Determining a reduced set of remediation actions for endpoint integrity

US 9,088,615 B1
Filed: 07/31/2008
Issued: 07/21/2015
Est. Priority Date: 07/31/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving integrity data via a network from a network endpoint;

determining, by a plurality of verification modules and based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module;

performing, by the plurality of verification modules, the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results;

responsive to determining that at least two of the verification test results indicate a failure, identifying a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor;

combining, using the one or more rules defined by the security policy, the at least two of the verification test results to obtain a combined result;

responsive to determining that the combined result indicates a failure;

comparing a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and

eliminating, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and

sending the reduced set of remediation actions to the network endpoint.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the disclosure relates to techniques for identifying a reduced set of remediation actions that are to be performed by a network endpoint to achieve compliance with a security policy defined by a network entity. One example method comprises receiving integrity data via a network from a network endpoint, performing a plurality of tests on the integrity data to generate corresponding test results, identifying a set of remediation actions based upon the test results, and comparing the remediation actions in the set. The method further comprises eliminating at least one remediation action in the set based upon the comparison to form a reduced set of remediation actions, and sending the reduced set of remediation actions to the network endpoint, wherein each remediation action in the reduced set specifies an action to be performed by the network endpoint to achieve compliance with a security policy.

32 Citations

View as Search Results

13 Claims

1. A method comprising:
- receiving integrity data via a network from a network endpoint;
  
  determining, by a plurality of verification modules and based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module;
  
  performing, by the plurality of verification modules, the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results;
  
  responsive to determining that at least two of the verification test results indicate a failure, identifying a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor;
  
  combining, using the one or more rules defined by the security policy, the at least two of the verification test results to obtain a combined result;
  
  responsive to determining that the combined result indicates a failure;
  
  comparing a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and
  
  eliminating, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and
  
  sending the reduced set of remediation actions to the network endpoint.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the reduced set of remediation actions comprises multiple remediation actions.
  - 3. The method of claim 1, wherein eliminating the first remediation action based upon the comparison of the first weighting factor to the second weighting factor comprises eliminating the first remediation action based upon the first weighting factor being greater than the second weighting factor.
  - 4. The method of claim 1, wherein eliminating the first remediation action based upon the comparison of the first weighting factor to the second weighting factor comprises eliminating the first remediation action based upon the first weighting factor being less than the second weighting factor.
  - 5. The method of claim 1, wherein:
    - receiving the integrity data comprises receiving the integrity data from one or more data collection modules on the network endpoint; and
      
      performing the plurality of verification tests on the integrity data comprises performing a verification test on corresponding integrity data received from each individual data collection module to generate the corresponding verification test result.
  - 6. The method of claim 1, further comprising repeating the performing of the verification tests, the identifying of the set of remediation actions, the combining, the comparing, and the eliminating for multiple iterations to form the reduced set of remediation actions.

7. A non-transitory computer-readable storage medium comprising instructions that cause one or more processors to:
- receive integrity data via a network from a network endpoint;
  
  determine, by a plurality of verification modules and based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module;
  
  perform, by the plurality of verification modules, the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results;
  
  responsive to determining that at least two of the verification test results indicate a failure, identify a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor;
  
  combine, using the one or more rules defined by the security policy, the at least two of the verification test results to determine a combined result;
  
  responsive to determining that the combined result indicates a failure;
  
  compare a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and
  
  eliminate, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and
  
  send the reduced set of remediation actions to the network endpoint.

8. An apparatus comprising:
- one or more computer processors; and
  
  a non-transitory computer-readable storage medium configured to store a plurality of verification modules and an integrity evaluation module, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module, and wherein the plurality of verification modules are executable by the one or more computer processors to;
  
  receive integrity data via a network from a network endpoint;
  
  determine, based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data;
  
  perform the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results; and
  
  responsive to determining that at least two of the verification test results indicate a failure, identify a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor; and
  
  wherein the integrity evaluation module is executable by the one or more computer processors to;
  
  combine, using the one or more rules defined by the security policy, the at least two of the verification test results to determine a combined result;
  
  responsive to determining that the combined result indicates a failure;
  
  compare a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and
  
  eliminate, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and
  
  send the reduced set of remediation actions to the network endpoint.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8, wherein the reduced set of remediation actions comprises multiple remediation actions.
  - 10. The apparatus of claim 8, wherein the integrity evaluation module is configured to eliminate the first remediation action based upon the comparison of the first weighting factor to the second weighting factor at least by eliminating the first remediation action based upon the first weighting factor being greater than the second weighting factor.
  - 11. The apparatus of claim 8, wherein the integrity evaluation module is configured to eliminate the first remediation action based upon the comparison of the first weighting factor to the second weighting factor at least by eliminating the first remediation action based upon the first weighting factor being less than the second weighting factor.
  - 12. The apparatus of claim 8, wherein:
    - the one or more verification modules are configured to receive the integrity data at least by receiving the integrity data from one or more data collection modules on the network endpoint; and
      
      the one or more verification modules are configured to perform the plurality of verification tests on corresponding integrity data at least by performing a verification test on the integrity data received from each individual data collection module to generate the corresponding verification test result.
  - 13. The apparatus of claim 8, wherein:
    - the one or more verification modules are configured to repeat the performing of the verification tests and the identifying of the set of remediation actions for multiple iterations; and
      
      the integrity evaluation module is configured to repeat the comparing and the eliminating for multiple iterations to form the reduced set of remediation actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Inventors
Erickson, Steven, Avlasov, Yan
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US12/183,628
Time in Patent Office

2,546 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Determining a reduced set of remediation actions for endpoint integrity

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Determining a reduced set of remediation actions for endpoint integrity

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others