Method for enforcing endpoint health standards
First Claim
1. A method of securing a network from one or more vulnerabilities endpoints, the method comprising:
- implementing, by an administrator of a network, a login web application that collects authentication credentials for accessing the network by an agent-less endpoint device;
implementing, by a security service provider distinct from the administrator of the network, a remote server for securing the network, the remote server of the security service provider hosts an interrogating inline frame that automatically integrates with the login web application of the administrator of the network based on an access attempt to the network by the agent-less endpoint device,wherein the automatic integration of the interrogating inline frame with the login web application occurs without requiring backend service integration of the interrogating inline frame with the login web application of the administrator;
implementing the interrogating inline frame that is operably integrated within the login web application that enables access to the network with successful login credentials from a user, wherein the interrogating inline frame comprises (i) a first inline frame that collects endpoint health data and that is integrated together with (ii) a second inline frame that enables a multi-factor authentication to the network, wherein implementing the interrogating inline frame includes;
(a) collecting with the second inline frame multifactor authentication data distinct from the login credentials from the user of the endpoint user device,(b) simultaneously, with the collection using the second inline frame, collecting with the first inline frame (b-i) a first set of data and (b-ii) a second set of data distinct from the login credentials, wherein the first set of data relates to web browser identification data of the web browser operated by the endpoint user device and the second set of data relates to endpoint device data relating to one or more attributes of an agent-less endpoint user device attempting to access the network;
interrogating by the interrogating inline frame the agent-less endpoint user device that is operating the web browser;
collecting by the interrogating inline frame responses to the interrogation, wherein the responses comprises the second set of data that includes the endpoint device data of the agent-less endpoint user device;
generating an endpoint security assessment of the agent-less endpoint user device and the web browser based on an evaluation of the collected web browser identification data and the collected endpoint device data against one or more predetermined endpoint health requirements of the network;
enabling the agent-less endpoint user device to successfully login to the network when the endpoint security assessment of the agent-less endpoint user device and the web browser satisfy the one or more predetermined endpoint health requirements of the network,ordisabling the agent-less endpoint user device from accessing the network when the endpoint security assessment of the agent-less endpoint user device and the web browser do not satisfy the one or more predetermined endpoint health requirements of the network.
4 Assignments
0 Petitions
Accused Products
Abstract
An approach for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user includes collecting, at an inline frame implemented with a web application, endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, generating endpoint health intelligence from the endpoint health data, the endpoint health intelligence indicating endpoint security health of the endpoint user device, generating a first endpoint health notification comprising the endpoint health intelligence, and notifying an administrator of network with the first endpoint health notification.
302 Citations
18 Claims
-
1. A method of securing a network from one or more vulnerabilities endpoints, the method comprising:
-
implementing, by an administrator of a network, a login web application that collects authentication credentials for accessing the network by an agent-less endpoint device; implementing, by a security service provider distinct from the administrator of the network, a remote server for securing the network, the remote server of the security service provider hosts an interrogating inline frame that automatically integrates with the login web application of the administrator of the network based on an access attempt to the network by the agent-less endpoint device, wherein the automatic integration of the interrogating inline frame with the login web application occurs without requiring backend service integration of the interrogating inline frame with the login web application of the administrator; implementing the interrogating inline frame that is operably integrated within the login web application that enables access to the network with successful login credentials from a user, wherein the interrogating inline frame comprises (i) a first inline frame that collects endpoint health data and that is integrated together with (ii) a second inline frame that enables a multi-factor authentication to the network, wherein implementing the interrogating inline frame includes; (a) collecting with the second inline frame multifactor authentication data distinct from the login credentials from the user of the endpoint user device, (b) simultaneously, with the collection using the second inline frame, collecting with the first inline frame (b-i) a first set of data and (b-ii) a second set of data distinct from the login credentials, wherein the first set of data relates to web browser identification data of the web browser operated by the endpoint user device and the second set of data relates to endpoint device data relating to one or more attributes of an agent-less endpoint user device attempting to access the network; interrogating by the interrogating inline frame the agent-less endpoint user device that is operating the web browser; collecting by the interrogating inline frame responses to the interrogation, wherein the responses comprises the second set of data that includes the endpoint device data of the agent-less endpoint user device; generating an endpoint security assessment of the agent-less endpoint user device and the web browser based on an evaluation of the collected web browser identification data and the collected endpoint device data against one or more predetermined endpoint health requirements of the network; enabling the agent-less endpoint user device to successfully login to the network when the endpoint security assessment of the agent-less endpoint user device and the web browser satisfy the one or more predetermined endpoint health requirements of the network, or disabling the agent-less endpoint user device from accessing the network when the endpoint security assessment of the agent-less endpoint user device and the web browser do not satisfy the one or more predetermined endpoint health requirements of the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of securing a network from agent-less endpoints, the method comprising:
-
implementing, by an administrator of a network, a web application that collects login credentials for accessing the network by an agent-less endpoint device; implementing, by a security service provider distinct from the administrator of the network, a remote server for securing the network, the remote server of the security service provider hosts an inline frame that automatically integrates with the web application of the administrator of the network based on an access attempt to the network by the agent-less endpoint device, wherein the automatic integration of the inline frame with the web application occurs without requiring backend service integration of the inline frame with the web application of the administrator, wherein the inline frame comprises (i) a first inline frame that collects endpoint health data and that is integrated together with (ii) a second inline frame that enables a multi-factor authentication to the network, wherein implementing the inline frame includes; (a) collecting with the second inline frame multifactor authentication data distinct from the login credentials from the user of the endpoint user device, (b) simultaneously, with the collection using the second inline frame, collecting with the first inline frame (b-i) a first set of data and (b-ii) a second set of data distinct from the login credentials, wherein the first set of data relates to web browser identification data of the web browser operated by the endpoint user device and the second set of data relates to endpoint device data relating to one or more attributes of an agent-less endpoint user device attempting to access the network; generating an endpoint security assessment of the agent-less endpoint user device and the web browser based on an evaluation of the collected web browser identification data and the collected endpoint device data against predetermined endpoint health requirements of the network; enabling the agent-less endpoint user device to successfully login to the network via the web application when the endpoint security assessment of the agent-less endpoint user device and the web browser satisfy the predetermined endpoint health requirements of the network, or disabling the agent-less endpoint user device from accessing the network via the web application when the endpoint security assessment of the agent-less endpoint user device and the web browser do not satisfy the predetermined endpoint health requirements of the network. - View Dependent Claims (16)
-
-
17. A system for securing a network from vulnerable endpoints, the system comprising:
-
a web application server implemented by an administrator of a network that deploys a login web application that enables access to the network with successful login credentials from a user; an endpoint health computing server implemented by a remote server of a security service provider distinct from the administrator of the network, the remote server of the security service provider hosts an interrogating inline frame that automatically integrates with the login web application of the administrator of the network based on an access attempt to the network by the agent-less endpoint device, wherein the automatic integration of the interrogating inline frame with the login web application occurs without requiring backend service integration of the interrogating inline frame with the login web application of the administrator, the endpoint health computing server comprising a non-transitory computer-readable medium storing instructions that, when executed by one or more computer processors, perform steps of; implementing the interrogating inline frame that is operably integrated within a login web application that enables access to the network with successful login credentials from a user, wherein the interrogating inline frame comprises (i) a first inline frame that collects endpoint health data and that is integrated together with (ii) a second inline frame that enables a multi-factor authentication to the network, wherein implementing the interrogating inline frame includes; (a) collecting with the second inline frame multifactor authentication data distinct from the login credentials from the user of the endpoint user device, (b) simultaneously, with the collection using the second inline frame, collecting with the first inline frame (b-i) a first set of data and (b-ii) a second set of data distinct from the login credentials, wherein the first set of data relates to web browser identification data of the web browser operated by the endpoint user device and the second set of data relates to endpoint device data relating to one or more attributes of an agent-less endpoint user device attempting to access the network; generating an endpoint security assessment of the agent-less endpoint user device and the web browser based on an evaluation of the collected web browser identification data and the collected endpoint device data against one or more predetermined endpoint health requirements of the network; enabling the agent-less endpoint user device to successfully login to the network via the login web application when the endpoint security assessment of the agent-less endpoint user device and the web browser satisfy the one or more predetermined endpoint health requirements of the network, or disabling the agent-less endpoint user device from accessing the network via the login web application when the endpoint security assessment of the agent-less endpoint user device and the web browser do not satisfy the one or more predetermined endpoint health requirements of the network. - View Dependent Claims (18)
-
Specification