System and method for managing sensor enrollment
First Claim
1. A computerized method for enrollment of a sensor for communications with a selected computing node of a cluster operating within a malware detection system, comprising:
- receiving advertised features and capabilities for one or more broker computing nodes within the cluster by an enrollment service operating within a management system;
sending a first message to a sensor by the management system, the first message includes address information associated with the enrollment service;
in response to the first message, receiving a second message from the sensor, the second message includes tenant credentials that includes an identifier for the sensor for use by the enrollment service in authenticating the sensor;
determining a selected computing node for communications with the sensor based on consideration of the features and capabilities for the one or more broker computing nodes within the cluster and the tenant credentials associated with the sensor; and
upon authenticating the sensor by the enrollment service, sending keying material associated with the sensor to the selected computing node operating as a first broker computing node of the one or more broker computing nodes and sending a portion of the advertised features and capabilities associated with the first broker computing node to the sensor.
5 Assignments
0 Petitions
Accused Products
Abstract
Sensor enrollment management is conducted where features and capabilities for one or more broker computing nodes within the cluster are received by an enrollment service operating within a management system. The enrollment service is configured to receive advertised features and capabilities for computing nodes that are part of a cluster and provide address information associated with the enrollment service to the sensor. Based on information supplied by the sensor, the enrollment service authenticates the sensor, and upon authentication, forwards keying material associated with the sensor to a computing node selected that is selected for supporting communications to the cluster from the sensor. Also, the enrollment service provides a portion of the advertised features and capabilities associated with the computing node to the sensor to enable the sensor to establish a secure communication path with the computing node for malware analysis of suspicious objects within network traffic monitored by the sensor.
844 Citations
32 Claims
-
1. A computerized method for enrollment of a sensor for communications with a selected computing node of a cluster operating within a malware detection system, comprising:
-
receiving advertised features and capabilities for one or more broker computing nodes within the cluster by an enrollment service operating within a management system; sending a first message to a sensor by the management system, the first message includes address information associated with the enrollment service; in response to the first message, receiving a second message from the sensor, the second message includes tenant credentials that includes an identifier for the sensor for use by the enrollment service in authenticating the sensor; determining a selected computing node for communications with the sensor based on consideration of the features and capabilities for the one or more broker computing nodes within the cluster and the tenant credentials associated with the sensor; and upon authenticating the sensor by the enrollment service, sending keying material associated with the sensor to the selected computing node operating as a first broker computing node of the one or more broker computing nodes and sending a portion of the advertised features and capabilities associated with the first broker computing node to the sensor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computerized method for enrollment of a sensor for communications with a selected computing node of a cluster operating within a malware detection system, comprising:
-
authenticating the sensor by an enrollment service; upon authenticating the sensor by the enrollment service, selecting a computing node to operate as a first broker computing node for communications between the cluster and the sensor based on consideration of features and capabilities for one or more broker computing nodes including the first broker computing node within the cluster and information provided by the sensor for authenticating the sensor; and sending keying material associated with the sensor to the selected computing node operating as the first broker computing node and sending a portion of advertised features and capabilities associated with the first broker computing node to the sensor for use an establishment of a secure communication path between the sensor and the first broker computing node. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a sensor to (i) receive information over a network, the sensor to conduct a preliminary evaluation of one or more objects each including a portion of the information received by the sensor and (ii) determine whether any of the one or more objects is suspicious; a first computing node; and a management system communicatively coupled to the sensor and the first computing node, the management system includes an enrollment service that (i) receives advertised features and capabilities for the first computing node and tenant credentials from the sensor, (ii) provides address information associated with the enrollment service to the sensor, (iii) determines the first computing node for communications with the sensor based on consideration of the features and capabilities for one or more computing nodes within a cluster including the first computing node and the tenant credentials associated with the sensor, (iv) receives and forwards keying material associated with the sensor to the first computing node upon authentication of the sensor, and (v) provides a portion of the advertised features and capabilities associated with the first computing node to the sensor to enable the sensor to establish a secure communication path with the first computing node. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computerized method for enrollment of a sensor for communications with a selected computing node of a cluster operating within a malware detection system, comprising:
-
receiving a request for join the cluster from a sensor; analyzing information associated with a subscription for the sensor for services provided by the cluster; and upon determining (i) that the subscription for the sensor is active by the enrollment service and (ii) a selected computing node for communications with the sensor based on consideration of features and capabilities for one or more broker computing nodes within the cluster and tenant credentials associated with the sensor, sending information associated with the sensor to the selected computing node operating as a first broker computing node of the one or more broker computing nodes and sending a portion of the advertised features and capabilities associated with the first broker computing node to the sensor. - View Dependent Claims (31, 32)
-
Specification