Mechanism to evaluate the security posture of a computer system

US 8,683,598 B1
Filed: 02/02/2012
Issued: 03/25/2014
Est. Priority Date: 02/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a computing device, data representing an event associated with a security component operating in an endpoint device;

analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score;

updating a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device;

updating an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and

providing the updated overall security score to an analysis component.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for evaluating the security posture of a computer system is described. In one embodiment, a method includes receiving data representing an event associated with a security component operating in an endpoint device, analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score, updating a security component score of the security component with the assigned weighted score for the event, updating an overall security score for the endpoint device with the updated security component score, and providing the updated overall security score to an analysis component.

Citations

20 Claims

1. A method, comprising:
- receiving, by a computing device, data representing an event associated with a security component operating in an endpoint device;
  
  analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score;
  
  updating a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device;
  
  updating an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and
  
  providing the updated overall security score to an analysis component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the computing device is one of the endpoint device or an endpoint protection manager server device managing an endpoint protection agent of the endpoint device.
  - 3. The method of claim 2, further comprising receiving, by the endpoint protection agent, one or more updated endpoint protection policies from the endpoint protection management server device, the one or more updated endpoint protection policies including changes to security policies that reflect the updated overall security score.
  - 4. The method of claim 1, wherein the event is an event item that comprises one of:
    - a configuration change, a system event, or a user event.
  - 5. The method of claim 4, wherein the security component score comprises a plurality of event item scores corresponding to a plurality of events including the event.
  - 6. The method of claim 2, further comprising analyzing, by the endpoint protection manager server device, the updated overall security score to determine if at least one of malicious or suspicious activity occurred with respect to the security component on the endpoint device.
  - 7. The method of claim 1, further comprising applying a weighting factor to the security component score prior to updating the overall security score.
  - 8. The method of claim 1, wherein the overall security score comprises the security component scores that correspond to a plurality of security components operating on the endpoint device and including the security component.
  - 9. The method of claim 1, wherein an independent security score authority supplies the score to assign to the event and the weighting factor to apply to the assigned score.
  - 10. The method of claim 1, wherein the security component comprises at least one of a virus and spyware protection component, a network threat protection component, and a proactive threat protection component.

11. An apparatus, comprising:
- a memory; and
  
  a processing device coupled with the memory, wherein the processing device is configured to;
  
  receive data representing an event associated with a security component operating in an endpoint device;
  
  analyze the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score;
  
  update a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device;
  
  update an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and
  
  provide the updated overall security score to an analysis component.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11, wherein the computing device is one of the endpoint device or an endpoint protection manager server device managing an endpoint protection agent of the endpoint device.
  - 13. The apparatus of claim 11, wherein the processing device further configured to analyze the updated overall security score to determine if at least one of malicious or suspicious activity occurred with respect to the security component on the endpoint device.
  - 14. The apparatus of claim 11, wherein the overall security score comprises the security component scores that correspond to a plurality of security components operating on the endpoint device and including the security component.
  - 15. The apparatus of claim 11, wherein an independent security score authority supplies the score to assign to the event and the weighting factor to apply to the assigned score.

16. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform a method comprising:
- receiving, by a computing device comprising the processing device, data representing an event associated with a security component operating in an endpoint device;
  
  analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score;
  
  updating a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device;
  
  updating an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and
  
  providing the updated overall security score to an analysis component.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable storage medium of claim 16, wherein the computing device is one of the endpoint device or an endpoint protection manager server device managing an endpoint protection agent of the endpoint device.
  - 18. The non-transitory computer readable storage medium of claim 17, further comprising receiving, by the endpoint protection agent, one or more updated endpoint protection policies from the endpoint protection management server device, the one or more updated endpoint protection policies including changes to security policies that reflect the updated overall security score.
  - 19. The non-transitory computer readable storage medium of claim 16, wherein the event is an event item that comprises one of:
    - a configuration change, a system event, or a user event.
  - 20. The non-transitory computer readable storage medium of claim 16, wherein the overall security score comprises the security component scores that correspond to a plurality of security components operating on the endpoint device and including the security component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Cashin, Timothy
Primary Examiner(s)
Simitoski, Michael

Application Number

US13/364,462
Time in Patent Office

782 Days
Field of Search

726 23- 25, 713/188
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/20 for managing network securi...

Mechanism to evaluate the security posture of a computer system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism to evaluate the security posture of a computer system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links