Systems and methods for implementing security

US 10,454,916 B2
Filed: 06/18/2018
Issued: 10/22/2019
Est. Priority Date: 08/09/2011
Status: Active Grant

First Claim

Patent Images

1. A computer security system comprising:

one or more processing units;

a memory; and

one or more programs stored in the memory and configured for execution by the one or more processing units, the one or more programs including instructions for;

(a) transmitting a first set of commands to a first agent program running within a first operating system within a first virtual machine on a first remote computer distinct from the computer security system, wherein the transmitting (a) uses a first encrypted communication channel between the computer security system and the first virtual machine, and wherein the first encrypted communication channel is formed using a first API key; and

(b) transmitting the first set of commands to a second agent program running within a second operating system within a second virtual machine on a second remote computer distinct from the computer security system, wherein the transmitting (b) uses a second encrypted communication channel between the computer security system and the second virtual machine, the second encrypted communication channel is formed using the first API key, the first set of commands is associated with a first policy domain, in a plurality of policy domains, and wherein the first policy domain comprises the first virtual machine and the second virtual machine, and is uniquely associated with the first API key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and method are provided in accordance with one or more processes that run within an operating system, in which a first process of the one or more processes is an agent that encodes instructions for obtaining an authentication token uniquely associated with the agent. The agent collects security information about a first computer system running the one or more processes according to one or more commands received from a remote security system. The collected information is transmitted to the remote security system on an encrypted communication channel between the agent and the remote security system using the authentication token. Executable instructions are received through the encrypted communication channel at the first computer from the remote server according to a security policy assigned to the agent. The received executable instructions are executed at the first computer system, thereby implementing the assigned security policy.

141 Citations

20 Claims

1. A computer security system comprising:
- one or more processing units;
  
  a memory; and
  
  one or more programs stored in the memory and configured for execution by the one or more processing units, the one or more programs including instructions for;
  
  (a) transmitting a first set of commands to a first agent program running within a first operating system within a first virtual machine on a first remote computer distinct from the computer security system, wherein the transmitting (a) uses a first encrypted communication channel between the computer security system and the first virtual machine, and wherein the first encrypted communication channel is formed using a first API key; and
  
  (b) transmitting the first set of commands to a second agent program running within a second operating system within a second virtual machine on a second remote computer distinct from the computer security system, wherein the transmitting (b) uses a second encrypted communication channel between the computer security system and the second virtual machine, the second encrypted communication channel is formed using the first API key, the first set of commands is associated with a first policy domain, in a plurality of policy domains, and wherein the first policy domain comprises the first virtual machine and the second virtual machine, and is uniquely associated with the first API key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer security system of claim 1, wherein the first remote computer and the second remote computer are the same remote computer.
  - 3. The computer security system of claim 1, wherein the first remote computer and the second remote computer are different remote computers.
  - 4. The computer security system of claim 1, wherein the one or more programs further comprise instructions for:
    - (c) transmitting a second set of commands to a third agent program running within a third operating system within a third virtual machine on a third remote computer distinct from the computer security system, wherein the transmitting (a) uses a third encrypted communication channel between the computer security system and the third virtual machine, the third encrypted communication channel is formed using a second API key, the third set of commands is associated with a second policy domain, in the plurality of policy domains, and wherein the second policy domain includes the third virtual machine and the second API key.
  - 5. The computer security system of claim 4, wherein the second policy domain includes a virtual machine that is not included in the first policy domain.
  - 6. The computer security system of claim 1, wherein the one or more programs further comprise instructions for displaying a management console at the computer security system, wherein the management console allows a user to create, modify or delete one or more policy domains in the plurality of policy domains.
  - 7. The computer security system of claim 6, wherein the modifying the one or more policy domains in the plurality of policy domains includes modifying a frequency with which one or more commands are executed by the first agent program or the second agent program.
  - 8. The computer security system of claim 6, wherein the modifying the one or more policy domains in the plurality of policy domains includes modifying a frequency with which a sweep is executed by the first agent program or the second agent program.
  - 9. The computer security system of claim 6, wherein the creating, modifying, or deleting one or more policy domains comprises creating, modifying, or deleting one or more rules of a respective policy domain in the plurality of policy domains.
  - 10. The computer security system of claim 6, wherein the creating, modifying, or deleting one or more policy domains comprises configuring one or more parameters associated with a module of each virtual machine of a policy domain in the plurality of policy domains.
  - 11. The computer security system of claim 6, wherein the management console is inaccessible from the remote computer.
  - 12. The computer security system of claim 1, wherein the computer security system is a plurality of load balanced computers that interface with a plurality of virtual machines associated with the plurality of policy domains.
  - 13. The computer security system of claim 1, wherein the transmitting the first set of commands to the first agent program and the second agent program comprises placing the first set of commands in a first command queue associated with the first agent program and the second agent program for retrieval by the first agent program and the second agent program.
  - 14. The computer security system of claim 1, whereinthe transmitting the first set of commands to the first agent program comprises placing the first set of command in a first command queue associated with the first agent program for retrieval by the first agent program using the first encrypted communication channel, andthe transmitting the first set of commands to the second agent program comprises placing the first set of command in a second command queue associated with the second agent program for retrieval by the second agent program using the second encrypted communication channel.
  - 15. The computer security system of claim 1, wherein the first operating system and the second operating system are different operating systems.
  - 16. The computer security system of claim 1, wherein the one or more programs further comprise instructions for:
    - (c) receiving information from the first agent program or the second agent program as a result of executing the first set of commands.
  - 17. The computer security system of claim 16, wherein the (c) receiving further comprises applying the information against one or more rules stored on the computer system to determine if a rule in a plurality of stored rules has failed.

18. A computer security system comprising:
- one or more processing units;
  
  a memory; and
  
  one or more programs stored in the memory and configured for execution by the one or more processing units, the one or more programs including instructions for;
  
  (a) transmitting a first set of commands to a first agent program running within a first operating system within a first virtual machine on a first remote computer distinct from the computer security system, wherein the transmitting (a) uses a first encrypted communication channel between the computer security system and the first virtual machine, and wherein the first encrypted communication channel is formed using a first API key, wherein the first set of commands is associated with a first policy domain, in a plurality of policy domains, and wherein the first policy domain comprises the first virtual machine and the first API key; and
  
  (b) transmitting a second set of commands to a second agent program running within a second operating system within a second virtual machine on a second remote computer distinct from the computer security system, wherein the transmitting (a) uses a second encrypted communication channel between the computer security system and the second virtual machine, wherein the second encrypted communication channel is formed using a second API key, the second set of commands is associated with a second policy domain, in the plurality of policy domains, and wherein the second policy domain includes the second virtual machine and is uniquely associated with the second API key.
- View Dependent Claims (19, 20)
- - 19. The computer security system of claim 18, the one or more programs further comprise instructions for:
    - (c) transmitting a third set of commands to a third agent program running within a third operating system within a third virtual machine on a third remote computer distinct from the computer security system, wherein the transmitting (c) uses a third encrypted communication channel between the computer security system and the third virtual machine, wherein the third encrypted communication channel is formed using a third API key, the third set of commands is associated with a third policy domain, in the plurality of policy domains, and wherein the third policy domain includes the third virtual machine and the third API key.
  - 20. The computer security system of claim 18, whereinthe transmitting the first set of commands to the first agent program comprises placing the first set of commands in a first command queue associated with the first agent program for retrieval by the first agent program using the first encrypted communication channel, andthe transmitting the second set of commands to the second agent program comprises placing the first set of commands in a second command queue associated with the second agent program for retrieval by the second agent program using the second encrypted communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Runway Growth Finance Corporation
Original Assignee
CloudPassage Inc.
Inventors
Sweet, Carson, Geraymovych, Vitaliy
Primary Examiner(s)
Su, Sarah

Application Number

US16/011,285
Publication Number

US 20190173870A1
Time in Patent Office

491 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

Systems and methods for implementing security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for implementing security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links