Systems and methods for implementing security

US 9,369,493 B2
Filed: 06/22/2015
Issued: 06/14/2016
Est. Priority Date: 08/09/2011
Status: Active Grant

First Claim

Patent Images

1. A first computer system comprising:

one or more processing units;

memory, coupled to at least one of the one or more processing units, wherein the memory stores an operating system, and wherein the operating system is executed by the one or more processing units; and

one or more programs that run within the operating system, wherein a first program of the one or more programs is an agent that is executed by at least one of the one or more processing units, and wherein the agent includes instructions for;

obtaining an authentication token that is uniquely associated with the agent;

collecting security information about the first computer system according to one or more commands received from a remote security system;

transmitting the collected security information to the remote security system on an encrypted communication channel between the agent and the remote security system, wherein the encrypted communication channel uses the authentication token;

receiving executable instructions from the remote security server according to a security policy assigned to the agent, wherein the instructions are received through the encrypted communication channel; and

executing, at the first computer system, the received executable instructions, thereby implementing the assigned security policy.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and method are provided in accordance with one or more processes that run within an operating system, in which a first process of the one or more processes is an agent that encodes instructions for obtaining an authentication token uniquely associated with the agent. The agent collects security information about a first computer system running the one or more processes according to one or more commands received from a remote security system. The collected information is transmitted to the remote security system on an encrypted communication channel between the agent and the remote security system using the authentication token. Executable instructions are received through the encrypted communication channel at the first computer from the remote server according to a security policy assigned to the agent. The received executable instructions are executed at the first computer system, thereby implementing the assigned security policy.

Citations

30 Claims

1. A first computer system comprising:
- one or more processing units;
  
  memory, coupled to at least one of the one or more processing units, wherein the memory stores an operating system, and wherein the operating system is executed by the one or more processing units; and
  
  one or more programs that run within the operating system, wherein a first program of the one or more programs is an agent that is executed by at least one of the one or more processing units, and wherein the agent includes instructions for;
  
  obtaining an authentication token that is uniquely associated with the agent;
  
  collecting security information about the first computer system according to one or more commands received from a remote security system;
  
  transmitting the collected security information to the remote security system on an encrypted communication channel between the agent and the remote security system, wherein the encrypted communication channel uses the authentication token;
  
  receiving executable instructions from the remote security server according to a security policy assigned to the agent, wherein the instructions are received through the encrypted communication channel; and
  
  executing, at the first computer system, the received executable instructions, thereby implementing the assigned security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The first computer system of claim 1, wherein the collected security information identifies name-value pairs associated with the one or more processes or name-value pairs for privileges associated with the first computer system.
  - 3. The first computer system of claim 1, wherein the collected security information includes a plurality of data points related to forensic analysis for detection of compromise of the first computer system.
  - 4. The first computer system of claim 1, wherein the executable instructions include updates to a firewall policy for the first computer system.
  - 5. The first computer system of claim 1, wherein the executable instructions include updates to user privileges for the first computer system.
  - 6. The first computer system of claim 1, wherein the executable instructions include delivery of data values related to cryptographic operations to be conducted on the first computer system to access persistent data on the first computer system.
  - 7. The first computer system of claim 1, wherein the executable instructions include instructions for retrieval and use of data values related to cryptographic operations to be conducted on the first computer system in order to access persistent data on the first computer system.
  - 8. The first computer system of claim 1, wherein the executable instructions perform one of (i) a check a status of a setting associated with a file stored in the memory, (ii) a check a setting of a directory stored in the memory, (iii) a check a password associated with a user of the first computer system, or (iv) a check a password associated with a group of users of the first computer system.
  - 9. The first computer system of claim 1, wherein the collected security information identifies what ports the one or more processes are listening on.
  - 10. The first computer system of claim 1, wherein transmitting the collected information uses private information shared but not exchanged with the remote security system to digitally sign and encrypt the collected information prior to transmitting.
  - 11. The first computer system of claim 1, wherein the executable instructions include updates to implement a failsafe action on the first computer in the event of security compromise of the first computer system.
  - 12. The first computer system of claim 11, wherein the failsafe action comprises sending an administrator an alert, shutting down of a virtual machine on the first computer system, shutting down the agent, sending an alert to a user by e-mail, initiating forensic data collection on the first computer system, updating a firewall rule for the first computer system, or updating a configuration parameter on the first computer system.
  - 13. The first computer system of claim 1, wherein there is private information shared but not exchanged with the remote security system and wherein the authentication token and the shared private information enable the encrypted communication channel.
  - 14. The first computer system of claim 1, wherein the collected information identifies configurations of the one or more processes.
  - 15. The first computer system of claim 1, wherein the operating system and the one or more processes run within a first virtual machine within the memory.
  - 16. The first computer system of claim 15, wherein the first virtual machine is one of a plurality of virtual machines running on the first computer system.
  - 17. The first computer system of claim 16, wherein the assigned security policy encompasses the plurality of virtual machines running on the first computer system.
  - 18. The first computer system of claim 1, wherein the assigned security policy encompasses a plurality of computer systems, including the first computer system.
  - 19. The first computer system of claim 1, whereinthe one or more processes run within a virtual machine,the executable instructions comprise a first command set and a second command set,the first command set includes a first command to check a state of the operating system, andthe second command set includes a second command to check a state of a process in the one or more processes or a state of a data structure stored in the memory.
  - 20. The first computer system of claim 1, wherein the executable instructions include an action command, and wherein, subsequent to execution of the action command, the execution status of the action command is transmitted to the remote security system.
  - 21. The first computer system of claim 1, whereinthe operating system is running in a virtual machine,the executable instructions include an action command, andthe action command specifies:
    - (i) deleting, moving, or renaming of a file, combination of files, or a directory in the memory,(ii) altering a privilege of a user of the virtual machine,(iii) changing a time interval upon which the action command is re-executed,(iv) purging a cache associated with the virtual machine,(v) changing a priority of a process in the one or more processes,(vi) deleting or adding a user account associated with the virtual machine,(vii) reinitializing the virtual machine,(viii) activating or deactivating a firewall associated with the virtual machine,(ix) activating or deactivating a rule within a firewall associated with the virtual machine, or(x) changing a configuration parameter within the operating system.
  - 22. The first computer system of claim 1, wherein the executable instructions include modifications to a multi-factor authentication policy domain that controls the security of the first computer system.
  - 23. The first computer system of claim 1, wherein the collected information includes data related to the integrity of programs and data structures resident on the first computer system.

24. A computer security system comprising:
- one or more processing units;
  
  memory; and
  
  one or more programs stored in the memory and configured for execution by the one or more processing units, the one or more programs including instructions for;
  
  receiving a request from an agent program running within an operating system on a remote computer distinct from the computer security system;
  
  generating a unique authentication token for the agent program;
  
  transmitting the unique authentication token to the agent program;
  
  transmitting a plurality of commands to the agent program, for execution by the agent program to collect information for an evaluation of the operating system;
  
  receiving information from the agent program on an encrypted communication channel between the agent and the computer security system, wherein the information is obtained by execution of the plurality of commands by the agent program, and wherein the encrypted communication channel uses the authentication token;
  
  selecting a plurality of executable instructions for the agent program according to a security policy assigned to the agent and according to the received information; and
  
  transmitting the plurality of executable instructions to the agent program through the encrypted communication channel for execution at the remote computer, thereby implementing the assigned security policy.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The computer security system of claim 24, wherein receiving information through the encrypted communication channel uses data shared but not exchanged with the remote security system to authenticate and decrypt the information.
  - 26. The computer security system of claim 24, wherein selecting the executable instructions comprises:
    - creating a command queue that is uniquely associated with the agent program; and
      
      posting to the command queue one or more commands to be executed by the agent.
  - 27. The computer security system of claim 24, wherein the agent program is running in a virtual machine on the remote computer and an instruction in the plurality of executable instructions specifies:
    - (i) deleting, moving, or renaming of a file, combination of files, or a directory associated with the virtual machine,(ii) altering a privilege of a user of the virtual machine,(iii) changing a time interval upon which the executable instructions are re-executed by the virtual machine,(iv) purging a cache associated with the virtual machine,(v) changing a priority of a process executing on the virtual machine,(vi) deleting or adding a user account associated with the virtual machine,(vii) reinitializing the virtual machine,(viii) activating or deactivating a firewall associated with the virtual machine,(ix) activating or deactivating a rule within a firewall associated with the virtual machine,(x) changing a configuration parameter within the operating system,(xi) delivery of data values related to cryptographic operations to be conducted on the first computer system to access persistant persistent data,(xii) instructions for retrieval and use of data values related to cryptographic operations to be conducted on the first computer system in order to access persistent data,(xiii) updates to implement a failsafe action on the first computer in the event of security compromise of the first computer system, or(xiv) modifications to a multi-factor authentication policy domain that controls the security of the first computer system.
  - 28. The computer security system of claim 24, wherein instructions in the plurality of executable instructions include instructions for:
    - collecting data regarding a status of a network communication port of the remote computer or collecting data regarding a status of a process running on the remote computer; and
      
      transmitting the collected data through the encrypted communication channel for receipt by the computer security system.
  - 29. The computer security system of claim 24, wherein the one or more programs further include instructions for receiving data acquired by the plurality of commands, executed by the agent program on the remote computer, and evaluating the data against one or more rules, wherein the one or more rules are not shared with the remote computer system.
  - 30. The computer security system of claim 24, wherein the unique authentication token is generated for the agent program on the computer security system as part of an initialization procedure for the agent program, and wherein information generated by execution of the plurality of commands cannot be evaluated until the agent program has been assigned the authentication token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Runway Growth Finance Corporation
Original Assignee
CloudPassage Inc.
Inventors
Sweet, Carson, Geraymovych, Vitaliy
Primary Examiner(s)
Su, Sarah

Application Number

US14/746,334
Publication Number

US 20150288722A1
Time in Patent Office

358 Days
Field of Search

726/10, 726/2, 726/3, 726/5, 726/26, 726/29, 713/150
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

Systems and methods for implementing security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for implementing security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links