SYSTEM AND METHOD FOR IDENTIFYING UNAUTHORIZED ENDPOINTS
First Claim
1. A computer program product embodied in a computer readable medium that, when executing on one or more computers, performs the steps of:
- collecting active endpoint information from each of a plurality of network devices in a computer network, wherein the active endpoint information includes address information from each of a plurality of active endpoint computing facilities communicating through at least one of the plurality of network devices;
forming an active endpoint list wherein the address information is maintained as a list of media access control (MAC) addresses for each of the plurality of network devices;
collecting authorized endpoint information from a data store, wherein the authorized endpoint information was provided, at least in part, through a security agent operating on each of a plurality of endpoints that have been verified as being compliant with a security policy and have been authorized to access the computer network;
forming an authorized endpoint list, wherein each authorized endpoint is represented by the authorized endpoint'"'"'s media access control (MAC) address; and
comparing the active endpoint list to the authorized endpoint list to identify an unauthorized endpoint, wherein the unauthorized endpoint is one of the active endpoints but is not one of the authorized endpoints.
9 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for identifying unauthorized endpoints. The present invention includes computer implemented methods and systems for actively polling and monitoring network devices, such as network routers and switches, to obtain information on any or all of the endpoints on a network with which the router or switch may have communicated. Address information acquired through polling is compared with an authorized endpoint list, which is generated from information reported to the store by security agents on the authorized endpoints and which is stored in a security compliance store, in order to identify unauthorized endpoints. Methods and systems disclosed herein also include remediation measures to be taken on the unauthorized endpoints. Related user interfaces, applications, and computer program products are disclosed.
52 Citations
14 Claims
-
1. A computer program product embodied in a computer readable medium that, when executing on one or more computers, performs the steps of:
-
collecting active endpoint information from each of a plurality of network devices in a computer network, wherein the active endpoint information includes address information from each of a plurality of active endpoint computing facilities communicating through at least one of the plurality of network devices; forming an active endpoint list wherein the address information is maintained as a list of media access control (MAC) addresses for each of the plurality of network devices; collecting authorized endpoint information from a data store, wherein the authorized endpoint information was provided, at least in part, through a security agent operating on each of a plurality of endpoints that have been verified as being compliant with a security policy and have been authorized to access the computer network; forming an authorized endpoint list, wherein each authorized endpoint is represented by the authorized endpoint'"'"'s media access control (MAC) address; and comparing the active endpoint list to the authorized endpoint list to identify an unauthorized endpoint, wherein the unauthorized endpoint is one of the active endpoints but is not one of the authorized endpoints. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification