Scalable cloud-based endpoint security system

US 10,511,634 B2
Filed: 01/29/2018
Issued: 12/17/2019
Est. Priority Date: 07/31/2017
Status: Active Grant

First Claim

Patent Images

1. A method for updating a security policy on a plurality of endpoints in a networked computer environment, the method comprising:

receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network;

generating a connection request message identifying the plurality of endpoints targeted by the command;

identifying, by a communication server, a target endpoint identified by the connection request message;

sending, by the communication server, the connection request message to the identified endpoint via a persistent connection;

receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message;

establishing a temporary connection between the API server and the identified endpoint in response to the request; and

communicating, by the API server, the command to the identified endpoint over the temporary connection.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A scalable cloud-based endpoint security system facilitates a security policy on a plurality of endpoints. Configuration data or commands for implementing a security policy are entered via a web browser of an administrative client device and received at a cloud server. An API server generates a message to a queue of a publication/subscription server that publishes the messages from the queue to one or more subscribing communication servers. A communication server sends the message to an endpoint targeted by the message via a persistent connection that the communication server maintains with the endpoint. In response to the message, the endpoint establishes a connection to the API server. The API server then distributes the configuration data or commands to the endpoint.

19 Citations

20 Claims

1. A method for updating a security policy on a plurality of endpoints in a networked computer environment, the method comprising:
- receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network;
  
  generating a connection request message identifying the plurality of endpoints targeted by the command;
  
  identifying, by a communication server, a target endpoint identified by the connection request message;
  
  sending, by the communication server, the connection request message to the identified endpoint via a persistent connection;
  
  receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message;
  
  establishing a temporary connection between the API server and the identified endpoint in response to the request; and
  
  communicating, by the API server, the command to the identified endpoint over the temporary connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - updating, by the API server, a database based on the command, the database storing configuration information relating to the plurality of endpoints.
  - 3. The method of claim 1, wherein the API server and communication server are implemented as virtual servers in a cloud computing environment coupled to the endpoints over a wide area network.
  - 4. The method of claim 1, further comprising:
    - detecting a set of new endpoints joining the enterprise network;
      
      responsive to the detecting the set of new endpoint, generating a number of a new virtual server instances of the communication server, the number of new virtual server instances based on a number of the new endpoints; and
      
      assigning each of the new virtual server instances to a subset of the new endpoints.
  - 5. The method of claim 1, wherein the persistent connection maintained between the communication server and the endpoints is a WebSocket connection.
  - 6. The method of claim 1, further comprising:
    - the API server receiving, from the identified endpoint, an identifier for the received message;
      
      performing a comparison, by the API server, of the received identifier to message identifiers saved in a data store associated with the identified endpoint;
      
      determining, at the API server, whether the identified endpoint missed one or more prior commands intended for the identified endpoint based on the comparison; and
      
      providing, by the API server, the identified endpoint with the missed one or more prior commands.
  - 7. The method of claim 1, wherein the command comprises a command to perform at least one of:
    - updating an endpoint agent executing on the identified endpoint, updating a configuration parameter associated with an endpoint agent executing on the identified endpoint, reconfiguring a firewall setting on the identified endpoint, changing a scheduled scanning frequency of the identified endpoint, disabling or enabling security features of the endpoint agent executing on the identified endpoint, and requesting status information from the identified endpoint.

8. A non-transitory computer-readable storage medium storing instructions for updating a security policy on a plurality of endpoints in a networked computer environment, the instructions when executed by one or more processors causing the one or more processors to perform steps comprising:
- receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network;
  
  generating a connection request message identifying the plurality of endpoints targeted by the command;
  
  identifying, by a communication server, a target endpoint identified by the connection request message;
  
  sending, by the communication server, the connection request message to the identified endpoint via a persistent connection;
  
  receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message;
  
  establishing a temporary connection between the API server and the identified endpoint in response to the request; and
  
  communicating, by the API server, the command to the identified endpoint over the temporary connection.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable storage medium of claim 8, the steps further comprising:
    - updating, by the API server, a database based on the security policy, the database storing configuration information relating to the plurality of endpoints.
  - 10. The non-transitory computer-readable storage medium of claim 8, wherein the API server and communication server are implemented as virtual servers in a cloud computing environment coupled to the endpoints over a wide area network.
  - 11. The non-transitory computer-readable storage medium of claim 8, the steps further comprising:
    - detecting a set of new endpoints joining the enterprise network;
      
      responsive to the detecting the set of new endpoint, generating a number of a new virtual server instances of the communication server, the number of new virtual server instances based on a number of the new endpoints; and
      
      assigning each of the new virtual server instances to a subset of the new endpoints.
  - 12. The non-transitory computer-readable storage medium of claim 8, wherein the persistent connection maintained between the communication server and the endpoint is a Web Socket connection.
  - 13. The non-transitory computer-readable storage medium of claim 8, the steps further comprising:
    - the API server receiving, from the identified endpoint, an identifier for the received message;
      
      performing a comparison, by the API server, of the received identifier to message identifiers saved in a data store associated with the identified endpoint;
      
      determining, at the API server, whether the identified endpoint missed one or more prior commands intended for the identified endpoint based on the comparison; and
      
      providing, by the API server, the identified endpoint with the missed one or more prior commands.
  - 14. The non-transitory computer-readable storage medium of claim 8, wherein the command comprises a command to perform at least one of:
    - updating an endpoint agent executing on the identified endpoint, updating a configuration parameter associated with an endpoint agent executing on the identified endpoint, reconfiguring a firewall setting on the identified endpoint, changing a scheduled scanning frequency of the identified endpoint, disabling or enabling security features of the endpoint agent executing on the identified endpoint, and requesting status information from the identified endpoint.

15. A security system for implementing a security policy on a plurality of endpoints in a networked computer environment, the security system comprising:
- one or more computer processors; and
  
  one or more non-transitory computer-readable storage media, the storage media storing computer program instructions executable by the one or more computer processors to perform steps comprising;
  
  receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network;
  
  generating a connection request message identifying the plurality of endpoints targeted by the command;
  
  identifying, by a communication server, a target endpoint identified by the connection request message;
  
  sending, by the communication server, the connection request message to the identified endpoint via a persistent connection;
  
  receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message;
  
  establishing a temporary connection between the API server and the identified endpoint in response to the request; and
  
  communicating, by the API server, the command to the identified endpoint over the temporary connection.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The security system of claim 15, the steps further comprising:
    - updating, by the API server, a database based on the command, the database storing configuration information relating to the plurality of endpoints.
  - 17. The security system of claim 15, wherein the API server and communication server are implemented as virtual servers in a cloud computing environment coupled to the endpoints over a wide area network.
  - 18. The security system of claim 15, the steps further comprising:
    - detecting a set of new endpoints joining the enterprise network;
      
      responsive to the detecting the set of new endpoint, generating a number of a new virtual server instances of the communication server, the number of new virtual server instances based on a number of the new endpoints; and
      
      assigning each of the new virtual server instances to a subset of the new endpoints.
  - 19. The security system of claim 15, wherein the persistent connection maintained between the communication server and the endpoints is a Web Socket connection.
  - 20. The security system of claim 15, the steps further comprising:
    - the API server receiving, from the identified endpoint, an identifier for the received message;
      
      performing a comparison, by the API server, of the received identifier to message identifiers saved in a data store associated with the identified endpoint;
      
      determining, at the API server, whether the identified endpoint missed one or more prior commands intended for the identified endpoint based on the comparison; and
      
      providing, by the API server, the identified endpoint with the missed one or more prior commands.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malwarebytes Corporate Holdco Incorporated
Original Assignee
Malwarebytes Inc.
Inventors
Castilho, Marcio, Breton, Kevin, Chan, Jonathan, Bandyopadhyay, Anupam, Stoyanov, Plamen
Primary Examiner(s)
Pyzocha, Michael

Application Number

US15/883,077
Publication Number

US 20190036967A1
Time in Patent Office

687 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 41/082   the condition being updates...

H04L 63/0263   Rule management

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Scalable cloud-based endpoint security system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Scalable cloud-based endpoint security system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links