Process-level control of encrypted content
First Claim
1. A computer program product for securing an endpoint against malicious activity, the computer program product comprising computer-executable code embodied in a non-transitory computer readable medium that, when executing on the endpoint performs the steps of:
- encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files;
receiving, from one of a plurality of processes executing on the endpoint, a request to access one of the plurality of files;
decrypting the one of the plurality of files for the one of the plurality of processes with an extension to a file system of the endpoint that responsively applies rules for whether to allow or prohibit access to encrypted files within the file system on a process-by-process basis;
monitoring a security state of the one of the plurality of processes, wherein monitoring the security state of the one of the plurality of processes includes monitoring network traffic associated with the one of the plurality of processes;
if the security state of the one of the plurality of processes becomes a compromised state, performing the steps of maintaining access by the one of the plurality of processes to any open ones of the plurality of files, including the one of the plurality of files, prohibiting access by the one of the plurality of processes to other ones of the plurality of files, and initiating a remediation of the one of the plurality of processes by facilitating a restart of the one of the plurality of processes; and
if the remediation of the one of the plurality of processes is successful, restoring access by the one of the plurality of processes to the plurality of files.
4 Assignments
0 Petitions
Accused Products
Abstract
Securing an endpoint against malicious activity includes encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files, receiving a request to access a file from a process executing on the endpoint, decrypting the file for the process, and monitoring a security state of the process. If the security state becomes a compromised state, a technique involves maintaining access to any open files (including the file decrypted for the process), prohibiting access to other files, and initiating a remediation of the process by facilitating a restart of the process. If the remediation is successful, access by the process to the plurality of files may be restored.
106 Citations
18 Claims
-
1. A computer program product for securing an endpoint against malicious activity, the computer program product comprising computer-executable code embodied in a non-transitory computer readable medium that, when executing on the endpoint performs the steps of:
-
encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files; receiving, from one of a plurality of processes executing on the endpoint, a request to access one of the plurality of files; decrypting the one of the plurality of files for the one of the plurality of processes with an extension to a file system of the endpoint that responsively applies rules for whether to allow or prohibit access to encrypted files within the file system on a process-by-process basis; monitoring a security state of the one of the plurality of processes, wherein monitoring the security state of the one of the plurality of processes includes monitoring network traffic associated with the one of the plurality of processes; if the security state of the one of the plurality of processes becomes a compromised state, performing the steps of maintaining access by the one of the plurality of processes to any open ones of the plurality of files, including the one of the plurality of files, prohibiting access by the one of the plurality of processes to other ones of the plurality of files, and initiating a remediation of the one of the plurality of processes by facilitating a restart of the one of the plurality of processes; and if the remediation of the one of the plurality of processes is successful, restoring access by the one of the plurality of processes to the plurality of files.
-
-
2. A method comprising:
-
encrypting a plurality of files on an endpoint to prevent unauthorized access to the plurality of files; receiving, from one of a plurality of processes executing on the endpoint, a request to access one of the plurality of files; decrypting the one of the plurality of files for the one of the plurality of processes with an extension to a file system of the endpoint that responsively applies rules for whether to allow or prohibit access to encrypted files within the file system on a process-by-process basis; monitoring a security state of the one of the plurality of processes, wherein monitoring the security state of the one of the plurality of processes includes monitoring network traffic associated with the one of the plurality of processes; and if the security state of the one of the plurality of processes becomes a compromised state, prohibiting access by the one of the plurality of processes to one or more of the plurality of files. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
an endpoint; a first memory on the endpoint storing a plurality of files, the plurality of files encrypted to prevent unauthorized access; a second memory on the endpoint storing key material for decrypting the plurality of files; a plurality of processes executing on the endpoint; a file system on the endpoint configured to manage access by the plurality of processes to the plurality of files, the file system configured to respond to a request from the one of the plurality of processes for one of the plurality of files by conditionally decrypting the one of the plurality of files based on a security state of the one of the plurality of processes, with an extension to the file system on the endpoint that responsively applies rules for whether to allow or prohibit access to encrypted files within the file system on a process-by-process basis; and a gateway coupled in a communicating relationship with the endpoint, the gateway configured to monitor the security state of the one of the plurality of processes based on network traffic associated with the one of the plurality of processes. - View Dependent Claims (17, 18)
-
Specification