Policy-based selection of remediation
First Claim
Patent Images
1. A method comprising:
- collecting, by an agent running on an endpoint system, information regarding a program-code-based operational state of the endpoint system;
transmitting, by the agent, the information to a remote computer system via a network coupling the endpoint system and the remote computer system in communication;
determining whether the program-code-based operational state of the endpoint system represents a violation of the one or more security policies by evaluating, by the remote computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the endpoint system or manipulation of the endpoint system; and
enforcing one or more security policies, by the remote computer system, with respect to the endpoint system based on the received information.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, an agent running on an endpoint system collects information regarding a program-code-based operational state of the endpoint system. The agent transmits the information to a remote computer system via a network coupling the endpoint system and the remote computer system in communication. The remote computer system enforces one or more security policies with respect to the endpoint system based on the received information.
-
Citations
13 Claims
-
1. A method comprising:
-
collecting, by an agent running on an endpoint system, information regarding a program-code-based operational state of the endpoint system; transmitting, by the agent, the information to a remote computer system via a network coupling the endpoint system and the remote computer system in communication; determining whether the program-code-based operational state of the endpoint system represents a violation of the one or more security policies by evaluating, by the remote computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the endpoint system or manipulation of the endpoint system; and enforcing one or more security policies, by the remote computer system, with respect to the endpoint system based on the received information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification