System and method for performing remote security assessment of firewalled computer

US 10,015,187 B2
Filed: 08/29/2016
Issued: 07/03/2018
Est. Priority Date: 08/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing an endpoint device comprising a web browser in communication with a network;

providing a scanner server in communication with the network, wherein the scanner server comprises a scanner engine;

establishing a secure layer connection between the scanner engine of the scanner server and a web browser plug-in of the endpoint device;

transmitting commands for collecting data associated with the endpoint device from the scanner engine to the web browser plug-in via the secure layer connection;

receiving data associated with the endpoint device at the scanner engine and from the web browser plug-in via the secure layer connection, wherein the received data was collected using the web browser plug-in;

analyzing the received data using the scanner engine to assess a current security vulnerability posture of the endpoint device;

identifying, using the scanner engine, an update for the endpoint device based on analyzing the received data; and

transmitting the update from the scanner engine to the endpoint device,wherein the scanner server is coupled to the network through a proxy server,wherein the proxy server takes over the secure layer connection in response to the web browser plug-in of the endpoint device no longer being in communication with the scanner engine of the scanner server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

Citations

20 Claims

1. A method comprising:
- providing an endpoint device comprising a web browser in communication with a network;
  
  providing a scanner server in communication with the network, wherein the scanner server comprises a scanner engine;
  
  establishing a secure layer connection between the scanner engine of the scanner server and a web browser plug-in of the endpoint device;
  
  transmitting commands for collecting data associated with the endpoint device from the scanner engine to the web browser plug-in via the secure layer connection;
  
  receiving data associated with the endpoint device at the scanner engine and from the web browser plug-in via the secure layer connection, wherein the received data was collected using the web browser plug-in;
  
  analyzing the received data using the scanner engine to assess a current security vulnerability posture of the endpoint device;
  
  identifying, using the scanner engine, an update for the endpoint device based on analyzing the received data; and
  
  transmitting the update from the scanner engine to the endpoint device,wherein the scanner server is coupled to the network through a proxy server,wherein the proxy server takes over the secure layer connection in response to the web browser plug-in of the endpoint device no longer being in communication with the scanner engine of the scanner server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the endpoint device is protected from the network with a firewall.
  - 3. The method of claim 1, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint device in initiating the collection of the received data.
  - 4. The method of claim 1, wherein the secure layer connection encrypts at least one of the commands for collecting data associated with the endpoint device, the received data associated with the endpoint device, and the update for the endpoint device.
  - 5. The method of claim 1, wherein the update comprises virus definition update.
  - 6. The method of claim 1, wherein the secure layer connection is established without requiring credentialed access.
  - 7. The method of claim 1, wherein the secure layer connection is switched back from the proxy server to the web browser plug-in of the endpoint device.

8. A scanning server comprising:
- at least one computer readable storage including instructions; and
  
  at least one processing device configured to execute the instructions, wherein executing the instructions causes the at least one processing device to perform the operations of;
  
  establishing a secure layer connection between a scanner engine comprised in the scanner server and a web browser plug-in of an endpoint device, wherein each of the scanning server and the endpoint device are in communication with a network;
  
  transmitting commands for collecting data associated with the endpoint device from the scanner engine to the web browser plug-in via the secure layer connection;
  
  receiving data associated with the endpoint device at the scanner engine and from the web browser plug-in via the secure layer connection, wherein the received data was collected using the web browser plug-in;
  
  analyzing the received data using the scanner engine to assess a current security vulnerability posture of the endpoint device;
  
  identifying, using the scanner engine, an update for the endpoint device based on analyzing the received data; and
  
  transmitting the update from the scanner engine to the endpoint device,wherein the scanner server is coupled to the network through a proxy server,wherein the proxy server takes over the secure layer connection in response to the web browser plug-in of the endpoint device no longer being in communication with the scanner engine of the scanner server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The scanning server of claim 8, wherein the endpoint device is protected from the network with a firewall.
  - 10. The scanning server of claim 8, wherein the endpoint device comprises a web browser, and wherein the web browser comprises a graphical user interface for use by a user of the endpoint device in initiating the collection of the received data.
  - 11. The scanning server of claim 8, wherein the secure layer connection encrypts at least one of the commands for collecting data associated with the endpoint device, the received data associated with the endpoint device, and the update for the endpoint device.
  - 12. The scanning server of claim 8, wherein the update comprises virus definition updates.
  - 13. The method of claim 8, wherein the secure layer connection is established without requiring credentialed access.
  - 14. The scanning server of claim 8, wherein the secure layer connection is switched back from the proxy server to the web browser plug-in of the endpoint device.

15. A system comprising:
- an endpoint device comprising a web browser in communication with a network;
  
  a scanner server in communication with the network, wherein the scanner server comprises a scanning engine for conducting scans of the endpoint device, wherein conducting scans of the endpoint device comprises;
  
  establishing a secure layer connection between the scanner engine of the scanner server and a web browser plug-in of the endpoint device;
  
  transmitting commands for collecting data associated with the endpoint device from the scanner engine to the web browser plug-in via the secure layer connection;
  
  receiving data associated with the endpoint device at the scanner engine and from the web browser plug-in via the secure layer connection, wherein the received data was collected using the web browser plug-in;
  
  analyzing the received data using the scanner engine to assess a current security vulnerability posture of the endpoint device;
  
  identifying, using the scanner engine, an update for the endpoint device based on analyzing the received data; and
  
  transmitting the update from the scanner engine to the endpoint device,wherein the scanner server is coupled to the network through a proxy server,wherein the proxy server takes over the secure layer connection in response to the web browser plug-in of the endpoint device no longer being in communication with the scanner engine of the scanner server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the endpoint device is protected from the network with a firewall.
  - 17. The system of claim 15, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint device in initiating the collection of the received data.
  - 18. The system of claim 15, wherein the secure layer connection encrypts at least one of the commands for collecting data associated with the endpoint device, the received data associated with the endpoint device, and the update for the endpoint device.
  - 19. The system of claim 15, wherein the update comprises virus definition updates.
  - 20. The system of claim 15, wherein the secure layer connection is switched back from the proxy server to the web browser plug-in of the endpoint device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualys Incorporated
Original Assignee
Qualys Incorporated
Inventors
Ali-Ahmad, Wissam, Kandek, Wolfgang, Kruse, Holger, Dewan, Vikas, Mazboudi, Khair-ed-dine, Jampani, Ganesh, Okumura, Kenneth K.
Primary Examiner(s)
Powers, William S

Application Number

US15/250,300
Publication Number

US 20170180409A1
Time in Patent Office

673 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 3/048   Interaction techniques base...

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links