Systems and methods for implementing security

US 10,027,650 B2
Filed: 05/13/2016
Issued: 07/17/2018
Est. Priority Date: 08/09/2011
Status: Active Grant

First Claim

Patent Images

1. A first computer system comprising:

one or more processing units;

memory, coupled to at least one of the one or more processing units, wherein the memory stores an operating system, and wherein the operating system is executed by the one or more processing units; and

one or more programs that run within the operating system, wherein a first program of the one or more programs is an agent that is executed by at least one of the one or more processing units, and wherein the agent includes instructions for;

initiating a communication with a remote security system in order to obtain an authentication token that is uniquely associated with the agent;

receiving a plurality of executable instructions from the remote security server according to a security policy assigned to the agent, wherein the instructions are received through an encrypted communication channel between the agent and the remote security system, and wherein the encrypted communication channel uses the authentication token; and

executing, at the first computer system, the plurality of received executable instructions, thereby implementing a security policy of the assigned security policy, wherein the agent initiates all communication with the remote computer system, the remote computer system cannot initiate communication with the agent, and the remote computer system identifies the executable instructions for the agent by placing them in a command queue associated with the agent.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and method are provided in accordance with one or more processes that run within an operating system, in which a first process of the one or more processes is an agent that encodes instructions for obtaining an authentication token uniquely associated with the agent. The agent collects security information about a first computer system running the one or more processes according to one or more commands received from a remote security system. The collected information is transmitted to the remote security system on an encrypted communication channel between the agent and the remote security system using the authentication token. Executable instructions are received through the encrypted communication channel at the first computer from the remote server according to a security policy assigned to the agent. The received executable instructions are executed at the first computer system, thereby implementing the assigned security policy.

134 Citations

27 Claims

1. A first computer system comprising:
- one or more processing units;
  
  memory, coupled to at least one of the one or more processing units, wherein the memory stores an operating system, and wherein the operating system is executed by the one or more processing units; and
  
  one or more programs that run within the operating system, wherein a first program of the one or more programs is an agent that is executed by at least one of the one or more processing units, and wherein the agent includes instructions for;
  
  initiating a communication with a remote security system in order to obtain an authentication token that is uniquely associated with the agent;
  
  receiving a plurality of executable instructions from the remote security server according to a security policy assigned to the agent, wherein the instructions are received through an encrypted communication channel between the agent and the remote security system, and wherein the encrypted communication channel uses the authentication token; and
  
  executing, at the first computer system, the plurality of received executable instructions, thereby implementing a security policy of the assigned security policy, wherein the agent initiates all communication with the remote computer system, the remote computer system cannot initiate communication with the agent, and the remote computer system identifies the executable instructions for the agent by placing them in a command queue associated with the agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The first computer system of claim 1 wherein the agent further includes instructions for:
    - collecting security information about the first computer system according to one or more commands of the plurality of executable instructions of the security policy; and
      
      transmitting the collected security information to the remote security system on the encrypted communication channel.
  - 3. The first computer system of claim 2, wherein the collected security information identifies name-value pairs associated with the one or more processes or name-value pairs for privileges associated with the first computer system.
  - 4. The first computer system of claim 2, wherein the collected security information includes a plurality of data points related to forensic analysis for detection of compromise of the first computer system.
  - 5. The first computer system of claim 2, wherein the collected security information identifies what ports the one or more processes are listening on.
  - 6. The first computer system of claim 2, wherein transmitting the collected information uses private information shared but not exchanged with the remote security system to digitally sign and encrypt the collected information prior to transmitting.
  - 7. The first computer system of claim 2, wherein the collected information identifies configurations of the one or more programs.
  - 8. The first computer system of claim 2, wherein the collected security information includes data related to the integrity of programs and data structures resident on the first computer system.
  - 9. The computer system of claim 2, whereinthe receiving the plurality of executable instructions comprises obtaining the plurality of executable instructions from the command queue uniquely associated with the agent.
  - 10. The first computer system of claim 1, wherein the command queue is encrypted.
  - 11. The first computer system of claim 10, wherein the command queue is encrypted using the authentication token.
  - 12. The first computer system of claim 1, wherein the plurality of executable instructions include updates to a firewall policy for the first computer system.
  - 13. The first computer system of claim 1, wherein the plurality of executable instructions include updates to user privileges for the first computer system.
  - 14. The first computer system of claim 1, wherein the plurality of executable instructions include delivery of data values related to cryptographic operations to be conducted on the first computer system to access persistent data on the first computer system.
  - 15. The first computer system of claim 1, wherein the plurality of executable instructions include instructions for retrieval and use of data values related to cryptographic operations to be conducted on the first computer system in order to access persistent data on the first computer system.
  - 16. The first computer system of claim 1, wherein the plurality of executable instructions perform one of (i) a check a status of a setting associated with a file stored in the memory, (ii) a check a setting of a directory stored in the memory, (iii) a check a password associated with a user of the first computer system, or (iv) a check a password associated with a group of users of the first computer system.
  - 17. The first computer system of claim 1, wherein the plurality of executable instructions include updates to implement a failsafe action on the first computer system in the event of security compromise of the first computer system.
  - 18. The first computer system of claim 17, wherein the failsafe action comprises sending an administrator an alert, shutting down of a virtual machine on the first computer system, shutting down the agent, sending an alert to a user by e-mail, initiating forensic data collection on the first computer system, updating a firewall rule for the first computer system, or updating a configuration parameter on the first computer system.
  - 19. The first computer system of claim 1, wherein there is private information shared but not exchanged with the remote security system and wherein the authentication token and the shared private information enable the encrypted communication channel.
  - 20. The first computer system of claim 1, wherein the operating system and the one or more programs run within a first virtual machine within the memory.
  - 21. The first computer system of claim 20, wherein the first virtual machine is one of a plurality of virtual machines running on the first computer system.
  - 22. The first computer system of claim 21, wherein the assigned security policy encompasses the plurality of virtual machines running on the first computer system.
  - 23. The first computer system of claim 1, wherein the assigned security policy encompasses a plurality of computer systems, including the first computer system.
  - 24. The first computer system of claim 1, whereinthe one or more programs run within a virtual machine,the plurality of executable instructions comprises a first command set and a second command set,the first command set includes a first command to check a state of the operating system, andthe second command set includes a second command to check a state of a program in the one or more programs or a state of a data structure stored in the memory.
  - 25. The first computer system of claim 1, wherein the plurality of executable instructions include an action command, and wherein, subsequent to execution of the action command, the execution status of the action command is transmitted to the remote security system.
  - 26. The first computer system of claim 1, whereinthe operating system is running in a virtual machine,the plurality of executable instructions includes an action command, andthe action command specifies:
    - (i) deleting, moving, or renaming of a file, combination of files, or a directory in the memory,(ii) altering a privilege of a user of the virtual machine,(iii) changing a time interval upon which the action command is re-executed,(iv) purging a cache associated with the virtual machine,(v) changing a priority of a process in the one or more programs,(vi) deleting or adding a user account associated with the virtual machine,(vii) reinitializing the virtual machine,(viii) activating or deactivating a firewall associated with the virtual machine,(ix) activating or deactivating a rule within a firewall associated with the virtual machine, or(x) changing a configuration parameter within the operating system.
  - 27. The first computer system of claim 1, wherein the executable instructions include modifications to a multi-factor authentication policy domain that controls the security of the first computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Runway Growth Finance Corporation
Original Assignee
CloudPassage Inc.
Inventors
Sweet, Carson, Geraymovych, Vitaliy
Primary Examiner(s)
Su, Sarah

Application Number

US15/154,730
Publication Number

US 20170070499A1
Time in Patent Office

795 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

Systems and methods for implementing security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

134 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for implementing security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

134 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links