System and method of network endpoint security
First Claim
1. An endpoint security system configured to reside on a quarantined virtual local area network and to manage the connection of a host to either the quarantined virtual local area network or to a non-quarantined virtual area network based on a security assessment of the added host, the endpoint security system comprising:
- a security scanner configured to perform a security assessment on the host;
a dynamic host configuration protocol server configured to assign Internet Protocol addresses to hosts added to the quarantined virtual local area network; and
an endpoint security agent configured to;
extract, from at least one packet sent by the dynamic host configuration protocol server, an Internet Protocol address that has been assigned to a host added to the quarantined virtual local area network;
forward the extracted Internet Protocol address to the security scanner and cause the security scanner to perform a security assessment on the added host by scanning the added host, wherein the security scanner is located on a security engine on which the endpoint security agent is located;
receive the security assessment; and
cause a switch to connect the added host to the non-quarantined virtual local area network if, based on the security assessment of the added host, the added host is deemed to be a secure host.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and a method enhance endpoint security of a computer network. The system and method generate security assessments of hosts on quarantined and non-quarantined networks. Based on the generated security assessments, secure hosts are connected to the non-quarantined network and non-secure or vulnerable hosts are connected to the quarantined network. A remediation engine assists with fixing vulnerabilities of the hosts on the quarantined network. Endpoint security agents, security scanners, and remediation engines that carry out the foregoing functions reside on each of the quarantined and non-quarantined networks on hosts that are different from the target hosts. Under such an architecture, the endpoint security system can advantageously be operating system agnostic and can provide complete and powerful endpoint security for targeted hosts without being installed on each individual targeted host. Alternatively, endpoint security agents, security scanners, and remediation agents can reside partially or wholly on one or more target hosts.
-
Citations
22 Claims
-
1. An endpoint security system configured to reside on a quarantined virtual local area network and to manage the connection of a host to either the quarantined virtual local area network or to a non-quarantined virtual area network based on a security assessment of the added host, the endpoint security system comprising:
-
a security scanner configured to perform a security assessment on the host; a dynamic host configuration protocol server configured to assign Internet Protocol addresses to hosts added to the quarantined virtual local area network; and an endpoint security agent configured to; extract, from at least one packet sent by the dynamic host configuration protocol server, an Internet Protocol address that has been assigned to a host added to the quarantined virtual local area network; forward the extracted Internet Protocol address to the security scanner and cause the security scanner to perform a security assessment on the added host by scanning the added host, wherein the security scanner is located on a security engine on which the endpoint security agent is located; receive the security assessment; and cause a switch to connect the added host to the non-quarantined virtual local area network if, based on the security assessment of the added host, the added host is deemed to be a secure host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, comprising:
-
performing, by a security scanner, a security assessment on a host; and assigning, by a dynamic host configuration protocol server, Internet Protocol addresses to hosts added to a quarantined virtual local area network; extracting, by an endpoint security agent, from at least one, packet sent by the dynamic host configuration protocol server, an Internet Protocol address that has been assigned to a host added to the quarantined virtual local area network; forwarding, by the endpoint security agent, the extracted Internet Protocol address to the security scanner and cause the security scanner to perform a security assessment on the added host by scanning the added host, wherein the security scanner is located on a security engine on which the endpoint security agent is located; receiving, by the endpoint security agent, the security assessment; and causing, by the endpoint security agent, a switch to connect the added host to a non-quarantined virtual local area network if, based on the security assessment of the added host, the added host is deemed to be a secure host. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification