Scalable cloud-based endpoint security system
First Claim
1. A method for updating a security policy on a plurality of endpoints in a networked computer environment, the method comprising:
- receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network;
generating a connection request message identifying the plurality of endpoints targeted by the command;
identifying, by a communication server, a target endpoint identified by the connection request message;
sending, by the communication server, the connection request message to the identified endpoint via a persistent connection;
receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message;
establishing a temporary connection between the API server and the identified endpoint in response to the request; and
communicating, by the API server, the command to the identified endpoint over the temporary connection.
5 Assignments
0 Petitions
Accused Products
Abstract
A scalable cloud-based endpoint security system facilitates a security policy on a plurality of endpoints. Configuration data or commands for implementing a security policy are entered via a web browser of an administrative client device and received at a cloud server. An API server generates a message to a queue of a publication/subscription server that publishes the messages from the queue to one or more subscribing communication servers. A communication server sends the message to an endpoint targeted by the message via a persistent connection that the communication server maintains with the endpoint. In response to the message, the endpoint establishes a connection to the API server. The API server then distributes the configuration data or commands to the endpoint.
19 Citations
20 Claims
-
1. A method for updating a security policy on a plurality of endpoints in a networked computer environment, the method comprising:
-
receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network; generating a connection request message identifying the plurality of endpoints targeted by the command; identifying, by a communication server, a target endpoint identified by the connection request message; sending, by the communication server, the connection request message to the identified endpoint via a persistent connection; receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message; establishing a temporary connection between the API server and the identified endpoint in response to the request; and communicating, by the API server, the command to the identified endpoint over the temporary connection. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing instructions for updating a security policy on a plurality of endpoints in a networked computer environment, the instructions when executed by one or more processors causing the one or more processors to perform steps comprising:
-
receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network; generating a connection request message identifying the plurality of endpoints targeted by the command; identifying, by a communication server, a target endpoint identified by the connection request message; sending, by the communication server, the connection request message to the identified endpoint via a persistent connection; receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message; establishing a temporary connection between the API server and the identified endpoint in response to the request; and communicating, by the API server, the command to the identified endpoint over the temporary connection. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A security system for implementing a security policy on a plurality of endpoints in a networked computer environment, the security system comprising:
-
one or more computer processors; and one or more non-transitory computer-readable storage media, the storage media storing computer program instructions executable by the one or more computer processors to perform steps comprising; receiving, at an API server, a command including configuration data for configuring the plurality of endpoints within an enterprise network; generating a connection request message identifying the plurality of endpoints targeted by the command; identifying, by a communication server, a target endpoint identified by the connection request message; sending, by the communication server, the connection request message to the identified endpoint via a persistent connection; receiving by the API server, a connection request from the identified endpoint in response to the identified endpoint receiving the connection request message; establishing a temporary connection between the API server and the identified endpoint in response to the request; and communicating, by the API server, the command to the identified endpoint over the temporary connection. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification