Systems and methods for dynamically validating remote requests within enterprise networks

US 10,284,564 B1
Filed: 11/15/2018
Issued: 05/07/2019
Est. Priority Date: 02/16/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for dynamically validating a remote request within an enterprise network including a target system and a remote system, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

receiving, by the target system and from the remote system, the remote request for access to a portion of the target system, the target system and the remote system performing direct Peer-to-Peer (P2P) communications with one another within the enterprise network;

performing, by the target system directly with the remote system, a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;

querying, by the target system, the remote system for contextual information about the remote system; and

in response to the query, receiving, by the target system and from the remote system, the contextual information;

determining, by the target system, a trustworthiness of the remote request based at least in part on the received contextual information; and

based on determining that the remote request is trusted, granting, by the target system and to the remote system, access to the portion of the target system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for dynamically validating remote requests within enterprise networks may include (1) receiving, on a target system within an enterprise network, a request to access a portion of the target system from a remote system within the enterprise network, (2) performing a validation operation to determine whether the remote system is trustworthy to access the portion of the target system by (A) querying an enterprise security system to authorize the request from the remote system and (B) receiving, from the enterprise security system in response to the query, a notification indicating whether the remote system is trustworthy to access the portion of the target system, and then (3) determining whether to grant the request based at least in part on the notification received from the enterprise security system as part of the validation operation. Various other methods, systems, and computer-readable media are also disclosed.

97 Citations

View as Search Results

18 Claims

1. A computer-implemented method for dynamically validating a remote request within an enterprise network including a target system and a remote system, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving, by the target system and from the remote system, the remote request for access to a portion of the target system, the target system and the remote system performing direct Peer-to-Peer (P2P) communications with one another within the enterprise network;
  
  performing, by the target system directly with the remote system, a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;
  
  querying, by the target system, the remote system for contextual information about the remote system; and
  
  in response to the query, receiving, by the target system and from the remote system, the contextual information;
  
  determining, by the target system, a trustworthiness of the remote request based at least in part on the received contextual information; and
  
  based on determining that the remote request is trusted, granting, by the target system and to the remote system, access to the portion of the target system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the target system and the remote system are Endpoint Protection and Response enabled (EDR-enabled) host systems.
  - 3. The method of claim 2, wherein the target system includes an EDR agent.
  - 4. The method of claim 3, wherein determining, by the target system, the trustworthiness of the remote request includes the target system utilizing the EDR agent.
  - 5. The method of claim 1,further comprising determining, by the target system, a trustworthiness of the remote system based at least in part on the received contextual information;
    - andwherein granting access to the portion of the target system is further based on determining that the remote system is trusted.
  - 6. The method of claim 1, wherein the contextual information identifies an action requested by the remote system in connection with the remote request, and supplemental data related to the action requested by the remote system in connection with the remote request.
  - 7. The method of claim 1, wherein the remote request comprises at least one of:
    - a request to launch a process on the target system;
      
      a request to access data stored on the target system;
      
      a request to write data to the target system;
      
      a request to transfer an executable to the target system;
      
      ora request to transfer data from the target system to an additional device outside the enterprise network.
  - 8. The method of claim 1, further comprising, based on determining, by the target system, that the remote request is not trusted, not granting, by the target system and to the remote system, access to the portion of the target system.

9. A system for dynamically validating a remote request within an enterprise network that includes a target system and a remote system, the system comprising:
- a request module, stored in memory in the target system, that receives from the remote system the remote request for access to a portion of the target system, the target system and the remote system performing direct Peer-to-Peer (P2P) communications with one another within the enterprise network;
  
  a validation module, stored in the memory in the target system, that performs a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;
  
  querying, by the target system, the remote system for contextual information about the remote system; and
  
  in response to the query, receiving, by the target system and from the remote system, the contextual information;
  
  a security module, stored in the memory in the target system, that determines a trustworthiness of the remote request based at least in part on the received contextual information, and that grants to the remote system access to the portion of the target system based on determining that the remote request is trusted; and
  
  at least one physical processor that executes the request module, the validation module, and the security module.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the target system and the remote system are Endpoint Protection and Response enabled (EDR-enabled) host systems.
  - 11. The system of claim 10, wherein the target system includes an EDR agent.
  - 12. The system of claim 11, wherein determining, by the security module, the trustworthiness of the remote request includes the security module interfacing with the EDR agent.
  - 13. The system of claim 9,further comprising determining, by the target system, a trustworthiness of the remote system based at least in part on the received contextual information;
    - andwherein granting access to the portion of the target system is further based on determining that the remote system is trusted.
  - 14. The system of claim 9, wherein the contextual information identifies an action requested by the remote system in connection with the remote request, and supplemental data related to the action requested by the remote system in connection with the remote request.
  - 15. The system of claim 9, wherein the remote request comprises at least one of:
    - a request to launch a process on the target system;
      
      a request to access data stored on the target system;
      
      a request to write data to the target system;
      
      a request to transfer an executable to the target system;
      
      ora request to transfer data from the target system to an additional device outside the enterprise network.
  - 16. The system of claim 9, further comprising, based on determining, by the target system, that the remote request is not trusted, not granting, by the target system and to the remote system, access to the portion of the target system.

17. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive, by a target system and from a remote system, a remote request for access to a portion of the target system, the target system and the remote system performing direct Peer-to-Peer (P2P) communications with one another within an enterprise network;
  
  perform, by the target system directly with the remote system, a validation operation to determine whether the remote system is trustworthy to access the portion of the target system, the validation operation comprising;
  
  querying, by the target system, the remote system for contextual information about the remote system; and
  
  in response to the query, receiving, by the target system and from the remote system, the contextual information;
  
  determine, by the target system, a trustworthiness of the remote request based at least in part on the received contextual information; and
  
  based on determining that the remote request is trusted, grant, by the target system and to the remote system, access to the portion of the target system.
- View Dependent Claims (18)
- - 18. The non-transitory computer-readable medium of claim 17, wherein the target system and the remote system are Endpoint Protection and Response enabled (EDR-enabled) host systems.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Roundy, Kevin Alejandro, Gates, Christopher, Viljoen, Petrus Johannes
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Gundry, Stephen T

Application Number

US16/192,653
Time in Patent Office

173 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/10   for controlling access to d...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/52   specially adapted for the l...

Systems and methods for dynamically validating remote requests within enterprise networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for dynamically validating remote requests within enterprise networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links