Network appliance for vulnerability assessment auditing over multiple networks
First Claim
1. A method for managing an audit by an audit extension device, comprising:
- initiating communication between an audit extension device and an audit device for an audit by receiving, by the audit extension device through a security perimeter from the audit device, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device;
reflecting the audit based on the request for the audit towards the plurality of computing assets;
sending, by the audit extension device, a result of the audit through the security perimeter to the audit device;
assuming operations, by the audit extension device, of the audit device in response to a first detection indicating that the audit device is in a failure condition; and
communicating with at least one of a network device and the audit device, and relinquishing operations of the audit device in response to a second detection indicating at least one of;
that the audit device is not in the failure condition, andthat the network device is assuming operations of the audit device.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device'"'"'s audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.
38 Citations
18 Claims
-
1. A method for managing an audit by an audit extension device, comprising:
-
initiating communication between an audit extension device and an audit device for an audit by receiving, by the audit extension device through a security perimeter from the audit device, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device; reflecting the audit based on the request for the audit towards the plurality of computing assets; sending, by the audit extension device, a result of the audit through the security perimeter to the audit device; assuming operations, by the audit extension device, of the audit device in response to a first detection indicating that the audit device is in a failure condition; and communicating with at least one of a network device and the audit device, and relinquishing operations of the audit device in response to a second detection indicating at least one of; that the audit device is not in the failure condition, and that the network device is assuming operations of the audit device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for managing an audit by an audit device, comprising:
-
initiating communication between an audit extension device and an audit device for an audit by sending a request for the audit to be performed on a plurality of computing assets through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device; receiving, by the audit device, a result of the audit from the audit extension device through the security perimeter; performing a remediation action based at least in part on a security policy; and relinquishing operations to the audit extension device in response to a first detection indicating that the audit device is in a failure condition; wherein the operations of the audit extension device is relinquished in response to a second detection indicating at least one of; that the audit device is not in the failure condition, and that a network device is assuming operations of the audit device. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable medium storing executable instructions that, when executed, cause an audit device to perform operations, comprising:
-
initiating communication between an audit extension device and an audit device for an audit by sending a request for the audit to be performed on a plurality of computing assets through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device; receiving, by the audit device, a result of the audit from the audit extension device through the security perimeter; performing a remediation action based at least in part on a security policy; and relinquishing operations to the audit extension device in response to a first detection indicating that the audit device is in a failure condition; wherein the operations of the audit extension device is relinquished in response to a second detection indicating at least one of; that the audit device is not in the failure condition, and that a network device is assuming operations of the audit device.
-
-
17. An audit extension device, comprising:
-
a network interface unit configured to initiate communication between an audit extension device and an audit device for an audit by receiving, through a security perimeter from the audit device, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets; and a processing unit configured to; reflect the audit based on the request towards the plurality of computing assets, send a result of the audit to the audit device through the security perimeter, assume operations of the audit device in response to a first detection indicating that the audit device is in a failure condition, and communicate with at least one of a network device and the audit device, and relinquish operations of the audit device in response to a second detection indicating at least one of; that the audit device is not in the failure condition, and that the network device is assuming operations of the audit device.
-
-
18. A system, comprising:
-
an audit extension device including; a first network interface unit configured to initiate communication between an audit extension device and an audit device for an audit by receiving, through a security perimeter, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device and a first processing unit configured to; reflect the audit based on the request towards the plurality of computing assets, send a result of the audit to the audit device through the security perimeter, assume operations of the audit device in response to a first detection indicating that the audit device is in a failure condition, and communicate with at least one of a network device and the audit device, and relinquish operations of the audit device in response to a second detection indicating at least one of; that the audit device is not in the failure condition, and that the network device is assuming operations of the audit device; and an audit device including; a second network interface unit configured to send the request for the audit through the security perimeter, and a second processing unit configured to; receive the result of the audit from the audit extension device through the security perimeter, and perform a remediation action based at least in part on a security policy.
-
Specification