Endpoint enabled for enterprise security assessment sharing
First Claim
1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, implements an architecture for an endpoint that arranged for use in a security enterprise environment, the architecture comprising:
- a common assessment sharing agent that is arranged for implementing a publish and subscribe model for security assessments using a communication channel, each security assessment being arranged to provide contextual meaning to an object in the environment; and
a common assessment generating engine that is operatively coupled as a client to the common assessment sharing agent, and arranged for generating a security assessment by analyzing locally-available data pertaining to the object.
2 Assignments
0 Petitions
Accused Products
Abstract
An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.
103 Citations
20 Claims
-
1. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, implements an architecture for an endpoint that arranged for use in a security enterprise environment, the architecture comprising:
-
a common assessment sharing agent that is arranged for implementing a publish and subscribe model for security assessments using a communication channel, each security assessment being arranged to provide contextual meaning to an object in the environment; and a common assessment generating engine that is operatively coupled as a client to the common assessment sharing agent, and arranged for generating a security assessment by analyzing locally-available data pertaining to the object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14)
-
- 8. The computer-readable medium of 7 in which the common assessment generating engine is further arranged for managing all active security assessments received over the channel, an active security assessment having a time-to-live field value that is unexpired.
-
15. A method for extending an enterprise security topology to a new endpoint being added to the topology, the method comprising the steps of:
-
maintaining one or more tables for describing a publish and subscribe model by which a publishing endpoint publishes a security assessment to which a subscribing endpoint subscribes according to a subscription, the security assessment describing an object being monitored by an endpoint, and the description using a taxonomy that is commonly-understood by a plurality of endpoints, the security assessment being further categorized by type and describing an object being monitored by an endpoint, and the description using a taxonomy that is commonly-understood by the plurality of endpoints; and updating the one or more tables with a description of a security assessment type for which the new endpoint publishes, and a description of a security assessment type to which the new endpoint subscribes. - View Dependent Claims (16, 17)
-
-
18. An enterprise security network, comprising:
-
a plurality of endpoints, each of the endpoints being enabled with security assessment sharing functionality by which a publishing endpoint publishes a security assessment to which a subscribing endpoint subscribes according to a subscription, the security assessment describing an object being monitored by an endpoint, and the description using a taxonomy that is commonly-understood by the plurality of endpoints; and a communications channel, operatively coupled to the plurality of endpoints, and arranged for providing a transport layer over which a published security assessment is received by the subscribing endpoint. - View Dependent Claims (19, 20)
-
Specification