System and method for performing remote security assessment of firewalled computer

US 8,925,093 B2
Filed: 05/29/2012
Issued: 12/30/2014
Est. Priority Date: 08/15/2008
Status: Active Grant

First Claim

Patent Images

1. A method of conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the method comprising:

providing a scanner engine in a computer server in communication with the open computer network;

providing a scanner agent installed on the endpoint system in communication with the open computer network through the firewall;

establishing a secure layer connection between the scanner engine and the scanner agent without requiring credentialed access through an open firewall port;

sending, from the scanner engine to the scanner agent installed on the endpoint system, commands for collecting data from the endpoint system;

collecting data based on the commands via the secure layer connection regarding the endpoint system using the scanner agent, the collected data including at least one of system configuration information, system services information, or file system information;

receiving the collected data from the scanner agent at the scanner engine via the secure layer connection;

analyzing the collected data with the scanner engine to assess a current security vulnerability posture of the endpoint system, and determining any updates for the endpoint system from the analysis; and

sending the updates via the secure layer connection to the scanner agent for installation on the endpoint system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated.

28 Citations

View as Search Results

32 Claims

1. A method of conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the method comprising:
- providing a scanner engine in a computer server in communication with the open computer network;
  
  providing a scanner agent installed on the endpoint system in communication with the open computer network through the firewall;
  
  establishing a secure layer connection between the scanner engine and the scanner agent without requiring credentialed access through an open firewall port;
  
  sending, from the scanner engine to the scanner agent installed on the endpoint system, commands for collecting data from the endpoint system;
  
  collecting data based on the commands via the secure layer connection regarding the endpoint system using the scanner agent, the collected data including at least one of system configuration information, system services information, or file system information;
  
  receiving the collected data from the scanner agent at the scanner engine via the secure layer connection;
  
  analyzing the collected data with the scanner engine to assess a current security vulnerability posture of the endpoint system, and determining any updates for the endpoint system from the analysis; and
  
  sending the updates via the secure layer connection to the scanner agent for installation on the endpoint system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein the endpoint system includes a web browser, and wherein the scanner agent is installed as a plug-in for the web browser.
  - 3. A method according to claim 2, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint system in initiating and conducting the scan.
  - 4. A method according to claim 1, wherein the secure layer connection between the scanner agent and the scanner engine comprises a secure layer connection between the scanner agent and a proxy server associated with the scanner engine.
  - 5. A method according to claim 1, wherein the secure layer connection comprises a secure HTTP-based connectivity.
  - 6. A method according to claim 1, wherein the secure layer connection comprises encrypting data communication between the scanner agent and the scanner engine.
  - 7. A method according to claim 1, wherein the updates comprise virus definition updates.

8. A system for conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the system comprising:
- a computer server in communication with the open computer network, wherein the computer server comprises a scanner engine;
  
  a scanner agent installed on the endpoint system in communication with the open computer network through the firewall; and
  
  a secure layer connection established between the scanner engine and the scanner agent without requiring credentialed access through an open firewall port;
  
  wherein the scanner engine is configurable to send commands for collecting data from the endpoint system to the scanner agent installed on the endpoint system;
  
  wherein the scanner agent is configurable to collect data regarding the endpoint system based on the commands, the collected data including at least one of system configuration information, system services information, or file system information;
  
  wherein the scanner engine is configurable to;
  
  receive data via the secure layer connection regarding the endpoint system collected by the scanner agent;
  
  analyze the collected data to assess a current security vulnerability posture of the endpoint system and determine any updates for the endpoint system from the analysis, andsend the updates via the secure layer connection to the scanner agent for installation on the endpoint system.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. A system according to claim 8, wherein the endpoint system includes a web browser, and wherein the scanner agent is installed as a plug-in for the web browser.
  - 10. A system according to claim 9, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint system in initiating and conducting the scan.
  - 11. A system according to claim 8, wherein the secure layer connection is established between the scanner agent and a proxy server associated with the scanner engine.
  - 12. A system according to claim 11, wherein the proxy server initiates the scanner engine once the secure layer connection is established.
  - 13. A system according to claim 8, wherein the secure layer connection comprises a secure HTTP-based connectivity.
  - 14. A system according to claim 8, wherein the secure layer connection encrypts data communication between the scanner agent and the scanner engine.
  - 15. A system according to claim 8, wherein the updates comprise virus definition updates.

16. A method of conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the method comprising:
- providing a scanner engine in a computer server in communication with the open computer network;
  
  establishing a secure layer connection across the open computer network between the scanner engine and a scanner agent without requiring credentialed access through an open firewall port, the scanner agent installed on the endpoint system in communication with the open computer network through the firewall;
  
  sending commands for collecting data regarding the endpoint system from the scanner engine via the secure layer connection to the scanner agent installed on the endpoint system, the collected data including at least one of system configuration information, system services information, or file system information;
  
  receiving the collected data from the scanner agent via the secure layer connection to the scanner engine;
  
  analyzing the collected data with the scanner engine to assess a current security vulnerability posture of the endpoint system, and determining any updates for the endpoint system from the analysis;
  
  sending the updates across the secure layer connection to the scanner agent for installation on the endpoint system; and
  
  terminating the secure layer connection after the updates are received by the endpoint system.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. A method according to claim 16, wherein the endpoint system includes a web browser, and wherein the scanner agent is installed as a plug-in for the web browser.
  - 18. A method according to claim 17, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint system in initiating and conducting the scan.
  - 19. A method according to claim 16, wherein establishing a secure layer connection between the scanner agent and the scanner engine comprises establishing the secure layer connection between the scanner agent and a proxy server associated with the scanner engine.
  - 20. A method according to claim 19, wherein the proxy server initiates the scanner engine once the secure layer connection is established.
  - 21. A method according to claim 16, wherein the secure layer connection comprises a secure HTTP-based connectivity.
  - 22. A method according to claim 16, wherein the secure layer connection comprises encrypting data communication between the scanner agent and the scanner engine.
  - 23. A method according to claim 16, wherein the updates comprise virus definition updates.

24. A system for conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the system comprising:
- a computer server in communication with the open computer network, wherein the computer server comprises a scanner engine;
  
  a scanner agent installed on the endpoint system in communication with the open computer network through the firewall;
  
  a secure layer connection established between the scanner engine and the scanner agent without requiring credentialed access through an open firewall port; and
  
  wherein the scanner agent is configurable to collect data regarding the endpoint system, the collected data including at least one of system configuration information, system services information, or file system information;
  
  wherein the scanner engine is configurable to;
  
  send commands via the secure layer connection for collecting data regarding the endpoint system to the scanner agent installed on the endpoint system,receive the collected data from the scanner agent via the secure connection,analyze the collected data to assess a current security vulnerability posture of the endpoint system and determining any update for the endpoint system from the analysis, andsend the updates via the secure connection to the scanner agent for installation on the endpoint system.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. A system according to claim 24, wherein the endpoint system includes a web browser, and wherein the scanner agent is installed as a plug-in for the web browser.
  - 26. A system according to claim 25, wherein the web browser further comprises a graphical user interface for use by a user of the endpoint system in initiating and conducting the scan.
  - 27. A system according to claim 24, wherein the secure layer connection is established between the scanner agent and a proxy server associated with the scanner engine.
  - 28. A system according to claim 27, wherein the proxy server initiates the scanner engine once the secure layer connection is established.
  - 29. A system according to claim 24, wherein the secure layer connection comprises a secure HTTP-based connectivity.
  - 30. A system according to claim 24, wherein the secure layer connection encrypts data communication between the scanner agent and the scanner engine.
  - 31. A system according to claim 24, wherein the updates comprise virus definition updates.

32. A method of conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the method comprising:
- providing a scanner engine in a computer server in communication with the open computer network;
  
  providing a scanner agent installed on the endpoint system in communication with the scanner engine through the open computer network a secure layer connection established between the scanner engine and the scanner agent without requiring credentialed access through an open firewall port;
  
  receiving, at the scanner agent installed on the endpoint system and via the secure layer connection, commands from the scanner engine to access an operating system of the endpoint system to collect data regarding the endpoint system;
  
  collecting, by the scanner agent and via the secure layer connection, data regarding the endpoint system, the collected data including at least one of system configuration information, system services information, or file system information;
  
  receiving, at the scanner engine and via the secure layer connection, the collected data from the scanner agent;
  
  analyzing, at the scanner engine, the collected data to assess a current security vulnerability posture of the endpoint system, and determining any updates for the endpoint system from the analysis; and
  
  sending the updates via the secure layer connection to the scanner agent for installation on the endpoint system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualys Incorporated
Original Assignee
Qualys Incorporated
Inventors
Ali-Ahmad, Wissam, Kandek, Wolfgang, Kruse, Holger, Dewan, Vikas, Jampani, Ganesh, Okumura, Kenneth K., Mazboudi, Khair-ed-dine
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US13/482,531
Publication Number

US 20120233700A1
Time in Patent Office

945 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 3/048   Interaction techniques base...

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for performing remote security assessment of firewalled computer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links