Network appliance for vulnerability assessment auditing over multiple networks

US 10,154,057 B2
Filed: 03/24/2016
Issued: 12/11/2018
Est. Priority Date: 01/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method to manage an audit by an audit device, comprising:

initiating, by the audit device, communication between an audit extension device and the audit device for the audit by sending a request for the audit to be performed on a computing asset through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the computing asset, wherein the computing asset is separate from the audit device;

receiving, by the audit device, an audit result of the audit from the audit extension device through the security perimeter;

determining, by the audit device, whether the audit result indicates that the computing asset satisfies a security policy;

instructing, by the audit device, the audit extension device to quarantine the computing asset in a quarantined network in response to the computing asset failing to satisfy the security policy; and

relinquishing, by the audit device, operations to the audit extension device, in response to the computing asset failing to satisfy the security policy.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device'"'"'s audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.

61 Citations

View as Search Results

18 Claims

1. A method to manage an audit by an audit device, comprising:
- initiating, by the audit device, communication between an audit extension device and the audit device for the audit by sending a request for the audit to be performed on a computing asset through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the computing asset, wherein the computing asset is separate from the audit device;
  
  receiving, by the audit device, an audit result of the audit from the audit extension device through the security perimeter;
  
  determining, by the audit device, whether the audit result indicates that the computing asset satisfies a security policy;
  
  instructing, by the audit device, the audit extension device to quarantine the computing asset in a quarantined network in response to the computing asset failing to satisfy the security policy; and
  
  relinquishing, by the audit device, operations to the audit extension device, in response to the computing asset failing to satisfy the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising removing the computing asset, by the audit extension device, from the quarantined network in response to the audit result indicating that the computing asset satisfies the security policy.
  - 3. The method of claim 1, further comprising isolating, by a switch, selected network traffic between the quarantined network and other networks and devices.
  - 4. The method of claim 1, further comprising the audit device assuming the operations of the audit extension device, in response to at least one of:
    - the computing asset satisfying the security policy, ora network device assuming operations of the audit device.
  - 5. The method of claim 1, wherein the computing asset is on a same side of the security perimeter as the audit extension device.
  - 6. The method of claim 1, wherein the request for the audit further includes at least one of a request for a configuration, a probe, or a request for a resource associated with the computing asset.
  - 7. The method of claim 1, wherein at least one of the receiving the request for the audit or the sending the result of the audit is performed through a secure network path.
  - 8. The method of claim 1, wherein the computing asset is on a different networking side of the security perimeter as the audit extension device.

9. A method to manage an audit by an audit extension device, comprising:
- receiving, by the audit extension device, a request for the audit to be performed on a computing asset through a security perimeter from an audit device, the request for the audit including a request for information to be provided by the computing asset, wherein the computing asset is separate from the audit device;
  
  sending, by the audit extension device, an audit result of the audit through the security perimeter to the audit device, wherein the audit device determines whether the audit result satisfies a security policy;
  
  receiving, by the audit extension device, instructions to quarantine the computing asset in a quarantined network in response to the computing asset failing to satisfy the security policy; and
  
  assuming operations of the audit device, by the audit extension device, in response to the computing asset failing to satisfy the security policy.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising removing the computing asset, by the audit extension device, from the quarantined network in response to the audit result indicating that the computing asset satisfies the security policy.
  - 11. The method of claim 9, further comprising isolating, by a switch, selected network traffic between the quarantined network and other networks and devices.
  - 12. The method of claim 9, further comprising relinquishing operations to the audit device, by the audit extension device, in response to at least one of:
    - the computing asset satisfying the security policy, ora network device assuming operations of the audit device.
  - 13. The method of claim 9, wherein the computing asset is on a same side of the security perimeter as the audit extension device.
  - 14. The method of claim 9, wherein the request for the audit further includes at least one of a request for a configuration, a probe, or a request for a resource associated with the computing asset.
  - 15. The method of claim 9, wherein at least one of the receiving the request for the audit or the sending the result of the audit is performed through a secure network path.
  - 16. The method of claim 9, wherein the computing asset is on a different networking side of the security perimeter as the audit extension device.

17. A system to manage an audit, comprising:
- an audit extension device; and
  
  an audit device, configured to;
  
  initiate communication with the audit extension device for the audit by sending a request for the audit to be performed on a computing asset through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the computing asset, wherein the computing asset is separate from the audit device,receive an audit result of the audit from the audit extension device through the security perimeter,determine whether the audit result indicates that the computing asset satisfies a security policy, andinstruct the audit extension device to quarantine the computing asset in a quarantined network in response to the computing asset failing to satisfy the security policy,wherein the audit extension device is configured to assume operations of the audit device, in response to the computing asset failing to satisfy the security policy.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the audit extension device is configured torelinquish operations to the audit device, in response to at least one of:
    - the computing asset satisfying the security policy, ora network device assuming operations of the audit device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Inventors
Webb, Evan M., Boscolo, Christopher D., Gilde, Robert G.
Primary Examiner(s)
Kim, Tae K

Application Number

US15/079,224
Publication Number

US 20160205129A1
Time in Patent Office

992 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Network appliance for vulnerability assessment auditing over multiple networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network appliance for vulnerability assessment auditing over multiple networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links