Determining a reduced set of remediation actions for endpoint integrity
First Claim
1. A method comprising:
- receiving integrity data via a network from a network endpoint;
determining, by a plurality of verification modules and based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module;
performing, by the plurality of verification modules, the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results;
responsive to determining that at least two of the verification test results indicate a failure, identifying a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor;
combining, using the one or more rules defined by the security policy, the at least two of the verification test results to obtain a combined result;
responsive to determining that the combined result indicates a failure;
comparing a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and
eliminating, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and
sending the reduced set of remediation actions to the network endpoint.
12 Assignments
0 Petitions
Accused Products
Abstract
In general, the disclosure relates to techniques for identifying a reduced set of remediation actions that are to be performed by a network endpoint to achieve compliance with a security policy defined by a network entity. One example method comprises receiving integrity data via a network from a network endpoint, performing a plurality of tests on the integrity data to generate corresponding test results, identifying a set of remediation actions based upon the test results, and comparing the remediation actions in the set. The method further comprises eliminating at least one remediation action in the set based upon the comparison to form a reduced set of remediation actions, and sending the reduced set of remediation actions to the network endpoint, wherein each remediation action in the reduced set specifies an action to be performed by the network endpoint to achieve compliance with a security policy.
32 Citations
13 Claims
-
1. A method comprising:
-
receiving integrity data via a network from a network endpoint; determining, by a plurality of verification modules and based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module; performing, by the plurality of verification modules, the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results; responsive to determining that at least two of the verification test results indicate a failure, identifying a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor; combining, using the one or more rules defined by the security policy, the at least two of the verification test results to obtain a combined result; responsive to determining that the combined result indicates a failure; comparing a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and eliminating, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and sending the reduced set of remediation actions to the network endpoint. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium comprising instructions that cause one or more processors to:
-
receive integrity data via a network from a network endpoint; determine, by a plurality of verification modules and based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module; perform, by the plurality of verification modules, the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results; responsive to determining that at least two of the verification test results indicate a failure, identify a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor; combine, using the one or more rules defined by the security policy, the at least two of the verification test results to determine a combined result; responsive to determining that the combined result indicates a failure; compare a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and eliminate, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and send the reduced set of remediation actions to the network endpoint.
-
-
8. An apparatus comprising:
-
one or more computer processors; and a non-transitory computer-readable storage medium configured to store a plurality of verification modules and an integrity evaluation module, wherein the plurality of verification modules includes at least one of an operating system data verification module, a firewall data verification module, or an anti-virus data verification module, and wherein the plurality of verification modules are executable by the one or more computer processors to; receive integrity data via a network from a network endpoint; determine, based upon one or more rules defined by a security policy, a plurality of verification tests for the integrity data; perform the plurality of verification tests on the integrity data to generate a plurality of verification test results, wherein each verification module of the plurality of verification modules performs at least one verification test of the plurality of verification tests to generate at least one corresponding verification test result of the plurality of verification test results; and responsive to determining that at least two of the verification test results indicate a failure, identify a set of remediation actions and associated weighting factors to achieve compliance with the security policy, wherein each remediation action in the set of remediation actions is associated with a weighting factor, and wherein each verification module of the plurality of verification modules that generates at least one corresponding verification test result indicating a failure is configured to identify at least one corresponding remediation action in the set of remediation actions and at least one associated weighting factor; and wherein the integrity evaluation module is executable by the one or more computer processors to; combine, using the one or more rules defined by the security policy, the at least two of the verification test results to determine a combined result; responsive to determining that the combined result indicates a failure; compare a first weighting factor associated with a first remediation action to a second weighting factor associated with a second remediation action, wherein the first remediation action and the second remediation action are each included in the set of remediation actions and are identified by the at least one of the operating system data verification module, the firewall data verification module, or the anti-virus data verification module; and eliminate, based upon the comparison of the first weighting factor to the second weighting factor, at least the first remediation action from the set of remediation actions to form a reduced set of remediation actions, wherein the first remediation action is at least one of a conflicting or a redundant action with respect to the second remediation action, and wherein the reduced set of remediation actions includes the second remediation action but not the first remediation action; and send the reduced set of remediation actions to the network endpoint. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification