Please download the dossier by clicking on the dossier button x
×

Client health validation using historical data

  • US 7,720,965 B2
  • Filed: 04/23/2007
  • Issued: 05/18/2010
  • Est. Priority Date: 04/23/2007
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • using a vulnerability assessment agent comprising a processing device, detecting a client device attempting to regain access to an organization'"'"'s network, wherein the vulnerability assessment agent resides on an enterprise network;

    scanning historical data associated with the client device attempting to regain access to the organization'"'"'s network for indicators that the client device has interacted with one or more sources from networks other than the organization'"'"'s network;

    reviewing the historical data for indicators associated with suspicious activity between the client device and the one or more sources from other networks, wherein the scanning is performed by the processing device on the enterprise network as the client device is attempting to regain access to the organization'"'"'s network;

    using a scanning result to investigate for an ingress pattern of a malicious agent interacting between the client device and the one or more sources from other networks;

    using the scanning result to investigate for an egress of the malicious agent from the client device to other devices;

    utilizing the ingress and egress patterns of the malicious agent to discover propagation characteristics of the malicious agent;

    using propagation characteristics of the malicious agent to ameliorate the propagation of the malicious agent by blocking possible oaths of communication that the malicious agent can be expected to use to further propagate;

    evaluating the client device to determine whether the client device has acceptable health, the client device being determined to have acceptable health if evidence in the historical data indicates interactions between the client device and the one or more sources from networks other than the organization'"'"'s network is below a threshold at which future health of the client device and the organization'"'"'s network could be at risk, wherein the threshold is established in a risk policy that is set automatically by the vulnerability assessment agent;

    instigating remedial action if the historical data includes indicators associated with suspicious activity and the threshold for interactivity has been exceeded; and

    allowing the client device to access the organization'"'"'s network if the historical data does not include indicators associated with suspicious activity, or if the client device is determined to have acceptable health.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×