Mechanism to evaluate the security posture of a computer system
First Claim
Patent Images
1. A method, comprising:
- receiving, by a computing device, data representing an event associated with a security component operating in an endpoint device;
analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score;
updating a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device;
updating an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and
providing the updated overall security score to an analysis component.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for evaluating the security posture of a computer system is described. In one embodiment, a method includes receiving data representing an event associated with a security component operating in an endpoint device, analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score, updating a security component score of the security component with the assigned weighted score for the event, updating an overall security score for the endpoint device with the updated security component score, and providing the updated overall security score to an analysis component.
-
Citations
20 Claims
-
1. A method, comprising:
-
receiving, by a computing device, data representing an event associated with a security component operating in an endpoint device; analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score; updating a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device; updating an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and providing the updated overall security score to an analysis component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
a memory; and a processing device coupled with the memory, wherein the processing device is configured to; receive data representing an event associated with a security component operating in an endpoint device; analyze the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score; update a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device; update an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and provide the updated overall security score to an analysis component. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform a method comprising:
-
receiving, by a computing device comprising the processing device, data representing an event associated with a security component operating in an endpoint device; analyzing the received data to determine a score to assign to the event and a weighting factor to apply to the assigned score; updating a security component score of the security component with the assigned weighted score for the event, wherein the security component score is generated in view of events occurring at the security component with respect to outside threats to the endpoint device, system activity at the endpoint device with respect to configuration of the security component, and actions of an end user of the endpoint device with respect to changing security configurations of the security component on the end point device; updating an overall security score for the endpoint device with the updated security component score, wherein the overall security score is generated in view of security component scores of the endpoint device and general security settings of the endpoint device that are outside of a scope of the security component scores; and providing the updated overall security score to an analysis component. - View Dependent Claims (17, 18, 19, 20)
-
Specification