Method and system for assessing and mitigating access control to a managed network

US 20080120699A1
Filed: 01/08/2007
Published: 05/22/2008
Est. Priority Date: 11/17/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access to a network, comprising the steps of:

detecting that a device is attempting to obtain access to the network;

examining historical information relating to behavior of the device while the device was not accessing the network; and

determining whether to grant access to the network based on the historical information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer program product for controlling access to a network that adds a new type of policy and new types of mitigation based on profiles of historical information about what the device did since last connected. This historical information will be used to create a historical based risk profile to determine whether or not to grant a device access to the network. A method for controlling access to a network comprises the steps of detecting that a device is attempting to obtain access to the network, examining historical information relating to behavior of the device while the device was not accessing the network, and determining whether to grant access to the network based on the historical information.

348 Citations

18 Claims

1. A method for controlling access to a network, comprising the steps of:
- detecting that a device is attempting to obtain access to the network;
  
  examining historical information relating to behavior of the device while the device was not accessing the network; and
  
  determining whether to grant access to the network based on the historical information.
- View Dependent Claims (2, 3, 4, 5, 6, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the historical information relates to at least one of:
    - use of elevated privileges on the device, installation of software on the device, use of specified tools on the device, use of one or more protocols on the device, access to Internet domains on the device, temporary disabling of security software on the device, modification of the settings of security software on the device, modifying specified system settings on the device, attachment of external devices to the device, use of removable media with the device, information that the device was never turned on or used while disconnected, modification of an executable type file on the device, and receipt of a security notice from one or more security processes on the device.
  - 3. The method of claim 1, further comprising the steps of:
    - identifying at least one risk factor based on the historical information;
      
      assigning a score to each identified risk factor; and
      
      generating a final risk score from the scores assigned to each identified risk factor.
  - 4. The method of claim 3, wherein the determining step comprises the step of:
    - denying access to the network if the final risk score is greater than a threshold.
  - 5. The method of claim 3, further comprising the steps of:
    - performing a mitigation process for each identified risk factor;
      
      determining whether the mitigation process was successful for the risk factor; and
      
      eliminating the score for the risk factor if the mitigation process was successful.
  - 6. The method of claim 5, wherein the mitigation process comprises at least one of:
    - running at least one deep security scans on the device using updated versions of the security software for the device, running at least one deep security scans of only the changed files/setting of the device using updated versions of the security software for the device, quarantining the device until manual mitigation can be applied, and tightening a security policy for the device to a higher level based on the score but still allowing the device some access to the managed network.
  - 14. The computer program product of claim 1, wherein the historical information relates to at least one of:
    - use of elevated privileges on the device, installation of software on the device, use of specified tools on the device, use of one or more protocols on the device, access to Internet domains on the device, temporary disabling of security software on the device, modification of the settings of security software on the device, modifying specified system settings on the device, attachment of external devices to the device, use of removable media with the device, information that the device was never turned on or used while disconnected, modification of an executable type file on the device, and receipt of a security notice from one or more security processes on the device.
  - 15. The computer program product of claim 1, further comprising the steps of:
    - identifying at least one risk factor based on the historical information;
      
      assigning a score to each identified risk factor; and
      
      generating a final risk score from the scores assigned to each identified risk factor.
  - 16. The computer program product of claim 3, wherein the determining step comprises the step of:
    - denying access to the network if the final risk score is greater than a threshold.
  - 17. The computer program product of claim 3, further comprising the steps of:
    - performing a mitigation process for each identified risk factor;
      
      determining whether the mitigation process was successful for the risk factor; and
      
      eliminating the score for the risk factor if the mitigation process was successful.
  - 18. The computer program product of claim 5, wherein the mitigation process comprises at least one of:
    - running at least one deep security scans on the device using updated versions of the security software for the device, running at least one deep security scans of only the changed files/setting of the device using updated versions of the security software for the device, quarantining the device until manual mitigation can be applied, and tightening a security policy for the device to a higher level based on the score but still allowing the device some access to the managed network.

7. A system for controlling access to a network comprising:
- a processor operable to execute computer program instructions;
  
  a memory operable to store computer program instructions executable by the processor; and
  
  computer program instructions stored in the memory and executable to perform the steps of;
  
  detecting that a device is attempting to obtain access to the network;
  
  examining historical information relating to behavior of the device while the device was not accessing the network; and
  
  determining whether to grant access to the network based on the historical information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the historical information relates to at least one of:
    - use of elevated privileges on the device, installation of software on the device, use of specified tools on the device, use of one or more protocols on the device, access to Internet domains on the device, temporary disabling of security software on the device, modification of the settings of security software on the device, modifying specified system settings on the device, attachment of external devices to the device, use of removable media with the device, information that the device was never turned on or used while disconnected, modification of an executable type file on the device, and receipt of a security notice from one or more security processes on the device.
  - 9. The system of claim 7, further comprising the steps of:
    - identifying at least one risk factor based on the historical information;
      
      assigning a score to each identified risk factor; and
      
      generating a final risk score from the scores assigned to each identified risk factor.
  - 10. The system of claim 9, wherein the determining step comprises the step of:
    - denying access to the network if the final risk score is greater than a threshold.
  - 11. The system of claim 9, further comprising the steps of:
    - performing a mitigation process for each identified risk factor;
      
      determining whether the mitigation process was successful for the risk factor; and
      
      eliminating the score for the risk factor if the mitigation process was successful.
  - 12. The system of claim 11, wherein the mitigation process comprises at least one of:
    - running at least one deep security scans on the device using updated versions of the security software for the device, running at least one deep security scans of only the changed files/setting of the device using updated versions of the security software for the device, quarantining the device until manual mitigation can be applied, and tightening a security policy for the device to a higher level based on the score but still allowing the device some access to the managed network.

13. A computer program product for controlling access to a network comprising:
- a computer readable storage medium;
  
  computer program instructions, recorded on the computer readable storage medium, executable by a processor, for performing the steps ofdetecting that a device is attempting to obtain access to the network;
  
  examining historical information relating to behavior of the device while the device was not accessing the network; and
  
  determining whether to grant access to the network based on the historical information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Spear, Paul R.

Application Number

US11/650,411
Publication Number

US 20080120699A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/10 for controlling access to d...

Method and system for assessing and mitigating access control to a managed network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

348 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for assessing and mitigating access control to a managed network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

348 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links