Systems and methods for endpoint management classification

US 10,009,344 B2
Filed: 06/19/2017
Issued: 06/26/2018
Est. Priority Date: 06/29/2016
Status: Expired due to Fees

First Claim

Patent Images

1. A method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network, the method comprising:

at a computer security platform comprising one or more servers that function to;

(i) detect an authentication attempt by the endpoint computing device to the computer network, wherein detecting the authentication attempt comprises receiving an authentication request originating from the endpoint computing device for accessing the computer network;

(ii) during the authentication attempt, collect management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device, the management status indicating whether the endpoint computing device is actively managed by an entity maintaining the computer network or by an affiliate of the entity maintaining the computer network, wherein collecting management status indicia from the endpoint computing device includes;

implementing at least one inline frame within a web interface; and

using the at least one inline frame to collect (a) authentication attempt data and (b) the management status indicia during the authentication attempt, wherein the authentication attempt data comprises identifying data of the endpoint computing device and authentication credentials;

(iii) use the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and

(iv) control access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network includes: detecting an authentication attempt by the endpoint computing device to the computer network; during the authentication attempt, collecting management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device; using the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and controlling access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.

42 Citations

View as Search Results

18 Claims

1. A method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network, the method comprising:
- at a computer security platform comprising one or more servers that function to;
  
  (i) detect an authentication attempt by the endpoint computing device to the computer network, wherein detecting the authentication attempt comprises receiving an authentication request originating from the endpoint computing device for accessing the computer network;
  
  (ii) during the authentication attempt, collect management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device, the management status indicating whether the endpoint computing device is actively managed by an entity maintaining the computer network or by an affiliate of the entity maintaining the computer network, wherein collecting management status indicia from the endpoint computing device includes;
  
  implementing at least one inline frame within a web interface; and
  
  using the at least one inline frame to collect (a) authentication attempt data and (b) the management status indicia during the authentication attempt, wherein the authentication attempt data comprises identifying data of the endpoint computing device and authentication credentials;
  
  (iii) use the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device; and
  
  (iv) control access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein using the at least one inline frame to collect the management status indicia includes:
    - using the inline frame to transmit to the endpoint computing device one or more management status indicia probes seeking management status indicia from the endpoint computing device.
  - 3. The method of claim 1, wherein the management status indicia comprise a non-response or inadequate response from the endpoint computing device;
    - wherein identifying the management status of the endpoint computing device includes identifying that the endpoint computing device comprises an unmanaged device based on the non-response or inadequate response; and
      
      wherein controlling access by the endpoint computing device to the computer network includes blocking or limiting access of the unmanaged endpoint computing device to the computer network.
  - 4. The method of claim 1, wherein identifying the management status of the endpoint computing device includes identifying that the endpoint computing device comprises an unmanaged device based on the management status indicia;
    - wherein at the computer security platform further functions to;
      
      configure the endpoint computing device to a managed endpoint computing device, wherein configuring the endpoint computing device includes;
      
      (a) generating management status configuration indicia for the endpoint computing device;
      
      (b) transmitting the management status configuration indicia to the endpoint computing device; and
      
      (c) confirming that the endpoint computing device is configured as the managed endpoint computing device based on implementation of the management status configuration indicia at the endpoint computing device.
  - 5. The method of claim 1, wherein identifying the management status of the endpoint computing device includes identifying that the endpoint computing device comprises an unmanaged device or an indeterminate device based on the management status indicia;
    - wherein at the computer security platform further functions to;
      
      in response to identifying the endpoint computing device as the unmanaged device or the indeterminate device, referencing access policy associated with the computer network;
      
      wherein controlling access to the computer network if further based on (c) the access policy.
  - 6. The method of claim 1, wherein collecting management status indicia from the endpoint computing device includes:
    - at a proxy service comprising one or more remote computing servers and that is positioned operably between the endpoint computing device and the entity or the affiliate of the entity that maintains the computer network;
      
      monitoring network traffic passing through the proxy service to collect authentication attempt data and management status indicia from the endpoint computing device.
  - 7. The method of claim 1, wherein the management status indicia comprise cookies transmitted by the endpoint computing device to the computer security platform,wherein identifying the management status of the endpoint computing device includes:
    - (a) analyzing the cookies to identify management status data, wherein the management status data relates to information useable by the computer security platform to verify the management status of the endpoint computing device;
      
      (b) comparing the management status data to stored endpoint management data; and
      
      (c) determining the management status of the endpoint computing device based on results of the comparison.
  - 8. The method of claim 7, wherein the cookies transmitted by the endpoint computing device comprise one or more of ephemeral cookies and one-time use cookies, wherein the cookies expire after a predetermined period of time, and wherein the one-time use cookies can only be used or transmitted one time by the endpoint computing device.
  - 9. The method of claim 1, wherein the management status indicia comprise HTTP headers and/or HTTP requests transmitted by the endpoint computing device to the computer security platform,wherein identifying the management status of the endpoint computing device includes:
    - (a) analyzing the HTTP headers and/or the HTTP requests to identify management status data, wherein the management status data relates to information useable by the computer security platform to verify the management status of the endpoint computing device;
      
      (b) comparing the management status data from the HTTP headers and/or the HTTP requests to stored endpoint management data; and
      
      (c) determining the management status of the endpoint computing device based on results of the comparison.
  - 10. The method of claim 9, wherein if the endpoint computing device comprises a managed endpoint:
    - prior to transmitting the HTTP headers and/or the HTTP requests, using a software application operating on the endpoint computing device to modify the HTTP headers and/or the HTTP requests to include the management status data.
  - 11. The method of claim 1, wherein the management status indicia comprise a digital certificate transmitted by the endpoint computing device to the computer security platform, wherein the digital certificate is provided to the endpoint computing device by an issuing authority,wherein identifying the management status of the endpoint computing device includes:
    - (a) analyzing the digital certificate to identify management status data, wherein the management status data relates to information useable by the computer security platform to verify the management status of the endpoint computing device;
      
      (b) comparing the management status data from the digital certificate to stored endpoint management data; and
      
      (c) determining the management status of the endpoint computing device based on results of the comparison.
  - 12. The method of claim 1, wherein collecting the management status indicia includes:
    - querying an endpoint application programming interface (API) of the endpoint computing device for the management status indicia, the query comprising a request to the endpoint API to transmit the management status indicia;
      
      wherein identifying the management status of the endpoint computing device includes analyzing a response from the endpoint API to the query.
  - 13. The method of claim 1, wherein at the computer security platform further functions to:
    - transmit the management status data of the endpoint computing device to the entity maintaining the computer network or to the affiliate of the entity that maintains the computer network, wherein the management status data includes an indication of whether the endpoint computing device comprises a managed device or an unmanaged device.
  - 14. The method of claim 1, wherein at the computer security platform further functions to:
    - present via a graphical user interface (GUI) a plurality of endpoint computing devices accessing the computer network or one or more digital resources accessible via the computer network;
      
      identify a management status for each of the plurality of endpoint computing device presented via the GUI, wherein the management status comprises managed device indicator or unmanaged device indicator, and wherein the plurality of endpoints comprises one or more managed endpoint computing devices and one or more unmanaged endpoint computing devices; and
      
      enable access control capabilities to selectively limit or block the one or more unmanaged endpoint computing devices from accessing the computer network.

15. A method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network, the method comprising:
- at a computer security platform comprising one or more servers that function to;
  
  (i) detect an authentication attempt by the endpoint computing device to the computer network, wherein detecting the authentication attempt comprises receiving an authentication request originating from the endpoint computing device for accessing the computer network;
  
  (ii) during the authentication attempt, collect management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device, the management status indicating whether the endpoint computing device is actively managed by an entity maintaining the computer network or by an affiliate of the entity maintaining the computer network, wherein the management status indicia comprise cookies transmitted by the endpoint computing device to the computer security platform;
  
  (iii) use the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device, wherein identifying the management status of the endpoint computing device includes;
  
  (a) analyzing the cookies to identify management status data, wherein the management status data relates to information useable by the computer security platform to verify the management status of the endpoint computing device;
  
  (b) comparing the management status data to stored endpoint management data; and
  
  (c) determining the management status of the endpoint computing device based on results of the comparison; and
  
  (iv) control access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the cookies transmitted by the endpoint computing device comprise one or more of ephemeral cookies and one-time use cookies, wherein the cookies expire after a predetermined period of time, and wherein the one-time use cookies can only be used or transmitted one time by the endpoint computing device.

17. A method for mitigating security vulnerabilities of a computer network by detecting a management status of an endpoint computing device attempting to authenticate to one or more computing resources accessible via the computer network, the method comprising:
- at a computer security platform comprising one or more servers that function to;
  
  (i) detect an authentication attempt by the endpoint computing device to the computer network, wherein detecting the authentication attempt comprises receiving an authentication request originating from the endpoint computing device for accessing the computer network;
  
  (ii) during the authentication attempt, collect management status indicia from the endpoint computing device, wherein the management status indicia comprise data used to determine a management status of the endpoint computing device, the management status indicating whether the endpoint computing device is actively managed by an entity maintaining the computer network or by an affiliate of the entity maintaining the computer network, wherein the management status indicia comprise HTTP headers and/or HTTP requests transmitted by the endpoint computing device to the computer security platform;
  
  (iii) use the management status indicia to identify the management status of the endpoint computing device and identifying the management status of the endpoint computing device, wherein identifying the management status of the endpoint computing device includes;
  
  (a) analyzing the HTTP headers and/or the HTTP requests to identify management status data, wherein the management status data relates to information useable by the computer security platform to verify the management status of the endpoint computing device;
  
  (b) comparing the management status data from the HTTP headers and/or the HTTP requests to stored endpoint management data; and
  
  (c) determining the management status of the endpoint computing device based on results of the comparison; and
  
  (iv) control access to the computer network based on (a) whether the authentication attempt by the endpoint computing device is successful and (b) the identified management status of the endpoint computing device.
- View Dependent Claims (18)
- - 18. The method of claim 17, wherein if the endpoint computing device comprises a managed endpoint:
    - prior to transmitting the HTTP headers and/or the HTTP requests, using a software application operating on the endpoint computing device to modify the HTTP headers and/or the HTTP requests to include the management status data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Goodman, Adam, Hanley, Michael, Johnson, Peter, Abduljaber, Omar, Barclay, James
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
MURPHY, JOSEPH B

Application Number

US15/626,421
Publication Number

US 20180007046A1
Time in Patent Office

372 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/205   involving negotiation or de...

H04L 67/02   based on web technology, e....

H04W 12/06   Authentication

H04W 12/08   Access security

Systems and methods for endpoint management classification

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for endpoint management classification

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links