COMBINING NETWORK ENDPOINT POLICY RESULTS
11 Assignments
0 Petitions
Accused Products
Abstract
An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.
13 Citations
47 Claims
-
1-27. -27. (canceled)
-
28. A method comprising:
-
identifying, by a processor, a plurality of policy results relating to a security state of a network device, the plurality of policy results including a first policy result and a second policy result, each policy result, of the plurality of policy results, being associated with a respective plurality of states, and a first plurality of states, associated with the first policy result, including; a pass state, a fail state, and another state that differs from the pass state and the fail state; determining, by the processor, information associated with a criterion, the information identifying; a first state of the first plurality of states, and a second state of a second plurality of states associated with the second policy result; evaluating, by the processor and based on the criterion, the network device to generate an evaluation result; and outputting, by the processor, the evaluation result to the network device. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A device comprising:
-
a memory; and one or more processors to; store, in the memory, data identifying; a plurality of policy tests, and a respective plurality of possible states associated with each policy test of the plurality of policy tests, the plurality of policy tests including a first policy test and a second policy test, and a first plurality of states, associated with the first policy test, including; a pass state, a fail state, and another state that differs from the pass state and the fail state; receive an expression that identifies; a first state of the first plurality of states, and a second state of a second plurality of states associated with the second policy test, receive a request from a network device, obtain, based on receiving the request, status information for the network device, the status information identifying; a first particular state, of the first plurality of states, associated with the network device for the first policy test, and a second particular state, of the second plurality of states, associated with the network device for the second policy test, evaluate status information, based on a comparison of the first particular state and the second particular state to the expression, to form an evaluation result, and forward, to the network device, a response to the request based on the evaluation result. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
-
42. A non-transitory computer-readable medium to store instructions, the instructions comprising:
-
one or more instructions that, when executed by a processor, cause the processor to receive an expression that identifies; a first state of a first plurality of states associated with a first policy, the first plurality of states including; a pass state, a fail state, and another state that differs from the pass state and the fail state; a second state of a second plurality of states associated with a second policy that is different from the first policy; one or more instructions that, when executed by the processor, cause the processor to obtain status information for a network device, the status information identifying; a first particular state, of the first plurality of states, associated with the network device, and a second particular state, of the second plurality of states, associated with the network device; one or more instructions that, when executed by the processor, cause the processor to evaluate the first particular state and the second particular state, based on the expression, to form an evaluation result; and one or more instructions that, when executed by the processor, cause the processor to regulate access, by the network device, to a network resource based on the evaluation result. - View Dependent Claims (43, 44, 45, 46, 47)
-
Specification