Off node scanning
First Claim
Patent Images
1. A system comprising:
- one or more processors; and
one or more hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the system to facilitate secure scanning of other computing systems while reducing risk introduced by computer scanners, including instructions that are executable to configure the computer system to perform at least the following;
receiving system state data of a target computer;
generating a virtual replica of the target computer, from the system state data, on a second computer isolated from the target computer; and
providing a computer scanner access to the system state data of the target computer with the virtual replica of the target computer, while preventing the computer scanner from having access to the target computer.
1 Assignment
0 Petitions
Accused Products
Abstract
Security risks associated with scanning a computer are at least mitigated by performing the scanning off node. State data of a target node, or computer, can be acquired in various ways. The acquired state data can be subsequently employed to generate a virtual replica of the target computer or portion thereof on a second computer isolated from the target computer. The virtual replica of the target computer provides a scanner access to the data needed to perform a scan on the second computer without accessing or being able to impact the target computer.
25 Citations
20 Claims
-
1. A system comprising:
-
one or more processors; and one or more hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the system to facilitate secure scanning of other computing systems while reducing risk introduced by computer scanners, including instructions that are executable to configure the computer system to perform at least the following; receiving system state data of a target computer; generating a virtual replica of the target computer, from the system state data, on a second computer isolated from the target computer; and providing a computer scanner access to the system state data of the target computer with the virtual replica of the target computer, while preventing the computer scanner from having access to the target computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method performed by a computing system comprising at least one processor coupled to a memory storing machine-executable instructions, the method comprising:
-
generating a virtual replica of a target computer on a second computer, isolated from the target computer, based on state data collected from the target computer; receiving a request for the state data of the target computer from a computer scanner; retrieving the state data that satisfies the request from the virtual replica of the target computer; and providing retrieved state data to the computer scanner in response to the request, while preventing the computer scanner from having access to the target computer, thereby reducing risk introduced by the computer scanner. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-readable storage medium having instructions stored thereon that enable at least one processor to perform a method upon execution of the instructions, the method comprising:
-
generating a virtual replica of a target computer, on a second computer distinct from the target computer, with state data of the target computer; receiving a request for the state data of the target computer from a third-party vulnerability scanner; retrieving the state data of the target computer that satisfies the request from the virtual replica of the target computer on the second computer; returning the state data to the third-party vulnerability scanner in response to the request, while preventing the third-party vulnerability scanner from having access to the target computer, thereby reducing risk introduced by the third-party vulnerability scanner; and receiving a vulnerability assessment based on a scan of the state data. - View Dependent Claims (18, 19, 20)
-
Specification