845B2 (en) * 2012-01-19 2013-11-26 Mcafee, Inc. Calculating quantitative asset risk
US8683598B1 (en) * 2012-02-02 2014-03-25 Symantec Corporation Mechanism to evaluate the security posture of a computer system
US20130205360A1 (en) * 2012-02-08 2013-08-08 Microsoft Corporation Protecting user credentials from a computing device
US9191394B2 (en) * 2012-02-08 2015-11-17 Microsoft Technology Licensing, Llc Protecting user credentials from a computing device
US20130239166A1 (en) * 2012-03-06 2013-09-12 Microsoft Corporation Operating Large Scale Systems and Cloud Services With Zero-Standing Elevated Permissions
US9460303B2 (en) * 2012-03-06 2016-10-04 Microsoft Technology Licensing, Llc Operating large scale systems and cloud services with zero-standing elevated permissions
US8739272B1 (en) 2012-04-02 2014-05-27 Mcafee, Inc. System and method for interlocking a host and a gateway
US9413785B2 (en) 2012-04-02 2016-08-09 Mcafee, Inc. System and method for interlocking a host and a gateway
US11687653B2 (en) * 2012-05-09 2023-06-27 SunStone Information Defense, Inc. Methods and apparatus for identifying and removing malicious applications
US9946887B2 (en) 2012-06-04 2018-04-17 Nokia Technologies Oy Method and apparatus for determining privacy policy based on data and associated values
US9992025B2 (en) 2012-06-05 2018-06-05 Lookout, Inc. Monitoring installed applications on user devices
US11336458B2 (en) 2012-06-05 2022-05-17 Lookout, Inc. Evaluating authenticity of applications based on assessing user device context for increased security
US10419222B2 (en) 2012-06-05 2019-09-17 Lookout, Inc. Monitoring for fraudulent or harmful behavior in applications being installed on user devices
US10256979B2 (en) 2012-06-05 2019-04-09 Lookout, Inc. Assessing application authenticity and performing an action in response to an evaluation result
US10474829B2 (en) 2012-06-07 2019-11-12 Amazon Technologies, Inc. Virtual service provider zones
US10075471B2 (en) 2012-06-07 2018-09-11 Amazon Technologies, Inc. Data loss prevention techniques
US10834139B2 (en) 2012-06-07 2020-11-10 Amazon Technologies, Inc. Flexibly configurable data modification services
US10084818B1 (en) * 2012-06-07 2018-09-25 Amazon Technologies, Inc. Flexibly configurable data modification services
US10055594B2 (en) 2012-06-07 2018-08-21 Amazon Technologies, Inc. Virtual service provider zones
US10146954B1 (en) 2012-06-11 2018-12-04 Quest Software Inc. System and method for data aggregation and analysis
US9390240B1 (en) 2012-06-11 2016-07-12 Dell Software Inc. System and method for querying data
US9779260B1 (en) 2012-06-11 2017-10-03 Dell Software Inc. Aggregation and classification of secure data
US9578060B1 (en) 2012-06-11 2017-02-21 Dell Software Inc. System and method for data loss prevention across heterogeneous communications platforms
US9501744B1 (en) 2012-06-11 2016-11-22 Dell Software Inc. System and method for classifying data
US9317574B1 (en) 2012-06-11 2016-04-19 Dell Software Inc. System and method for managing and identifying subject matter experts
GB2515974A (en) * 2012-06-12 2015-01-07 Ibm Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network
WO2013187989A1 (en) * 2012-06-12 2013-12-19 International Business Machines Corporation Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network
US8938511B2 (en) 2012-06-12 2015-01-20 International Business Machines Corporation Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network
US8972510B2 (en) 2012-06-12 2015-03-03 International Business Machines Corporation Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network
US20130340086A1 (en) * 2012-06-13 2013-12-19 Nokia Corporation Method and apparatus for providing contextual data privacy
US20130339331A1 (en) * 2012-06-13 2013-12-19 International Business Machines Corporation Tracking file content originality
US20130340032A1 (en) * 2012-06-15 2013-12-19 Infosys Limited System and method for achieving compliance through a closed loop integrated compliance framework and toolkit
US11032283B2 (en) 2012-06-21 2021-06-08 Blackberry Limited Managing use of network resources
US8782796B2 (en) * 2012-06-22 2014-07-15 Stratum Security, Inc. Data exfiltration attack simulation technology
US20140007241A1 (en) * 2012-06-27 2014-01-02 Tenable Network Security, Inc. System and method for identifying exploitable weak points in a network
US9043920B2 (en) * 2012-06-27 2015-05-26 Tenable Network Security, Inc. System and method for identifying exploitable weak points in a network
US8917826B2 (en) 2012-07-31 2014-12-23 International Business Machines Corporation Detecting man-in-the-middle attacks in electronic transactions using prompts
US10747893B2 (en) * 2012-08-22 2020-08-18 International Business Machines Corporation Device and method for determining content of access control of data
US20140096181A1 (en) * 2012-09-28 2014-04-03 Tripwire, Inc. Event integration frameworks
US10382486B2 (en) * 2012-09-28 2019-08-13 Tripwire, Inc. Event integration frameworks
US11277446B2 (en) * 2012-09-28 2022-03-15 Tripwire, Inc. Event integration frameworks
US10904254B2 (en) 2012-10-09 2021-01-26 Cupp Computing As Transaction security systems and methods
US10397227B2 (en) 2012-10-09 2019-08-27 Cupp Computing As Transaction security systems and methods
US9973501B2 (en) 2012-10-09 2018-05-15 Cupp Computing As Transaction security systems and methods
US9460283B2 (en) * 2012-10-09 2016-10-04 Dell Products L.P. Adaptive integrity validation for portable information handling systems
US11757885B2 (en) 2012-10-09 2023-09-12 Cupp Computing As Transaction security systems and methods
US20140101757A1 (en) * 2012-10-09 2014-04-10 Dell Products L.P. Adaptive integrity validation for portable information handling systems
US20140143542A1 (en) * 2012-11-20 2014-05-22 Cloudioh Inc. Method and Apparatus for Managing Encrypted Folders in Network System
US9338098B2 (en) * 2012-12-13 2016-05-10 Cellco Partnership Dynamic flow management at a firewall based on error messages
US20140173085A1 (en) * 2012-12-13 2014-06-19 Cellco Partnership D/B/A Verizon Wireless Dynamic flow management at a firewall based on error messages
US8966575B2 (en) * 2012-12-14 2015-02-24 Nymity Inc. Methods, software, and devices for automatically scoring privacy protection measures
US20140173684A1 (en) * 2012-12-14 2014-06-19 Nymity, Inc. Methods, software, and devices for automatically scoring privacy protection measures
US10171611B2 (en) 2012-12-27 2019-01-01 Mcafee, Llc Herd based scan avoidance system in a network environment
US8973146B2 (en) 2012-12-27 2015-03-03 Mcafee, Inc. Herd based scan avoidance system in a network environment
US10686819B2 (en) * 2013-02-19 2020-06-16 Proofpoint, Inc. Hierarchical risk assessment and remediation of threats in mobile networking environment
US11438365B2 (en) 2013-02-19 2022-09-06 Proofpoint, Inc. Hierarchical risk assessment and remediation of threats in mobile networking environment
US11671443B2 (en) * 2013-02-19 2023-06-06 Proofpoint, Inc. Hierarchical risk assessment and remediation of threats in mobile networking environment
US20220368717A1 (en) * 2013-02-19 2022-11-17 Proofpoint, Inc. Hierarchical risk assessment and remediation of threats in mobile networking environment
US20140237545A1 (en) * 2013-02-19 2014-08-21 Marble Security Hierarchical risk assessment and remediation of threats in mobile networking environment
US20140244840A1 (en) * 2013-02-28 2014-08-28 Adam James Sweeney System and method for access control list conversion
US9882766B2 (en) * 2013-02-28 2018-01-30 Arista Networks, Inc. System and method for access control list conversion
US9686242B2 (en) * 2013-03-14 2017-06-20 Alcatel Lucent Protection of sensitive data of a user from being utilized by web services
US20140280870A1 (en) * 2013-03-14 2014-09-18 Alcatel-Lucent Usa Inc Protection of sensitive data of a user from being utilized by web services
US11824859B2 (en) * 2013-03-15 2023-11-21 Airwatch Llc Certificate based profile confirmation
USRE49585E1 (en) * 2013-03-15 2023-07-18 Airwatch Llc Certificate based profile confirmation
US9667648B2 (en) 2013-03-15 2017-05-30 Mcafee, Inc. Remote malware remediation
US10305695B1 (en) 2013-03-15 2019-05-28 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US10834124B2 (en) 2013-03-15 2020-11-10 Mcafee, Llc Remote malware remediation
US10560453B2 (en) * 2013-03-15 2020-02-11 Airwatch Llc Certificate based profile confirmation
US11588650B2 (en) 2013-03-15 2023-02-21 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US9614865B2 (en) 2013-03-15 2017-04-04 Mcafee, Inc. Server-assisted anti-malware client
US20140283066A1 (en) * 2013-03-15 2014-09-18 John D. Teddy Server-assisted anti-malware client
US20210211429A1 (en) * 2013-03-15 2021-07-08 Airwatch Llc Certificate based profile confirmation
US10841104B2 (en) 2013-03-15 2020-11-17 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US11930126B2 (en) 2013-03-15 2024-03-12 Piltorak Technologies LLC System and method for secure relayed communications from an implantable medical device
US9942051B1 (en) 2013-03-15 2018-04-10 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US10205744B2 (en) 2013-03-15 2019-02-12 Mcafee, Llc Remote malware remediation
US9311480B2 (en) * 2013-03-15 2016-04-12 Mcafee, Inc. Server-assisted anti-malware client
US10972467B2 (en) * 2013-03-15 2021-04-06 Airwatch Llc Certificate based profile confirmation
US9215075B1 (en) 2013-03-15 2015-12-15 Poltorak Technologies Llc System and method for secure relayed communications from an implantable medical device
US9143519B2 (en) 2013-03-15 2015-09-22 Mcafee, Inc. Remote malware remediation
US10511636B2 (en) * 2013-04-19 2019-12-17 Nicira, Inc. Framework for coordination between endpoint security and network security services
US11196773B2 (en) * 2013-04-19 2021-12-07 Nicira, Inc. Framework for coordination between endpoint security and network security services
US10075470B2 (en) * 2013-04-19 2018-09-11 Nicira, Inc. Framework for coordination between endpoint security and network security services
US20140317677A1 (en) * 2013-04-19 2014-10-23 Vmware, Inc. Framework for coordination between endpoint security and network security services
US11736530B2 (en) * 2013-04-19 2023-08-22 Nicira, Inc. Framework for coordination between endpoint security and network security services
US20190014154A1 (en) * 2013-04-19 2019-01-10 Nicira, Inc. Framework for coordination between endpoint security and network security services
US20220094717A1 (en) * 2013-04-19 2022-03-24 Nicira, Inc. Framework for coordination between endpoint security and network security services
US10237379B2 (en) 2013-04-26 2019-03-19 Cisco Technology, Inc. High-efficiency service chaining with agentless service nodes
US9807116B2 (en) 2013-05-03 2017-10-31 Vmware, Inc. Methods and apparatus to identify priorities of compliance assessment results of a virtual computing environment
US20140331276A1 (en) * 2013-05-03 2014-11-06 Vmware, Inc. Methods and apparatus to measure compliance of a virtual computing environment
US10728284B2 (en) 2013-05-03 2020-07-28 Vmware, Inc. Methods and apparatus to assess compliance of a computing resource in a virtual computing environment
US9392022B2 (en) * 2013-05-03 2016-07-12 Vmware, Inc. Methods and apparatus to measure compliance of a virtual computing environment
US20160110558A1 (en) * 2013-05-24 2016-04-21 Ubs Ag Client identifying data (cid) target-state-compliant computer-executable applications
US20140351401A1 (en) * 2013-05-26 2014-11-27 Connectloud, Inc. Method and Apparatus to Raise Alerts Based on a Sliding Window Algorithm
CN104219218A (en) * 2013-06-04 2014-12-17 杭州华三通信技术有限公司 Active safety defense method and active safety defense device
US20140359697A1 (en) * 2013-06-04 2014-12-04 Hangzhou H3C Technologies Co., Ltd. Active Security Defense for Software Defined Network
US11323479B2 (en) 2013-07-01 2022-05-03 Amazon Technologies, Inc. Data loss prevention techniques
US20150012630A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Enforcing runtime policies in a networked computing environment
US9973539B2 (en) 2013-07-03 2018-05-15 International Business Machines Corporation Enforcing runtime policies in a networked computing environment
US9479398B2 (en) * 2013-07-03 2016-10-25 International Business Machines Corporation Enforcing runtime policies in a networked computing environment
US11157976B2 (en) 2013-07-08 2021-10-26 Cupp Computing As Systems and methods for providing digital content marketplace security
US20180349615A1 (en) * 2013-08-05 2018-12-06 Netflix, Inc. Dynamic security testing
US10769282B2 (en) * 2013-08-05 2020-09-08 Netflix, Inc. Dynamic security testing
US9081967B2 (en) 2013-08-07 2015-07-14 Kaspersky Lab Zao System and method for protecting computers from software vulnerabilities
US10976892B2 (en) 2013-08-08 2021-04-13 Palantir Technologies Inc. Long click display of a context menu
US9335897B2 (en) 2013-08-08 2016-05-10 Palantir Technologies Inc. Long click display of a context menu
US9680858B1 (en) * 2013-09-09 2017-06-13 BitSight Technologies, Inc. Annotation platform for a security risk system
US11652834B2 (en) 2013-09-09 2023-05-16 BitSight Technologies, Inc. Methods for using organizational behavior for risk ratings
US10785245B2 (en) 2013-09-09 2020-09-22 BitSight Technologies, Inc. Methods for using organizational behavior for risk ratings
US10326786B2 (en) 2013-09-09 2019-06-18 BitSight Technologies, Inc. Methods for using organizational behavior for risk ratings
US10341370B2 (en) 2013-09-09 2019-07-02 BitSight Technologies, Inc. Human-assisted entity mapping
US9450939B2 (en) * 2013-09-29 2016-09-20 Tencent Technology (Shenzhen) Co., Ltd. Method and apparatus for service login based on third party's information
US20150096004A1 (en) * 2013-09-29 2015-04-02 Tencent Technology (Shenzhen) Co., Ltd. Method and apparatus for service login based on third party's information
US11695731B2 (en) 2013-10-01 2023-07-04 Nicira, Inc. Distributed identity-based firewalls
US10798058B2 (en) 2013-10-01 2020-10-06 Nicira, Inc. Distributed identity-based firewalls
US9529815B1 (en) * 2013-10-04 2016-12-27 Veritas Technologies Llc System and method to integrate backup and compliance systems
US20150101066A1 (en) * 2013-10-08 2015-04-09 Dr Systems, Inc. System and method for the display of restricted information on private displays
US20190156016A1 (en) * 2013-10-08 2019-05-23 D.R. Systems, Inc. System and method for the display of restricted information on private displays
US9916435B2 (en) * 2013-10-08 2018-03-13 D.R. Systems, Inc. System and method for the display of restricted information on private displays
US10891367B2 (en) * 2013-10-08 2021-01-12 Nec Corporation System and method for the display of restricted information on private displays
US9536106B2 (en) * 2013-10-08 2017-01-03 D.R. Systems, Inc. System and method for the display of restricted information on private displays
US10223523B2 (en) * 2013-10-08 2019-03-05 D.R. Systems, Inc. System and method for the display of restricted information on private displays
US20170068813A1 (en) * 2013-10-08 2017-03-09 D.R. Systems, Inc. System and method for the display of restricted information on private displays
US10645115B2 (en) 2013-10-24 2020-05-05 Mcafee, Llc Agent assisted malicious application blocking in a network environment
US10205743B2 (en) 2013-10-24 2019-02-12 Mcafee, Llc Agent assisted malicious application blocking in a network environment
US11171984B2 (en) 2013-10-24 2021-11-09 Mcafee, Llc Agent assisted malicious application blocking in a network environment
US9578052B2 (en) 2013-10-24 2017-02-21 Mcafee, Inc. Agent assisted malicious application blocking in a network environment
US10636045B2 (en) * 2013-11-12 2020-04-28 Bank Of America Corporation Predicting economic conditions
US10643225B2 (en) 2013-11-12 2020-05-05 Bank Of America Corporation Predicting economic conditions
US11127026B2 (en) 2013-11-12 2021-09-21 Bank Of America Corporation Predicting economic conditions
US11127025B2 (en) * 2013-11-12 2021-09-21 Bank Of America Corporation Predicting economic conditions
US10356032B2 (en) 2013-12-26 2019-07-16 Palantir Technologies Inc. System and method for detecting confidential information emails
US11032065B2 (en) 2013-12-30 2021-06-08 Palantir Technologies Inc. Verifiable redactable audit log
US10027473B2 (en) 2013-12-30 2018-07-17 Palantir Technologies Inc. Verifiable redactable audit log
US10230746B2 (en) 2014-01-03 2019-03-12 Palantir Technologies Inc. System and method for evaluating network threats and usage
US10805321B2 (en) 2014-01-03 2020-10-13 Palantir Technologies Inc. System and method for evaluating network threats and usage
US10120451B1 (en) 2014-01-09 2018-11-06 D.R. Systems, Inc. Systems and user interfaces for dynamic interaction with two- and three-dimensional medical image data using spatial positioning of mobile devices
US10666688B2 (en) 2014-02-13 2020-05-26 Cupp Computing As Systems and methods for providing network security using a secure digital device
US10291656B2 (en) 2014-02-13 2019-05-14 Cupp Computing As Systems and methods for providing network security using a secure digital device
US11316905B2 (en) 2014-02-13 2022-04-26 Cupp Computing As Systems and methods for providing network security using a secure digital device
US11743297B2 (en) 2014-02-13 2023-08-29 Cupp Computing As Systems and methods for providing network security using a secure digital device
US20180205760A1 (en) 2014-02-13 2018-07-19 Cupp Computing As Systems and methods for providing network security using a secure digital device
US9762614B2 (en) 2014-02-13 2017-09-12 Cupp Computing As Systems and methods for providing network security using a secure digital device
US10289838B2 (en) * 2014-02-21 2019-05-14 Entit Software Llc Scoring for threat observables
US20150271196A1 (en) * 2014-03-20 2015-09-24 International Business Machines Corporation Comparing source and sink values in security analysis
US20150271198A1 (en) * 2014-03-20 2015-09-24 International Business Machines Corporation Comparing source and sink values in security analysis
US20170011109A1 (en) * 2014-05-03 2017-01-12 Pinplanet Corporation System and method for dynamic and secure communication and synchronization of personal data records
US9971825B2 (en) * 2014-05-03 2018-05-15 Pinplanet Corporation System and method for dynamic and secure communication and synchronization of personal data records
US9379931B2 (en) 2014-05-16 2016-06-28 Cisco Technology, Inc. System and method for transporting information to services in a network environment
US9479443B2 (en) 2014-05-16 2016-10-25 Cisco Technology, Inc. System and method for transporting information to services in a network environment
US20160044114A1 (en) * 2014-05-21 2016-02-11 Fortinet, Inc. Automated configuration of endpoint security management
US10129341B2 (en) 2014-05-21 2018-11-13 Fortinet, Inc. Automated configuration of endpoint security management
US9894034B2 (en) * 2014-05-21 2018-02-13 Fortinet, Inc. Automated configuration of endpoint security management
US9917814B2 (en) 2014-05-21 2018-03-13 Fortinet, Inc. Automated configuration of endpoint security management
US20150341311A1 (en) * 2014-05-21 2015-11-26 Fortinet, Inc. Automated configuration of endpoint security management
US9819746B2 (en) * 2014-05-21 2017-11-14 Fortinet, Inc. Automated configuration of endpoint security management
US9349016B1 (en) * 2014-06-06 2016-05-24 Dell Software Inc. System and method for user-context-based data loss prevention
US10554691B2 (en) * 2014-06-27 2020-02-04 Trend Micro Incorporated Security policy based on risk
US11093687B2 (en) 2014-06-30 2021-08-17 Palantir Technologies Inc. Systems and methods for identifying key phrase clusters within documents
US11341178B2 (en) 2014-06-30 2022-05-24 Palantir Technologies Inc. Systems and methods for key phrase characterization of documents
US10162887B2 (en) 2014-06-30 2018-12-25 Palantir Technologies Inc. Systems and methods for key phrase characterization of documents
US10185924B1 (en) * 2014-07-01 2019-01-22 Amazon Technologies, Inc. Security risk response impact analysis
US10929436B2 (en) 2014-07-03 2021-02-23 Palantir Technologies Inc. System and method for news events detection and visualization
US11928118B2 (en) 2014-07-21 2024-03-12 Splunk Inc. Generating a correlation search
US11100113B2 (en) 2014-07-21 2021-08-24 Splunk Inc. Object score adjustment based on analyzing machine data
US11354322B2 (en) 2014-07-21 2022-06-07 Splunk Inc. Creating a correlation search
US9684667B2 (en) * 2014-08-05 2017-06-20 Dell Products L.P. System and method of optimizing the user application experience
US20160042006A1 (en) * 2014-08-05 2016-02-11 Dell Products L.P. System and Method of Optimizing the User Application Experience
US11625485B2 (en) 2014-08-11 2023-04-11 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US10977370B2 (en) 2014-08-11 2021-04-13 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9386027B2 (en) * 2014-08-11 2016-07-05 Indiana University Research & Technology Corporation Detection of pileup vulnerabilities in mobile operating systems
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US10664596B2 (en) * 2014-08-11 2020-05-26 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US20170286676A1 (en) * 2014-08-11 2017-10-05 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US11886591B2 (en) 2014-08-11 2024-01-30 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US10609046B2 (en) * 2014-08-13 2020-03-31 Palantir Technologies Inc. Unwanted tunneling alert system
US20180159874A1 (en) * 2014-08-13 2018-06-07 Palantir Technologies Inc. Unwanted tunneling alert system
US11201879B2 (en) * 2014-08-13 2021-12-14 Palantir Technologies Inc. Unwanted tunneling alert system
US9930055B2 (en) * 2014-08-13 2018-03-27 Palantir Technologies Inc. Unwanted tunneling alert system
US11757905B2 (en) * 2014-08-13 2023-09-12 Palantir Technologies Inc. Unwanted tunneling alert system
US9419992B2 (en) * 2014-08-13 2016-08-16 Palantir Technologies Inc. Unwanted tunneling alert system
US20160344756A1 (en) * 2014-08-13 2016-11-24 Palantir Technologies Inc. Unwanted tunneling alert system
US20220150263A1 (en) * 2014-08-13 2022-05-12 Palantir Technologies Inc. Unwanted tunneling alert system
US20160062344A1 (en) * 2014-08-29 2016-03-03 Electronics And Telecommunications Research Institute Apparatus and method for identifying web page for industrial control system
US10416654B2 (en) * 2014-08-29 2019-09-17 Electronics And Telecommuications Research Institute Apparatus and method for identifying web page for industrial control system
US20160078120A1 (en) * 2014-09-11 2016-03-17 Salesforce.Com, Inc. Extracting and processing metrics from system generated events
US10075465B2 (en) 2014-10-09 2018-09-11 Bank Of America Corporation Exposure of an apparatus to a technical hazard
US11057313B2 (en) 2014-10-10 2021-07-06 Pegasystems Inc. Event processing with enhanced throughput
US10469396B2 (en) 2014-10-10 2019-11-05 Pegasystems, Inc. Event processing with enhanced throughput
US10135863B2 (en) 2014-11-06 2018-11-20 Palantir Technologies Inc. Malicious software detection in a computing system
US10728277B2 (en) 2014-11-06 2020-07-28 Palantir Technologies Inc. Malicious software detection in a computing system
US10417025B2 (en) 2014-11-18 2019-09-17 Cisco Technology, Inc. System and method to chain distributed applications in a network environment
US20170324733A1 (en) * 2014-11-21 2017-11-09 Interdigital Patent Holdings, Inc. Using security posture information to determine access to services
US10148577B2 (en) 2014-12-11 2018-12-04 Cisco Technology, Inc. Network service header metadata for load balancing
USRE48131E1 (en) 2014-12-11 2020-07-28 Cisco Technology, Inc. Metadata augmentation in a service function chain
US9667653B2 (en) * 2014-12-15 2017-05-30 International Business Machines Corporation Context-aware network service policy management
US20160173535A1 (en) * 2014-12-15 2016-06-16 International Business Machines Corporation Context-aware network service policy management
US20200401556A1 (en) * 2014-12-29 2020-12-24 EMC IP Holding Company LLC Methods, systems, and computer readable mediums for implementing a data protection policy for a transferred enterprise application
US9882925B2 (en) 2014-12-29 2018-01-30 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9648036B2 (en) 2014-12-29 2017-05-09 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9467455B2 (en) 2014-12-29 2016-10-11 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US20160191413A1 (en) * 2014-12-29 2016-06-30 Nicira, Inc. Introspection method and apparatus for network access filtering
US11593302B2 (en) * 2014-12-29 2023-02-28 EMC IP Holding Company LLC Methods, systems, and computer readable mediums for implementing a data protection policy for a transferred enterprise application
US9985983B2 (en) 2014-12-29 2018-05-29 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US10721263B2 (en) 2014-12-29 2020-07-21 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US10462175B2 (en) 2014-12-29 2019-10-29 Palantir Technologies Inc. Systems for network risk assessment including processing of user access rights associated with a network of devices
US9891940B2 (en) 2014-12-29 2018-02-13 Nicira, Inc. Introspection method and apparatus for network access filtering
US10606626B2 (en) * 2014-12-29 2020-03-31 Nicira, Inc. Introspection method and apparatus for network access filtering
US20200225978A1 (en) * 2014-12-29 2020-07-16 Nicira, Inc. Introspection method and apparatus for network access filtering
US9407656B1 (en) 2015-01-09 2016-08-02 International Business Machines Corporation Determining a risk level for server health check processing
US9794153B2 (en) 2015-01-09 2017-10-17 International Business Machines Corporation Determining a risk level for server health check processing
US20160210447A1 (en) * 2015-01-19 2016-07-21 Dell Products Lp System and Method for Providing an Authentication Engine in a Persistent Authentication Framework
US10496801B2 (en) * 2015-01-19 2019-12-03 Dell Products, Lp System and method for providing an authentication engine in a persistent authentication framework
US10686841B2 (en) 2015-02-06 2020-06-16 Honeywell International Inc. Apparatus and method for dynamic customization of cyber-security risk item rules
US10075474B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications
US10021119B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Apparatus and method for automatic handling of cyber-security risk events
US10021125B2 (en) 2015-02-06 2018-07-10 Honeywell International Inc. Infrastructure monitoring tool for collecting industrial process control and automation system risk data
US10075475B2 (en) 2015-02-06 2018-09-11 Honeywell International Inc. Apparatus and method for dynamic customization of cyber-security risk item rules
US10298608B2 (en) 2015-02-11 2019-05-21 Honeywell International Inc. Apparatus and method for tying cyber-security risk analysis to common risk methodologies and risk levels
US20160234242A1 (en) * 2015-02-11 2016-08-11 Honeywell International Inc. Apparatus and method for providing possible causes, recommended actions, and potential impacts related to identified cyber-security risk items
US10747625B2 (en) * 2015-02-11 2020-08-18 International Business Machines Corporation Method for automatically configuring backup client systems and backup server systems in a backup environment
US20180121296A1 (en) * 2015-02-11 2018-05-03 International Business Machines Corporation Method for automatically configuring backup client systems and backup server systems in a backup environment
US20160241573A1 (en) * 2015-02-13 2016-08-18 Fisher-Rosemount Systems, Inc. Security event detection through virtual machine introspection
US10944764B2 (en) * 2015-02-13 2021-03-09 Fisher-Rosemount Systems, Inc. Security event detection through virtual machine introspection
US10326748B1 (en) 2015-02-25 2019-06-18 Quest Software Inc. Systems and methods for event-based authentication
US20180336356A1 (en) * 2015-03-12 2018-11-22 Whitehat Security, Inc. Auto-remediation workflow for computer security testing utilizing pre-existing security controls
US11042645B2 (en) * 2015-03-12 2021-06-22 Ntt Security Appsec Solutions Inc. Auto-remediation workflow for computer security testing utilizing pre-existing security controls
US10417613B1 (en) 2015-03-17 2019-09-17 Quest Software Inc. Systems and methods of patternizing logged user-initiated events for scheduling functions
US11075917B2 (en) 2015-03-19 2021-07-27 Microsoft Technology Licensing, Llc Tenant lockbox
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
US9990506B1 (en) 2015-03-30 2018-06-05 Quest Software Inc. Systems and methods of securing network-accessible peripheral devices
US20170324756A1 (en) * 2015-03-31 2017-11-09 Juniper Networks, Inc. Remote remediation of malicious files
US10645114B2 (en) * 2015-03-31 2020-05-05 Juniper Networks, Inc. Remote remediation of malicious files
US9842220B1 (en) 2015-04-10 2017-12-12 Dell Software Inc. Systems and methods of secure self-service access to content
US10140466B1 (en) 2015-04-10 2018-11-27 Quest Software Inc. Systems and methods of secure self-service access to content
US9842218B1 (en) 2015-04-10 2017-12-12 Dell Software Inc. Systems and methods of secure self-service access to content
US9641555B1 (en) 2015-04-10 2017-05-02 Dell Software Inc. Systems and methods of tracking content-exposure events
US9569626B1 (en) 2015-04-10 2017-02-14 Dell Software Inc. Systems and methods of reporting content-exposure events
US9563782B1 (en) 2015-04-10 2017-02-07 Dell Software Inc. Systems and methods of secure self-service access to content
US10542572B2 (en) * 2015-04-17 2020-01-21 Barracuda Networks, Inc. System for connecting, securing and managing network devices with a dedicated private virtual network
US20180152981A1 (en) * 2015-04-17 2018-05-31 Barracuda Networks, Inc. System for connecting, securing and managing network devices with a dedicated private virtual network
US10496816B2 (en) 2015-04-20 2019-12-03 Splunk Inc. Supplementary activity monitoring of a selected subset of network entities
US10185821B2 (en) 2015-04-20 2019-01-22 Splunk Inc. User activity monitoring by use of rule-based search queries
US9836598B2 (en) * 2015-04-20 2017-12-05 Splunk Inc. User activity monitoring
US11350254B1 (en) 2015-05-05 2022-05-31 F5, Inc. Methods for enforcing compliance policies and devices thereof
US9800604B2 (en) 2015-05-06 2017-10-24 Honeywell International Inc. Apparatus and method for assigning cyber-security risk consequences in industrial process control environments
US10616294B2 (en) * 2015-05-14 2020-04-07 Web Spark Ltd. System and method for streaming content from multiple servers
US9825769B2 (en) 2015-05-20 2017-11-21 Cisco Technology, Inc. System and method to facilitate the assignment of service functions for service chains in a network environment
US9762402B2 (en) 2015-05-20 2017-09-12 Cisco Technology, Inc. System and method to facilitate the assignment of service functions for service chains in a network environment
US9628500B1 (en) 2015-06-26 2017-04-18 Palantir Technologies Inc. Network anomaly detection
US10075464B2 (en) 2015-06-26 2018-09-11 Palantir Technologies Inc. Network anomaly detection
US9407652B1 (en) 2015-06-26 2016-08-02 Palantir Technologies Inc. Network anomaly detection
US10735448B2 (en) 2015-06-26 2020-08-04 Palantir Technologies Inc. Network anomaly detection
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
US10419452B2 (en) 2015-07-28 2019-09-17 Sap Se Contextual monitoring and tracking of SSH sessions
US10454955B2 (en) * 2015-07-28 2019-10-22 Sap Se Real-time contextual monitoring intrusion detection and prevention
US10536352B1 (en) 2015-08-05 2020-01-14 Quest Software Inc. Systems and methods for tuning cross-platform data collection
US10484407B2 (en) 2015-08-06 2019-11-19 Palantir Technologies Inc. Systems, methods, user interfaces, and computer-readable media for investigating potential malicious communications
US11470102B2 (en) * 2015-08-19 2022-10-11 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US10129282B2 (en) 2015-08-19 2018-11-13 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US9537880B1 (en) 2015-08-19 2017-01-03 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US20170063840A1 (en) * 2015-08-24 2017-03-02 Paypal, Inc. Optimizing tokens for identity platforms
US11316844B2 (en) * 2015-08-24 2022-04-26 Paypal, Inc. Optimizing tokens for identity platforms
US10101872B2 (en) * 2015-09-17 2018-10-16 Hewlett-Packard Development Company, L.P. Operating system events of a kiosk device
US20170083205A1 (en) * 2015-09-17 2017-03-23 Hewlett-Packard Development Company, L.P. Operating system events of a kiosk device
US10157358B1 (en) 2015-10-05 2018-12-18 Quest Software Inc. Systems and methods for multi-stream performance patternization and interval-based prediction
US10218588B1 (en) 2015-10-05 2019-02-26 Quest Software Inc. Systems and methods for multi-stream performance patternization and optimization of virtual meetings
US11089043B2 (en) 2015-10-12 2021-08-10 Palantir Technologies Inc. Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US10044745B1 (en) 2015-10-12 2018-08-07 Palantir Technologies, Inc. Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US11281485B2 (en) 2015-11-03 2022-03-22 Nicira, Inc. Extended context delivery for context-based authorization
US20170139765A1 (en) * 2015-11-13 2017-05-18 Sandisk Technologies Llc Data logger
US10579458B2 (en) * 2015-11-13 2020-03-03 Sandisk Technologies Llc Data logger
US10534799B1 (en) * 2015-12-14 2020-01-14 Airbnb, Inc. Feature transformation and missing values
US11734312B2 (en) 2015-12-14 2023-08-22 Airbnb, Inc. Feature transformation and missing values
US11757946B1 (en) 2015-12-22 2023-09-12 F5, Inc. Methods for analyzing network traffic and enforcing network policies and devices thereof
US10362064B1 (en) 2015-12-28 2019-07-23 Palantir Technologies Inc. Network-based permissioning system
US9888039B2 (en) 2015-12-28 2018-02-06 Palantir Technologies Inc. Network-based permissioning system
US10657273B2 (en) 2015-12-29 2020-05-19 Palantir Technologies Inc. Systems and methods for automatic and customizable data minimization of electronic data stores
US9916465B1 (en) 2015-12-29 2018-03-13 Palantir Technologies Inc. Systems and methods for automatic and customizable data minimization of electronic data stores
US11044203B2 (en) 2016-01-19 2021-06-22 Cisco Technology, Inc. System and method for hosting mobile packet core and value-added services using a software defined network and service chains
US10505990B1 (en) 2016-01-20 2019-12-10 F5 Networks, Inc. Methods for deterministic enforcement of compliance policies and devices thereof
US11178150B1 (en) 2016-01-20 2021-11-16 F5 Networks, Inc. Methods for enforcing access control list based on managed application and devices thereof
US10601872B1 (en) 2016-01-20 2020-03-24 F5 Networks, Inc. Methods for enhancing enforcement of compliance policies based on security violations and devices thereof
US10491632B1 (en) * 2016-01-21 2019-11-26 F5 Networks, Inc. Methods for reducing compliance violations in mobile application management environments and devices thereof
CN108476135A (en) * 2016-02-08 2018-08-31 黑莓有限公司 The access control of numerical data
US11182720B2 (en) 2016-02-16 2021-11-23 BitSight Technologies, Inc. Relationships among technology assets and services and the entities responsible for them
US10176445B2 (en) 2016-02-16 2019-01-08 BitSight Technologies, Inc. Relationships among technology assets and services and the entities responsible for them
US10778721B1 (en) 2016-02-26 2020-09-15 Arista Networks, Inc. Hash-based ACL lookup offload
WO2017152742A1 (en) * 2016-03-08 2017-09-14 中兴通讯股份有限公司 Risk assessment method and apparatus for network security device
US10812378B2 (en) 2016-03-24 2020-10-20 Cisco Technology, Inc. System and method for improved service chaining
US10187306B2 (en) 2016-03-24 2019-01-22 Cisco Technology, Inc. System and method for improved service chaining
US10142391B1 (en) 2016-03-25 2018-11-27 Quest Software Inc. Systems and methods of diagnosing down-layer performance problems via multi-stream performance patternization
US11388143B2 (en) * 2016-04-12 2022-07-12 Cyxtera Cybersecurity, Inc. Systems and methods for protecting network devices by a firewall
US10931793B2 (en) 2016-04-26 2021-02-23 Cisco Technology, Inc. System and method for automated rendering of service chaining
US10523700B1 (en) * 2016-05-06 2019-12-31 Wells Fargo Bank, N.A. Enterprise security measures
US10084809B1 (en) * 2016-05-06 2018-09-25 Wells Fargo Bank, N.A. Enterprise security measures
US11477227B1 (en) * 2016-05-06 2022-10-18 Wells Fargo Bank, N.A. Enterprise security measures
US10904232B2 (en) 2016-05-20 2021-01-26 Palantir Technologies Inc. Providing a booting key to a remote system
US10498711B1 (en) 2016-05-20 2019-12-03 Palantir Technologies Inc. Providing a booting key to a remote system
US10698599B2 (en) 2016-06-03 2020-06-30 Pegasystems, Inc. Connecting graphical shapes using gestures
US20170352028A1 (en) * 2016-06-03 2017-12-07 U.S. Bancorp, National Association Access control and mobile security app
US10102524B2 (en) * 2016-06-03 2018-10-16 U.S. Bancorp, National Association Access control and mobile security app
US10484428B2 (en) 2016-06-09 2019-11-19 LGS Innovations LLC Methods and systems for securing VPN cloud servers
US10965715B2 (en) 2016-06-09 2021-03-30 CACI, Inc.—Federal Methods and systems for controlling traffic to VPN servers
US10637890B2 (en) 2016-06-09 2020-04-28 LGS Innovations LLC Methods and systems for establishment of VPN security policy by SDN application
US20170359311A1 (en) * 2016-06-09 2017-12-14 LGS Innovations LLC Methods and systems for controlling traffic to vpn servers
US11683346B2 (en) 2016-06-09 2023-06-20 CACI, Inc.—Federal Methods and systems for establishment of VPN security policy by SDN application
US11606394B2 (en) 2016-06-09 2023-03-14 CACI, Inc.—Federal Methods and systems for controlling traffic to VPN servers
US10798132B2 (en) 2016-06-09 2020-10-06 LGS Innovations LLC Methods and systems for enhancing cyber security in networks
US11700281B2 (en) 2016-06-09 2023-07-11 CACI, Inc.—Federal Methods and systems for enhancing cyber security in networks
US11233827B2 (en) 2016-06-09 2022-01-25 CACI, Inc.—Federal Methods and systems for securing VPN cloud servers
US10440058B2 (en) * 2016-06-09 2019-10-08 LGS Innovations LLC Methods and systems for controlling traffic to VPN servers
US11252195B2 (en) 2016-06-09 2022-02-15 Caci, Inc.-Federal Methods and systems for establishment of VPN security policy by SDN application
US10084802B1 (en) 2016-06-21 2018-09-25 Palantir Technologies Inc. Supervisory control and data acquisition
US11831642B2 (en) * 2016-06-29 2023-11-28 Cisco Technology, Inc. Systems and methods for endpoint management
US20210258307A1 (en) * 2016-06-29 2021-08-19 Duo Security, Inc. Systems and methods for endpoint management
US11218499B2 (en) 2016-07-05 2022-01-04 Palantir Technologies Inc. Network anomaly detection and profiling
US11595425B1 (en) 2016-07-05 2023-02-28 Wells Fargo Bank, N.A. Secure online transactions
US10291637B1 (en) 2016-07-05 2019-05-14 Palantir Technologies Inc. Network anomaly detection and profiling
US10530803B1 (en) * 2016-07-05 2020-01-07 Wells Fargo Bank, N.A. Secure online transactions
US10419550B2 (en) 2016-07-06 2019-09-17 Cisco Technology, Inc. Automatic service function validation in a virtual network environment
US10698647B2 (en) 2016-07-11 2020-06-30 Pegasystems Inc. Selective sharing for collaborative application usage
US11212865B2 (en) * 2016-07-19 2021-12-28 Fujifilm Business Innovation Corp. Terminal apparatus and terminal control method
US20180027606A1 (en) * 2016-07-19 2018-01-25 Fuji Xerox Co., Ltd. Terminal apparatus and terminal control method
US10320664B2 (en) 2016-07-21 2019-06-11 Cisco Technology, Inc. Cloud overlay for operations administration and management
US10218616B2 (en) 2016-07-21 2019-02-26 Cisco Technology, Inc. Link selection for communication with a service function cluster
CN106060087A (en) * 2016-07-26 2016-10-26 中国南方电网有限责任公司信息中心 Multi-factor host security access control system and method
US10225270B2 (en) 2016-08-02 2019-03-05 Cisco Technology, Inc. Steering of cloned traffic in a service function chain
US10320829B1 (en) * 2016-08-11 2019-06-11 Balbix, Inc. Comprehensive modeling and mitigation of security risk vulnerabilities in an enterprise network
US10778551B2 (en) 2016-08-23 2020-09-15 Cisco Technology, Inc. Identifying sources of packet drops in a service function chain environment
US10218593B2 (en) 2016-08-23 2019-02-26 Cisco Technology, Inc. Identifying sources of packet drops in a service function chain environment
US11115425B2 (en) * 2016-08-25 2021-09-07 Clarion Co., Ltd. In-vehicle apparatus and log collection system
US10938837B2 (en) 2016-08-30 2021-03-02 Nicira, Inc. Isolated network stack to manage security for virtual machines
US10361969B2 (en) 2016-08-30 2019-07-23 Cisco Technology, Inc. System and method for managing chained services in a network environment
US10698927B1 (en) 2016-08-30 2020-06-30 Palantir Technologies Inc. Multiple sensor session and log information compression and correlation system
US10949193B2 (en) * 2016-09-08 2021-03-16 AO Kaspersky Lab System and method of updating active and passive agents in a network
US20180077195A1 (en) * 2016-09-12 2018-03-15 Qualcomm Incorporated Methods And Systems For On-Device Real-Time Adaptive Security Based On External Threat Intelligence Inputs
US10333965B2 (en) * 2016-09-12 2019-06-25 Qualcomm Incorporated Methods and systems for on-device real-time adaptive security based on external threat intelligence inputs
US20180089652A1 (en) * 2016-09-27 2018-03-29 Adobe Systems Incorporated Determination of Paywall Metrics
US10853887B2 (en) * 2016-09-27 2020-12-01 Adobe Inc. Determination of paywall metrics
US11443389B2 (en) * 2016-09-27 2022-09-13 Adobe Inc. Determination of paywall metrics
US20220391733A1 (en) * 2016-10-11 2022-12-08 International Business Machines Corporation System, method and computer program product for detecting policy violations
US10715607B2 (en) 2016-12-06 2020-07-14 Nicira, Inc. Performing context-rich attribute-based services on a host
US10609160B2 (en) 2016-12-06 2020-03-31 Nicira, Inc. Performing context-rich attribute-based services on a host
US20180167812A1 (en) * 2016-12-09 2018-06-14 Arris Enterprises Llc Wireless network authorization using a trusted authenticator
US10897709B2 (en) * 2016-12-09 2021-01-19 Arris Enterprises Llc Wireless network authorization using a trusted authenticator
US10223535B2 (en) * 2016-12-14 2019-03-05 International Business Machines Corporation Ranking security scans based on vulnerability information from third party resources
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US10728262B1 (en) 2016-12-21 2020-07-28 Palantir Technologies Inc. Context-aware network-based malicious activity warning systems
US10802858B2 (en) 2016-12-22 2020-10-13 Nicira, Inc. Collecting and processing contextual attributes on a host
US10581960B2 (en) 2016-12-22 2020-03-03 Nicira, Inc. Performing context-rich attribute-based load balancing on a host
US10812451B2 (en) 2016-12-22 2020-10-20 Nicira, Inc. Performing appID based firewall services on a host
US11327784B2 (en) 2016-12-22 2022-05-10 Nicira, Inc. Collecting and processing contextual attributes on a host
US10803173B2 (en) 2016-12-22 2020-10-13 Nicira, Inc. Performing context-rich attribute-based process control services on a host
US11032246B2 (en) 2016-12-22 2021-06-08 Nicira, Inc. Context based firewall services for data message flows for multiple concurrent users on one machine
US10802857B2 (en) 2016-12-22 2020-10-13 Nicira, Inc. Collecting and processing contextual attributes on a host
US10721262B2 (en) 2016-12-28 2020-07-21 Palantir Technologies Inc. Resource-centric network cyber attack warning system
US10754872B2 (en) 2016-12-28 2020-08-25 Palantir Technologies Inc. Automatically executing tasks and configuring access control lists in a data transformation system
US11201888B2 (en) * 2017-01-06 2021-12-14 Mastercard International Incorporated Methods and systems for discovering network security gaps
US20180205611A1 (en) * 2017-01-13 2018-07-19 Gigamon Inc. Network enumeration at a network visibility node
US11496438B1 (en) 2017-02-07 2022-11-08 F5, Inc. Methods for improved network security using asymmetric traffic delivery and devices thereof
US10708272B1 (en) 2017-02-10 2020-07-07 Arista Networks, Inc. Optimized hash-based ACL lookup offload
US11100232B1 (en) * 2017-02-23 2021-08-24 Ivanti, Inc. Systems and methods to automate networked device security response priority by user role detection
US10791119B1 (en) * 2017-03-14 2020-09-29 F5 Networks, Inc. Methods for temporal password injection and devices thereof
US10812266B1 (en) 2017-03-17 2020-10-20 F5 Networks, Inc. Methods for managing security tokens based on security violations and devices thereof
US10778576B2 (en) 2017-03-22 2020-09-15 Cisco Technology, Inc. System and method for providing a bit indexed service chain
US10284579B2 (en) * 2017-03-22 2019-05-07 Vade Secure, Inc. Detection of email spoofing and spear phishing attacks
US10225187B2 (en) 2017-03-22 2019-03-05 Cisco Technology, Inc. System and method for providing a bit indexed service chain
US10931662B1 (en) 2017-04-10 2021-02-23 F5 Networks, Inc. Methods for ephemeral authentication screening and devices thereof
US10938677B2 (en) 2017-04-12 2021-03-02 Cisco Technology, Inc. Virtualized network functions and service chaining in serverless computing infrastructure
US10884807B2 (en) 2017-04-12 2021-01-05 Cisco Technology, Inc. Serverless computing and task scheduling
US10257033B2 (en) 2017-04-12 2019-04-09 Cisco Technology, Inc. Virtualized network functions and service chaining in serverless computing infrastructure
US11102135B2 (en) 2017-04-19 2021-08-24 Cisco Technology, Inc. Latency reduction in service function paths
US10333855B2 (en) 2017-04-19 2019-06-25 Cisco Technology, Inc. Latency reduction in service function paths
US11539747B2 (en) 2017-04-28 2022-12-27 Cisco Technology, Inc. Secure communication session resumption in a service function chain
US10554689B2 (en) 2017-04-28 2020-02-04 Cisco Technology, Inc. Secure communication session resumption in a service function chain
US11122042B1 (en) 2017-05-12 2021-09-14 F5 Networks, Inc. Methods for dynamically managing user access control and devices thereof
US11343237B1 (en) 2017-05-12 2022-05-24 F5, Inc. Methods for managing a federated identity environment using security and access control data and devices thereof
US11038876B2 (en) * 2017-06-09 2021-06-15 Lookout, Inc. Managing access to services based on fingerprint matching
US10218697B2 (en) * 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
US11196640B2 (en) 2017-06-16 2021-12-07 Cisco Technology, Inc. Releasing and retaining resources for use in a NFV environment
US10735275B2 (en) 2017-06-16 2020-08-04 Cisco Technology, Inc. Releasing and retaining resources for use in a NFV environment
US10798187B2 (en) 2017-06-19 2020-10-06 Cisco Technology, Inc. Secure service chaining
US10425380B2 (en) 2017-06-22 2019-09-24 BitSight Technologies, Inc. Methods for mapping IP addresses and domains to organizations using user activity data
US10893021B2 (en) 2017-06-22 2021-01-12 BitSight Technologies, Inc. Methods for mapping IP addresses and domains to organizations using user activity data
US11627109B2 (en) 2017-06-22 2023-04-11 BitSight Technologies, Inc. Methods for mapping IP addresses and domains to organizations using user activity data
US10432469B2 (en) 2017-06-29 2019-10-01 Palantir Technologies, Inc. Access controls through node-based effective policy identifiers
US11108814B2 (en) 2017-07-11 2021-08-31 Cisco Technology, Inc. Distributed denial of service mitigation for web conferencing
US10397271B2 (en) 2017-07-11 2019-08-27 Cisco Technology, Inc. Distributed denial of service mitigation for web conferencing
US10524130B2 (en) * 2017-07-13 2019-12-31 Sophos Limited Threat index based WLAN security and quality of service
US10863358B2 (en) 2017-07-13 2020-12-08 Sophos Limited Threat index based WLAN security and quality of service
US10673698B2 (en) 2017-07-21 2020-06-02 Cisco Technology, Inc. Service function chain optimization using live testing
US11115276B2 (en) 2017-07-21 2021-09-07 Cisco Technology, Inc. Service function chain optimization using live testing
US10805332B2 (en) 2017-07-25 2020-10-13 Nicira, Inc. Context engine model
US20230007030A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11722506B2 (en) * 2017-08-08 2023-08-08 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11716341B2 (en) * 2017-08-08 2023-08-01 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11290478B2 (en) * 2017-08-08 2022-03-29 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11716342B2 (en) * 2017-08-08 2023-08-01 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20230007026A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20230007031A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20230007025A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11876819B2 (en) * 2017-08-08 2024-01-16 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20230007027A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20230007029A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20230007028A1 (en) * 2017-08-08 2023-01-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11522894B2 (en) * 2017-08-08 2022-12-06 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11245714B2 (en) 2017-08-08 2022-02-08 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11212309B1 (en) 2017-08-08 2021-12-28 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11838305B2 (en) * 2017-08-08 2023-12-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US20210152586A1 (en) * 2017-08-08 2021-05-20 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11838306B2 (en) * 2017-08-08 2023-12-05 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11245715B2 (en) 2017-08-08 2022-02-08 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11115435B2 (en) * 2017-08-15 2021-09-07 Level 3 Communications, Llc Local DDOS mitigation announcements in a telecommunications network
US20190058729A1 (en) * 2017-08-15 2019-02-21 Level 3 Communications, Llc Local DDOS mitigation announcements in a telecommunications network
US11063856B2 (en) 2017-08-24 2021-07-13 Cisco Technology, Inc. Virtual network function monitoring in a network function virtualization deployment
US10963465B1 (en) 2017-08-25 2021-03-30 Palantir Technologies Inc. Rapid importation of data including temporally tracked object recognition
US11750623B2 (en) * 2017-09-04 2023-09-05 ITsMine Ltd. System and method for conducting a detailed computerized surveillance in a computerized environment
US20190075124A1 (en) * 2017-09-04 2019-03-07 ITsMine Ltd. System and method for conducting a detailed computerized surveillance in a computerized environment
US10984427B1 (en) 2017-09-13 2021-04-20 Palantir Technologies Inc. Approaches for analyzing entity relationships
US11663613B2 (en) 2017-09-13 2023-05-30 Palantir Technologies Inc. Approaches for analyzing entity relationships
US10791065B2 (en) 2017-09-19 2020-09-29 Cisco Technology, Inc. Systems and methods for providing container attributes as part of OAM techniques
US10623433B1 (en) * 2017-09-25 2020-04-14 Amazon Technologies, Inc. Configurable event-based compute instance security assessments
US11394739B2 (en) 2017-09-25 2022-07-19 Amazon Technologies, Inc. Configurable event-based compute instance security assessments
US10643002B1 (en) 2017-09-28 2020-05-05 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a virtual computing environment
US10706155B1 (en) * 2017-09-28 2020-07-07 Amazon Technologies, Inc. Provision and execution of customized security assessments of resources in a computing environment
US20190104156A1 (en) * 2017-10-04 2019-04-04 Servicenow, Inc. Systems and methods for automated governance, risk, and compliance
US11611480B2 (en) 2017-10-04 2023-03-21 Servicenow, Inc. Systems and methods for automated governance, risk, and compliance
US10826767B2 (en) * 2017-10-04 2020-11-03 Servicenow, Inc. Systems and methods for automated governance, risk, and compliance
US10735429B2 (en) 2017-10-04 2020-08-04 Palantir Technologies Inc. Controlling user creation of data resources on a data processing platform
US10397229B2 (en) 2017-10-04 2019-08-27 Palantir Technologies, Inc. Controlling user creation of data resources on a data processing platform
US11018981B2 (en) 2017-10-13 2021-05-25 Cisco Technology, Inc. System and method for replication container performance and policy validation using real time network traffic
US10079832B1 (en) 2017-10-18 2018-09-18 Palantir Technologies Inc. Controlling user creation of data resources on a data processing platform
US10541893B2 (en) 2017-10-25 2020-01-21 Cisco Technology, Inc. System and method for obtaining micro-service telemetry data
US11252063B2 (en) 2017-10-25 2022-02-15 Cisco Technology, Inc. System and method for obtaining micro-service telemetry data
US10375100B2 (en) * 2017-10-27 2019-08-06 Cisco Technology, Inc. Identifying anomalies in a network
US10911475B2 (en) 2017-10-27 2021-02-02 Cisco Technology, Inc. Identifying anomalies in a network
US10733293B2 (en) 2017-10-30 2020-08-04 Bank Of America Corporation Cross platform user event record aggregation system
US10721246B2 (en) * 2017-10-30 2020-07-21 Bank Of America Corporation System for across rail silo system integration and logic repository
US20190132336A1 (en) * 2017-10-30 2019-05-02 Bank Of America Corporation System for across rail silo system integration and logic repository
US11171990B1 (en) * 2017-11-01 2021-11-09 Entreda, Inc. Arbitrated network access using real-time risk metric
US11030027B2 (en) 2017-11-15 2021-06-08 Bank Of America Corporation System for technology anomaly detection, triage and response using solution data modeling
US10778651B2 (en) 2017-11-15 2020-09-15 Nicira, Inc. Performing context-rich attribute-based encryption on a host
US10250401B1 (en) 2017-11-29 2019-04-02 Palantir Technologies Inc. Systems and methods for providing category-sensitive chat channels
US11133925B2 (en) 2017-12-07 2021-09-28 Palantir Technologies Inc. Selective access to encrypted logs
US10868821B2 (en) 2017-12-20 2020-12-15 Sophos Limited Electronic mail security using a heartbeat
US20190190929A1 (en) * 2017-12-20 2019-06-20 Sophos Limited Electronic mail security using root cause analysis
US10972483B2 (en) * 2017-12-20 2021-04-06 Sophos Limited Electronic mail security using root cause analysis
US10686796B2 (en) 2017-12-28 2020-06-16 Palantir Technologies Inc. Verifying network-based permissioning rights
US10802893B2 (en) 2018-01-26 2020-10-13 Nicira, Inc. Performing process control services on endpoint machines
US10862773B2 (en) 2018-01-26 2020-12-08 Nicira, Inc. Performing services on data messages associated with endpoint machines
US11546365B2 (en) * 2018-01-28 2023-01-03 AVAST Software s.r.o. Computer network security assessment engine
CN112055957A (en) * 2018-01-28 2020-12-08 爱维士软件有限责任公司 Computer network security assessment engine
WO2019145473A1 (en) * 2018-01-28 2019-08-01 AVAST Software s.r.o. Computer network security assessment engine
US11075925B2 (en) 2018-01-31 2021-07-27 EMC IP Holding Company LLC System and method to enable component inventory and compliance in the platform
US11888897B2 (en) 2018-02-09 2024-01-30 SentinelOne, Inc. Implementing decoys in a network environment
US10474556B2 (en) * 2018-02-20 2019-11-12 Bank Of America Corporation Multiple ruleset version scanning, warning and correction tool
US10594723B2 (en) 2018-03-12 2020-03-17 BitSight Technologies, Inc. Correlated risk in cybersecurity
US11770401B2 (en) 2018-03-12 2023-09-26 BitSight Technologies, Inc. Correlated risk in cybersecurity
US11658995B1 (en) 2018-03-20 2023-05-23 F5, Inc. Methods for dynamically mitigating network attacks and devices thereof
US10754708B2 (en) 2018-03-28 2020-08-25 EMC IP Holding Company LLC Orchestrator and console agnostic method to deploy infrastructure through self-describing deployment templates
US10693722B2 (en) 2018-03-28 2020-06-23 Dell Products L.P. Agentless method to bring solution and cluster awareness into infrastructure and support management portals
US10878051B1 (en) 2018-03-30 2020-12-29 Palantir Technologies Inc. Mapping device identifiers
US10255415B1 (en) 2018-04-03 2019-04-09 Palantir Technologies Inc. Controlling access to computer resources
US10860698B2 (en) 2018-04-03 2020-12-08 Palantir Technologies Inc. Controlling access to computer resources
US11914687B2 (en) 2018-04-03 2024-02-27 Palantir Technologies Inc. Controlling access to computer resources
CN108650237A (en) * 2018-04-13 2018-10-12 烽火通信科技股份有限公司 A kind of packet safety detection method and system based on the time-to-live
US10812520B2 (en) 2018-04-17 2020-10-20 BitSight Technologies, Inc. Systems and methods for external detection of misconfigured systems
US11671441B2 (en) 2018-04-17 2023-06-06 BitSight Technologies, Inc. Systems and methods for external detection of misconfigured systems
US10795756B2 (en) 2018-04-24 2020-10-06 EMC IP Holding Company LLC System and method to predictively service and support the solution
US11086738B2 (en) * 2018-04-24 2021-08-10 EMC IP Holding Company LLC System and method to automate solution level contextual support
US10977283B2 (en) * 2018-05-08 2021-04-13 Bank Of America Corporation System for mitigating intentional and unintentional exposure using solution data modelling
US10970406B2 (en) 2018-05-08 2021-04-06 Bank Of America Corporation System for mitigating exposure associated with identified unmanaged devices in a network using solution data modelling
US11023835B2 (en) 2018-05-08 2021-06-01 Bank Of America Corporation System for decommissioning information technology assets using solution data modelling
US10936984B2 (en) 2018-05-08 2021-03-02 Bank Of America Corporation System for mitigating exposure associated with identified impacts of technological system changes based on solution data modelling
US10949400B2 (en) 2018-05-09 2021-03-16 Palantir Technologies Inc. Systems and methods for tamper-resistant activity logging
US11593317B2 (en) 2018-05-09 2023-02-28 Palantir Technologies Inc. Systems and methods for tamper-resistant activity logging
US10867044B2 (en) * 2018-05-30 2020-12-15 AppOmni, Inc. Automatic computer system change monitoring and security gap detection system
US11122008B2 (en) 2018-06-06 2021-09-14 Cisco Technology, Inc. Service chains for inter-cloud traffic
US10666612B2 (en) 2018-06-06 2020-05-26 Cisco Technology, Inc. Service chains for inter-cloud traffic
US11799821B2 (en) 2018-06-06 2023-10-24 Cisco Technology, Inc. Service chains for inter-cloud traffic
US11244063B2 (en) 2018-06-11 2022-02-08 Palantir Technologies Inc. Row-level and column-level policy service
US20210373721A1 (en) * 2018-06-19 2021-12-02 Palantir Technologies Inc. Artificial intelligence assisted evaluations and user interface for same
US20200014724A1 (en) * 2018-07-05 2020-01-09 Cisco Technology, Inc. Dynamic dns policy enforcement based on endpoint security posture
US11050792B2 (en) * 2018-07-05 2021-06-29 Cisco Technology, Inc. Dynamic DNS policy enforcement based on endpoint security posture
US10742657B2 (en) * 2018-07-11 2020-08-11 International Business Machines Corporation Accessing shared resources without system groups
US20230005016A1 (en) * 2018-07-16 2023-01-05 James D. MacDonald-Korth Automatic login link for targeted users without previous account creation
US11861661B2 (en) * 2018-07-16 2024-01-02 James D. MacDonald-Korth Automatic login link for targeted users without previous account creation
US11282108B2 (en) * 2018-07-16 2022-03-22 James D. MacDonald-Korth Automatic login link for targeted users without previous account creation
US11048488B2 (en) 2018-08-14 2021-06-29 Pegasystems, Inc. Software code optimizer and method
US10904292B1 (en) * 2018-09-25 2021-01-26 Amazon Technologies, Inc. Secure data transfer device
US11799894B2 (en) * 2018-09-28 2023-10-24 AVAST Software s.r.o. Dual network security assessment engine
US11677790B2 (en) 2018-10-15 2023-06-13 Paypal, Inc. Multi-dimensional drift nuance intelligence threat engine
US11082452B2 (en) * 2018-10-15 2021-08-03 Paypal, Inc. Multi-dimensional drift nuance intelligence threat engine
US11599422B2 (en) 2018-10-16 2023-03-07 EMC IP Holding Company LLC System and method for device independent backup in distributed system
US11200323B2 (en) 2018-10-17 2021-12-14 BitSight Technologies, Inc. Systems and methods for forecasting cybersecurity ratings based on event-rate scenarios
US11783052B2 (en) 2018-10-17 2023-10-10 BitSight Technologies, Inc. Systems and methods for forecasting cybersecurity ratings based on event-rate scenarios
US11727114B2 (en) 2018-10-25 2023-08-15 BitSight Technologies, Inc. Systems and methods for remote detection of software through browser webinjects
US10776483B2 (en) 2018-10-25 2020-09-15 BitSight Technologies, Inc. Systems and methods for remote detection of software through browser webinjects
US11126723B2 (en) 2018-10-25 2021-09-21 BitSight Technologies, Inc. Systems and methods for remote detection of software through browser webinjects
US10521583B1 (en) 2018-10-25 2019-12-31 BitSight Technologies, Inc. Systems and methods for remote detection of software through browser webinjects
US11374958B2 (en) * 2018-10-31 2022-06-28 International Business Machines Corporation Security protection rule prediction and enforcement
US20200177524A1 (en) * 2018-11-30 2020-06-04 Thomas James West Method for securing computing system networks through locking osi layers 2 and 3 on individual remote computing devices
US11683394B2 (en) 2019-02-08 2023-06-20 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
US10868887B2 (en) 2019-02-08 2020-12-15 Palantir Technologies Inc. Systems and methods for isolating applications associated with multiple tenants within a computing platform
US11290491B2 (en) * 2019-03-14 2022-03-29 Oracle International Corporation Methods, systems, and computer readable media for utilizing a security service engine to assess security vulnerabilities on a security gateway element
US20230134122A1 (en) * 2019-04-05 2023-05-04 David M.T. Ting Continuous risk assessment for electronic protected health information
US10862761B2 (en) 2019-04-29 2020-12-08 EMC IP Holding Company LLC System and method for management of distributed systems
US11876798B2 (en) * 2019-05-20 2024-01-16 Citrix Systems, Inc. Virtual delivery appliance and system with remote authentication and related methods
US20200374284A1 (en) * 2019-05-20 2020-11-26 Citrix Systems, Inc. Virtual delivery appliance and system with remote authentication and related methods
US11210392B2 (en) 2019-05-20 2021-12-28 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
US11580218B2 (en) 2019-05-20 2023-02-14 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
US11790079B2 (en) 2019-05-20 2023-10-17 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
US10762200B1 (en) 2019-05-20 2020-09-01 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
US11632373B2 (en) * 2019-06-18 2023-04-18 Microsoft Technology Licensing, Llc Activity based authorization for accessing and operating enterprise infrastructure
US11533312B2 (en) * 2019-07-10 2022-12-20 ColorTokens, Inc. Dynamically enforcing context sensitive network access control policies
US11675912B2 (en) 2019-07-17 2023-06-13 BitSight Technologies, Inc. Systems and methods for generating security improvement plans for entities
US11030325B2 (en) 2019-07-17 2021-06-08 BitSight Technologies, Inc. Systems and methods for generating security improvement plans for entities
US10726136B1 (en) 2019-07-17 2020-07-28 BitSight Technologies, Inc. Systems and methods for generating security improvement plans for entities
US11301557B2 (en) 2019-07-19 2022-04-12 Dell Products L.P. System and method for data processing device management
US11637811B2 (en) * 2019-07-31 2023-04-25 Capital One Services, Llc Automated firewall feedback from network traffic analysis
US20230239272A1 (en) * 2019-07-31 2023-07-27 Capital One Services, Llc Automated firewall feedback from network traffic analysis
US11303678B2 (en) * 2019-08-15 2022-04-12 ColorTokens, Inc. Determination and autocorrection of modified security policies
US10749893B1 (en) 2019-08-23 2020-08-18 BitSight Technologies, Inc. Systems and methods for inferring entity relationships via network communications of users or user devices
US11704441B2 (en) 2019-09-03 2023-07-18 Palantir Technologies Inc. Charter-based access controls for managing computer resources
US11736281B1 (en) 2019-09-10 2023-08-22 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11477016B1 (en) 2019-09-10 2022-10-18 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11750378B1 (en) 2019-09-10 2023-09-05 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11240014B1 (en) 2019-09-10 2022-02-01 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11902431B1 (en) 2019-09-10 2024-02-13 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11626983B1 (en) 2019-09-10 2023-04-11 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11343270B1 (en) * 2019-09-10 2022-05-24 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11567801B2 (en) 2019-09-18 2023-01-31 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US10761889B1 (en) 2019-09-18 2020-09-01 Palantir Technologies Inc. Systems and methods for autoscaling instance groups of computing platforms
US20220407865A1 (en) * 2019-09-19 2022-12-22 Bank Of America Corporation Real-Time Management of Access Controls
US11463443B2 (en) * 2019-09-19 2022-10-04 Bank Of America Corporation Real-time management of access controls
US11329878B2 (en) 2019-09-26 2022-05-10 BitSight Technologies, Inc. Systems and methods for network asset discovery and association thereof with entities
US11032244B2 (en) 2019-09-30 2021-06-08 BitSight Technologies, Inc. Systems and methods for determining asset importance in security risk management
US11640465B2 (en) * 2019-11-13 2023-05-02 Vmware, Inc. Methods and systems for troubleshooting applications using streaming anomaly detection
US11768917B2 (en) 2019-11-14 2023-09-26 International Business Machines Corporation Systems and methods for alerting to model degradation based on distribution analysis
US11810013B2 (en) 2019-11-14 2023-11-07 International Business Machines Corporation Systems and methods for alerting to model degradation based on survival analysis
US11455561B2 (en) * 2019-11-14 2022-09-27 International Business Machines Corporation Alerting to model degradation based on distribution analysis using risk tolerance ratings
US11848946B2 (en) 2020-01-10 2023-12-19 Vmware, Inc. Efficiently performing intrusion detection
US11539718B2 (en) 2020-01-10 2022-12-27 Vmware, Inc. Efficiently performing intrusion detection
US11050779B1 (en) 2020-01-29 2021-06-29 BitSight Technologies, Inc. Systems and methods for assessing cybersecurity state of entities based on computer network characterization
US10791140B1 (en) 2020-01-29 2020-09-29 BitSight Technologies, Inc. Systems and methods for assessing cybersecurity state of entities based on computer network characterization
US11727310B1 (en) 2020-01-30 2023-08-15 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11533175B1 (en) 2020-01-30 2022-12-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography on a smartcard
US11322050B1 (en) * 2020-01-30 2022-05-03 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11449799B1 (en) 2020-01-30 2022-09-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11727829B1 (en) * 2020-01-30 2023-08-15 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11838410B1 (en) 2020-01-30 2023-12-05 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11777983B2 (en) 2020-01-31 2023-10-03 BitSight Technologies, Inc. Systems and methods for rapidly generating security ratings
US11595427B2 (en) 2020-01-31 2023-02-28 BitSight Technologies, Inc. Systems and methods for rapidly generating security ratings
US10893067B1 (en) 2020-01-31 2021-01-12 BitSight Technologies, Inc. Systems and methods for rapidly generating security ratings
US20210266157A1 (en) * 2020-02-24 2021-08-26 Electronics And Telecommunications Research Institute Quantum entity authentication apparatus and method
US11736280B2 (en) * 2020-02-24 2023-08-22 Electronics And Telecommunications Research Institute Quantum entity authentication apparatus and method
US11265330B2 (en) 2020-02-26 2022-03-01 BitSight Technologies, Inc. Systems and methods for improving a security profile of an entity based on peer security profiles
US11755736B1 (en) * 2020-04-24 2023-09-12 Netapp, Inc. Systems and methods for protecting against malware attacks
US11475132B2 (en) * 2020-04-24 2022-10-18 Netapp, Inc. Systems and methods for protecting against malware attacks
US11888872B2 (en) 2020-05-15 2024-01-30 International Business Machines Corporation Protecting computer assets from malicious attacks
US11720679B2 (en) 2020-05-27 2023-08-08 BitSight Technologies, Inc. Systems and methods for managing cybersecurity alerts
US11023585B1 (en) 2020-05-27 2021-06-01 BitSight Technologies, Inc. Systems and methods for managing cybersecurity alerts
US11108728B1 (en) 2020-07-24 2021-08-31 Vmware, Inc. Fast distribution of port identifiers for rule processing
US11539659B2 (en) 2020-07-24 2022-12-27 Vmware, Inc. Fast distribution of port identifiers for rule processing
US20220046058A1 (en) * 2020-08-07 2022-02-10 Cisco Technology, Inc. Zero-trust dynamic discovery
US20230026570A1 (en) * 2020-08-07 2023-01-26 Cisco Technology, Inc. Zero-trust dynamic discovery
US11503077B2 (en) * 2020-08-07 2022-11-15 Cisco Technology, Inc. Zero-trust dynamic discovery
US11567945B1 (en) 2020-08-27 2023-01-31 Pegasystems Inc. Customized digital content generation systems and methods
WO2022069657A1 (en) * 2020-09-30 2022-04-07 Siemens Aktiengesellschaft Method for operating a network, and computer program product
US20220150241A1 (en) * 2020-11-11 2022-05-12 Hewlett Packard Enterprise Development Lp Permissions for backup-related operations
US11665047B2 (en) * 2020-11-18 2023-05-30 Vmware, Inc. Efficient event-type-based log/event-message processing in a distributed log-analytics system
US20220158889A1 (en) * 2020-11-18 2022-05-19 Vmware, Inc. Efficient event-type-based log/event-message processing in a distributed log-analytics system
US11689555B2 (en) 2020-12-11 2023-06-27 BitSight Technologies, Inc. Systems and methods for cybersecurity risk mitigation and management
US11748083B2 (en) 2020-12-16 2023-09-05 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11930025B2 (en) 2021-04-15 2024-03-12 Bank Of America Corporation Threat detection and prevention for information systems
US11785025B2 (en) 2021-04-15 2023-10-10 Bank Of America Corporation Threat detection within information systems
US20220345477A1 (en) * 2021-04-21 2022-10-27 Google Llc Automatic Vulnerability Mitigation in Cloud Environments
US11570200B2 (en) * 2021-04-21 2023-01-31 Google Llc Automatic vulnerability mitigation in cloud environments
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US20230063962A1 (en) * 2021-08-31 2023-03-02 At&T Intellectual Property I, L.P. Securing corporate assets in the home
US11895151B1 (en) * 2022-01-12 2024-02-06 Cloudflare, Inc. Phishing email campaign identification
US20230252024A1 (en) * 2022-02-09 2023-08-10 International Business Machines Corporation Machine-learning-based, adaptive updating of quantitative data in database system
US11775516B2 (en) * 2022-02-09 2023-10-03 International Business Machines Corporation Machine-learning-based, adaptive updating of quantitative data in database system
CN116303097A (en) * 2023-05-16 2023-06-23 中国工商银行股份有限公司 Fuzzy test method, device, equipment, medium and program product for intelligent contract
CN116578995A (en) * 2023-07-13 2023-08-11 汉兴同衡科技集团有限公司 Anti-attack information security vulnerability analysis method, system, terminal and medium

Also Published As

Publication number Publication date
US9923918B2 (en) 2018-03-20
US8955038B2 (en) 2015-02-10
US20130254833A1 (en) 2013-09-26
US9608997B2 (en) 2017-03-28
US20150229651A1 (en) 2015-08-13
US20170201545A1 (en) 2017-07-13

Similar Documents

Publication Publication Date Title
US9923918B2 (en) Methods and systems for controlling access to computing resources based on known security vulnerabilities
US20070143827A1 (en) Methods and systems for intelligently controlling access to computing resources
EP1917757A2 (en) Methods and systems for intelligently controlling access to computing resources
US7526800B2 (en) Administration of protection of data accessible by a mobile device
US8020192B2 (en) Administration of protection of data accessible by a mobile device
US11411980B2 (en) Insider threat management
US7636936B2 (en) Administration of protection of data accessible by a mobile device
US11888890B2 (en) Cloud management of connectivity for edge networking devices
US9910981B2 (en) Malicious code infection cause-and-effect analysis
US9912638B2 (en) Systems and methods for integrating cloud services with information management systems
US8392972B2 (en) Protected access control method for shared computer resources
US8566571B2 (en) Pre-boot securing of operating system (OS) for endpoint evaluation
US20080109679A1 (en) Administration of protection of data accessible by a mobile device
US20040123150A1 (en) Protection of data accessible by a mobile device
WO2004057834A2 (en) Methods and apparatus for administration of policy based protection of data accessible by a mobile device
US11792228B2 (en) Systems and methods for network security
US20210329459A1 (en) System and method for rogue device detection
WO2022010970A1 (en) Federated security for multi-enterprise communications
GB2621237A (en) Traffic scanning with context-aware threat signatures
US20230336591A1 (en) Centralized management of policies for network-accessible devices
WO2023187309A1 (en) Scored threat signature analysis
Whitelisting et al. Application Whitelisting: Enhancing Host Security

Legal Events

Date Code Title Description
AS Assignment

Owner name: FIBERLINK, PENNSYLVANIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:NICODEMUS, BLAIR;STEPHENS, BILLY E.;REEL/FRAME:017970/0634;SIGNING DATES FROM 20060602 TO 20060605

AS Assignment

Owner name: FIBERLINK COMMUNICATIONS CORPORATION, PENNSYLVANIA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE NAME OF ASSIGNEE PREVIOUSLY RECORDED ON REEL 017970 FRAME 0634;ASSIGNORS:NICODEMUS, BLAIR;STEPHENS, BILLY E.;REEL/FRAME:023596/0956;SIGNING DATES FROM 20060602 TO 20060605

AS Assignment

Owner name: FIBERLINK COMMUNICATIONS CORPORATION, PENNSYLVANIA

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNMENT DOCUMENT SHOWING FIBERLINK AS THE ASSIGNEE BUT SHOULD ACTUALLY SHOW FIBERLINK COMMUNICATIONS CORPORATION PREVIOUSLY RECORDED ON REEL 023596 FRAME 0956;ASSIGNORS:NICODEMUS, BLAIR;STEPHENS, BILLY E.;REEL/FRAME:023748/0249;SIGNING DATES FROM 20060602 TO 20060605

AS Assignment

Owner name: SILICON VALLEY BANK, MASSACHUSETTS

Free format text: SECURITY AGREEMENT;ASSIGNOR:FIBERLINK COMMUNICATIONS CORPORATION;REEL/FRAME:025833/0509

Effective date: 20100608

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: FIBERLINK COMMUNICATIONS CORPORATION, PENNSYLVANIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:SILICON VALLEY BANK;REEL/FRAME:031802/0482

Effective date: 20131217

AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:FIBERLINK COMMUNICATIONS CORPORATION;REEL/FRAME:039001/0462

Effective date: 20160602

AS Assignment

Owner name: DAEDALUS GROUP LLC, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:051032/0784

Effective date: 20190930

AS Assignment

Owner name: DAEDALUS GROUP, LLC, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:051710/0445

Effective date: 20191230

AS Assignment

Owner name: DAEDALUS BLUE LLC, NEW YORK

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DAEDALUS GROUP, LLC;REEL/FRAME:051737/0191

Effective date: 20200128