System and method for performing remote security assessment of firewalled computer

US 8,281,396 B2
Filed: 08/14/2009
Issued: 10/02/2012
Est. Priority Date: 08/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method of conducting a scan on an endpoint terminal across an open computer network, the method comprising:

providing a scanner engine in a computer server in communication with an open computer network;

providing a scanner agent installed on an endpoint terminal in communication with the open computer network;

initiating scanning and collecting of data for use in assessing a current posture of the endpoint terminal using the scanner agent by accessing an operating system of the endpoint terminal;

receiving the collected data from the scanner agent at the scanner engine;

analyzing the collected data with the scanner engine to assess the current posture of the endpoint terminal, and determining any updates for the endpoint terminal from the analysis; and

sending the updates to the scanner agent for installation on the endpoint terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

Citations

46 Claims

1. A method of conducting a scan on an endpoint terminal across an open computer network, the method comprising:
- providing a scanner engine in a computer server in communication with an open computer network;
  
  providing a scanner agent installed on an endpoint terminal in communication with the open computer network;
  
  initiating scanning and collecting of data for use in assessing a current posture of the endpoint terminal using the scanner agent by accessing an operating system of the endpoint terminal;
  
  receiving the collected data from the scanner agent at the scanner engine;
  
  analyzing the collected data with the scanner engine to assess the current posture of the endpoint terminal, and determining any updates for the endpoint terminal from the analysis; and
  
  sending the updates to the scanner agent for installation on the endpoint terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, wherein the endpoint terminal is protected from the open computer network with a firewall.
  - 3. A method according to claim 1, wherein the endpoint terminal includes a web browser, and wherein the scanner agent is associated with a plug-in for the web browser.
  - 4. A method according to claim 3, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint terminal in conducting the scan.
  - 5. A method according to claim 1, further comprising a secure connection between the scanner engine and the scanner agent.
  - 6. A method according to claim 5, wherein the secure connection is a socket layer connection.
  - 7. A method according to claim 5, wherein the secure connection between the scanner agent and the scanner engine comprises a secure connection between the scanner agent and a proxy server associated with the scanner engine.
  - 8. A method according to claim 1, wherein the collected data comprises current operating system information of the endpoint terminal.
  - 9. A method according to claim 8, wherein the operating system information includes system configuration information, system services information, or file system information.
  - 10. A method according to claim 1, wherein determining a current posture of the endpoint terminal comprises determining a current security vulnerability posture of the endpoint terminal.
  - 11. A method according to claim 10, wherein the updates comprise virus definition updates.

12. A system for conducting a scan on an endpoint terminal across an open computer network, the system comprising:
- a computer server in communication with an open computer network, wherein the computer server comprises a scanner engine;
  
  a scanner agent installed on an endpoint terminal in communication with the open computer network; and
  
  wherein the scanner agent is operable to access an operating system of the endpoint terminal to initiate scanning and collecting of data for use in assessing a current posture of the endpoint terminal; and
  
  wherein the scanner engine is configured to;
  
  receive the collected data regarding the endpoint terminal collected by the scanner agent;
  
  analyze the collected data to assess the current posture of the endpoint terminal and determine any updates for the endpoint terminal from the analysis, andsend the updates to the scanner agent for installation on the endpoint terminal.

13. A system according to claim 12, wherein the endpoint terminal comprises a firewall protecting it from the open computer network.

14. A system according to claim 12, wherein the endpoint terminal includes a web browser, and wherein the scanner agent is associated with a plug-in for the web browser.

15. A system according to claim 14, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint terminal in conducting the scan.

16. A system according to claim 12, further comprising a secure connection between the scanner engine and the scanner agent.

17. A system according to claim 16, wherein the secure connection is a socket layer connection.

18. A system according to claim 16, wherein the secure connection is established between the scanner agent and a proxy server associated with the scanner engine.

19. A system according to claim 18, wherein the proxy server initiates the scanner engine once the secure connection is established.

20. A system according to claim 12, wherein the collected data comprises current operating system information of the endpoint terminal.

21. A system according to claim 20, wherein the operating system information includes system configuration information, system services information, or file system information.

22. A system according to claim 12, wherein a current posture of the endpoint terminal comprises a current security vulnerability posture of the endpoint terminal.

23. A system according to claim 22, wherein the updates comprise virus definition updates.

24. A method of conducting a scan on an endpoint terminal across an open computer network, the method comprising:
- providing a scanner engine in a computer server in communication with an open computer network;
  
  establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on an endpoint terminal in communication with the open computer network;
  
  sending commands for initiating scanning and collecting of data regarding the endpoint terminal from the scanner engine across the secure connection to the scanner agent;
  
  accessing an operating system of the endpoint terminal by the scanner agent to scan and collect the data;
  
  receiving the collected data from the scanner agent across the secure connection to the scanner engine;
  
  analyzing the collected data with the scanner engine to assess the current posture of the endpoint terminal, and determining any updates for the endpoint terminal from the analysis;
  
  sending the updates across the secure connection to the scanner agent for installation on the endpoint terminal; and
  
  terminating the secure connection after the updates are received by the endpoint terminal.

25. A method according to claim 24, wherein the endpoint terminal is protected from the open computer network with a firewall.

26. A method according to claim 24, wherein the endpoint terminal includes a web browser, and wherein the scanner agent is associated with a plug-in for the web browser.

27. A method according to claim 26, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint terminal in conducting the scan.

28. A method according to claim 24, wherein the secure connection is a socket layer connection.

29. A method according to claim 24, wherein establishing a secure connection between the scanner agent and the scanner engine comprises establishing the secure connection between the scanner agent and a proxy server associated with the scanner engine.

30. A method according to claim 29, wherein the proxy server initiates the scanner engine once the secure connection is established.

31. A method according to claim 24, wherein the collected data comprises current operating system information of the endpoint terminal.

32. A method according to claim 31, wherein the operating system information includes system configuration information, system services information, or file system information.

33. A method according to claim 24, wherein determining a current posture of the endpoint terminal comprises determining a current security vulnerability posture of the endpoint terminal.

34. A method according to claim 33, wherein the updates comprise virus definition updates.

35. A system for conducting a scan on an endpoint terminal across an open computer network, the system comprising:
- a computer server in communication with an open computer network, wherein the computer server comprises a scanner engine;
  
  a scanner agent installed on an endpoint terminal in communication with the open computer network;
  
  a secure connection between the scanner engine and the scanner agent across the open computer network; and
  
  wherein the scanner agent is operable to access an operating system of the endpoint terminal to scan and collect data for use in assessing a current posture of the endpoint terminal; and
  
  wherein the scanner engine is configured to;
  
  send commands for to initiate scanning and collecting of data for use in assessing a current posture of the endpoint terminal across the secure connection to the scanner agent,receive the collected data from the scanner agent across the secure connection,analyze the collected data to assess the current posture of the endpoint terminal and determining any update for the endpoint terminal from the analysis, andsend the updates across the secure connection to the scanner agent for installation on the endpoint terminal.

36. A system according to claim 35, wherein the endpoint device terminal comprises a firewall protecting it from the open computer network.

37. A system according to claim 35, wherein the endpoint terminal includes a web browser, and wherein the scanner agent is associated with a plug-in for the web browser.

38. A system according to claim 37, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint terminal in conducting the scan.

39. A system according to claim 35, wherein the secure connection is a socket layer connection.

40. A system according to claim 35, wherein the secure connection is established between the scanner agent and a proxy server associated with the scanner engine.

41. A system according to claim 40, wherein the proxy server initiates the scanner engine once the secure connection is established.

42. A system according to claim 35, wherein the collected data comprises current operating system information of the endpoint terminal.

43. A system according to claim 42, wherein the operating system information includes system configuration information, system services information, or file system information.

44. A system according to claim 35, wherein a current posture of the endpoint terminal comprises a current security vulnerability posture of the endpoint terminal.

45. A system according to claim 44, wherein the updates comprise virus definition updates.

46. A method of conducting a scan on an endpoint terminal across an open computer network, the method comprising:
- providing a scanner engine in a computer server in communication with an open computer network;
  
  providing a scanner agent installed on an endpoint terminal in communication with the scanner engine through the open computer network;
  
  receiving, at the scanner agent, commands from the scanner engine to access an operating system of the endpoint terminal to scan and collect data regarding the endpoint terminal;
  
  collecting, by the scanner agent, data regarding the endpoint terminal;
  
  receiving, at the scanner engine, the collected data from the scanner agent;
  
  analyzing, at the scanner engine, the collected data to assess a current posture of the endpoint terminal, and determining any updates for the endpoint terminal from the analysis; and
  
  sending the updates to the scanner agent for installation on the endpoint terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualys Incorporated
Original Assignee
Qualys Incorporated
Inventors
Ali-Ahmad, Wissam, Kandek, Wolfgang, Kruse, Holger, Dewan, Vikas, Mazboudi, KD, Jampani, Ganesh, Okumura, Kenneth K.
Primary Examiner(s)
Powers, William

Application Number

US12/541,869
Publication Number

US 20100175134A1
Time in Patent Office

1,145 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 3/048   Interaction techniques base...

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links