Network appliance for vulnerability assessment auditing over multiple networks

US 9,306,967 B2
Filed: 08/30/2013
Issued: 04/05/2016
Est. Priority Date: 01/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method for managing an audit by an audit extension device, comprising:

initiating communication between an audit extension device and an audit device for an audit by receiving, by the audit extension device through a security perimeter from the audit device, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device;

reflecting the audit based on the request for the audit towards the plurality of computing assets;

sending, by the audit extension device, a result of the audit through the security perimeter to the audit device;

assuming operations, by the audit extension device, of the audit device in response to a first detection indicating that the audit device is in a failure condition; and

communicating with at least one of a network device and the audit device, and relinquishing operations of the audit device in response to a second detection indicating at least one of;

that the audit device is not in the failure condition, andthat the network device is assuming operations of the audit device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device'"'"'s audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.

38 Citations

18 Claims

1. A method for managing an audit by an audit extension device, comprising:
- initiating communication between an audit extension device and an audit device for an audit by receiving, by the audit extension device through a security perimeter from the audit device, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device;
  
  reflecting the audit based on the request for the audit towards the plurality of computing assets;
  
  sending, by the audit extension device, a result of the audit through the security perimeter to the audit device;
  
  assuming operations, by the audit extension device, of the audit device in response to a first detection indicating that the audit device is in a failure condition; and
  
  communicating with at least one of a network device and the audit device, and relinquishing operations of the audit device in response to a second detection indicating at least one of;
  
  that the audit device is not in the failure condition, andthat the network device is assuming operations of the audit device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the plurality of computing assets are on a same side of the security perimeter as the audit extension device.
  - 3. The method of claim 1, wherein the request for the audit further includes at least one of a request for a configuration, a probe, or a request for a resource associated with the plurality of computing assets.
  - 4. The method of claim 1, wherein the audit extension device is configured as a network appliance.
  - 5. The method of claim 1, wherein at least one of the receiving the request for the audit or the sending the result of the audit is performed through a secure network path.
  - 6. The method of claim 1, wherein the plurality of computing assets are on a different networking side of the security perimeter as the audit extension device.

7. A method for managing an audit by an audit device, comprising:
- initiating communication between an audit extension device and an audit device for an audit by sending a request for the audit to be performed on a plurality of computing assets through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device;
  
  receiving, by the audit device, a result of the audit from the audit extension device through the security perimeter;
  
  performing a remediation action based at least in part on a security policy; and
  
  relinquishing operations to the audit extension device in response to a first detection indicating that the audit device is in a failure condition;
  
  wherein the operations of the audit extension device is relinquished in response to a second detection indicating at least one of;
  
  that the audit device is not in the failure condition, andthat a network device is assuming operations of the audit device.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The method of claim 7, wherein the plurality of computing assets are on a same side of the security perimeter as the audit extension device.
  - 9. The method of claim 7, wherein the request for the audit further includes at least one of a request for a configuration, a probe, or a request for a resource associated with the plurality of computing assets.
  - 10. The method of claim 7, wherein the performing the remediation action includes at least one of providing a recommendation on a configuration, control, security policy, or a procedure associated with the plurality of computing assets.
  - 11. The method of claim 7, wherein the audit device is configured as a network appliance.
  - 12. The method of claim 7, wherein the plurality of computing assets are on a different networking side of the security perimeter as the audit extension device.
  - 13. The method of claim 7, further comprising instructing the audit extension device to quarantine a computing asset of the plurality of computing assets in a quarantined network in response to the computing asset failing to satisfy the security policy.
  - 14. The method of claim 13, further comprising removing the computing asset from the quarantined network in response to the result of the audit or the remediation action indicating that the computing asset satisfies the security policy.
  - 15. The method of claim 7, wherein at least one of the sending the audit request or the receiving the result of the audit is performed through a secure network path.

16. A non-transitory computer-readable medium storing executable instructions that, when executed, cause an audit device to perform operations, comprising:
- initiating communication between an audit extension device and an audit device for an audit by sending a request for the audit to be performed on a plurality of computing assets through a security perimeter to the audit extension device, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device;
  
  receiving, by the audit device, a result of the audit from the audit extension device through the security perimeter;
  
  performing a remediation action based at least in part on a security policy; and
  
  relinquishing operations to the audit extension device in response to a first detection indicating that the audit device is in a failure condition;
  
  wherein the operations of the audit extension device is relinquished in response to a second detection indicating at least one of;
  
  that the audit device is not in the failure condition, andthat a network device is assuming operations of the audit device.

17. An audit extension device, comprising:
- a network interface unit configured to initiate communication between an audit extension device and an audit device for an audit by receiving, through a security perimeter from the audit device, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets; and
  
  a processing unit configured to;
  
  reflect the audit based on the request towards the plurality of computing assets,send a result of the audit to the audit device through the security perimeter,assume operations of the audit device in response to a first detection indicating that the audit device is in a failure condition, andcommunicate with at least one of a network device and the audit device, and relinquish operations of the audit device in response to a second detection indicating at least one of;
  
  that the audit device is not in the failure condition, andthat the network device is assuming operations of the audit device.

18. A system, comprising:
- an audit extension device including;
  
  a first network interface unit configured to initiate communication between an audit extension device and an audit device for an audit by receiving, through a security perimeter, a request for the audit to be performed on a plurality of computing assets, the request for the audit including a request for information to be provided by the plurality of computing assets, wherein the plurality of computing assets are separate from the audit device anda first processing unit configured to;
  
  reflect the audit based on the request towards the plurality of computing assets,send a result of the audit to the audit device through the security perimeter,assume operations of the audit device in response to a first detection indicating that the audit device is in a failure condition, andcommunicate with at least one of a network device and the audit device, and relinquish operations of the audit device in response to a second detection indicating at least one of;
  
  that the audit device is not in the failure condition, andthat the network device is assuming operations of the audit device; and
  
  an audit device including;
  
  a second network interface unit configured to send the request for the audit through the security perimeter, anda second processing unit configured to;
  
  receive the result of the audit from the audit extension device through the security perimeter, andperform a remediation action based at least in part on a security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Inventors
Webb, Evan M., Boscolo, Christopher D., Gilde, Robert G.
Primary Examiner(s)
LIN, WEN TAI

Application Number

US14/015,138
Publication Number

US 20140013384A1
Time in Patent Office

949 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Network appliance for vulnerability assessment auditing over multiple networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Network appliance for vulnerability assessment auditing over multiple networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links