Unified scan management

US 9,407,653 B2
Filed: 04/10/2012
Issued: 08/02/2016
Est. Priority Date: 04/10/2012
Status: Active Grant

First Claim

Patent Images

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

identify a particular scan set to be performed on at least a portion of a computing environment, wherein the particular scan set comprises a plurality of scans and is to assess a particular policy of the computing environment;

determine a set of scan engines, in a plurality of scan engines, to perform the plurality of scans, wherein the set of scan engines comprises two or more different scan engines, and identifying the set of scan engines comprises identifying, for each of the plurality of scans, a respective scan engine in the plurality of scan engines operable to perform the scan on one or more host devices in the computing environment;

send a first request to a first one of the scan engines in the set of scan engines to perform at least one particular scan in the particular scan set, wherein the first scan engine is a network-based scan engine remote from the portion of the computing environment;

receive scan result data from the first scan engine identifying results of the particular scan; and

send a second request to a second-scan engine in the set of scan engines to perform at least one other scan based on results of the particular scan, wherein the second scan engine comprises a host-based scan engine hosted on a particular device in the portion of the computing environment and is to perform internal scans of the particular device, the second request indicates at least a portion of the results of the particular scan, and the other scan comprises a particular internal scan of the particular device using at least a portion of the results of the particular scan.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A particular scan set to be performed on at least a portion of a computing environment is identified. A particular scan engine, in a plurality of scan engines, is identified that is adapted to perform at least one scan in the particular scan set, each scan engine in the plurality of scan engines adapted to perform one or more scans on one or more host devices in the computing environment. A request is sent to the particular scan engine to perform the at least one scan in the particular scan set and scan result data is received from the particular scan engine corresponding to the at least one scan in the particular scan set.

29 Citations

View as Search Results

23 Claims

1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify a particular scan set to be performed on at least a portion of a computing environment, wherein the particular scan set comprises a plurality of scans and is to assess a particular policy of the computing environment;
  
  determine a set of scan engines, in a plurality of scan engines, to perform the plurality of scans, wherein the set of scan engines comprises two or more different scan engines, and identifying the set of scan engines comprises identifying, for each of the plurality of scans, a respective scan engine in the plurality of scan engines operable to perform the scan on one or more host devices in the computing environment;
  
  send a first request to a first one of the scan engines in the set of scan engines to perform at least one particular scan in the particular scan set, wherein the first scan engine is a network-based scan engine remote from the portion of the computing environment;
  
  receive scan result data from the first scan engine identifying results of the particular scan; and
  
  send a second request to a second-scan engine in the set of scan engines to perform at least one other scan based on results of the particular scan, wherein the second scan engine comprises a host-based scan engine hosted on a particular device in the portion of the computing environment and is to perform internal scans of the particular device, the second request indicates at least a portion of the results of the particular scan, and the other scan comprises a particular internal scan of the particular device using at least a portion of the results of the particular scan.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The storage medium of claim 1, wherein at least one of the first and second requests is sent through an agent.
  - 3. The storage medium of claim 1, wherein network-based scan engines are to perform external scans of the portion of the computing environment.
  - 4. The storage medium of claim 1, wherein a particular computing language in a plurality of computing languages is capable of being identified from the request by the first scan engine, and the scan engine is to access a corresponding language interpreter in a plurality of language interpreters on the first scan engine to perform the particular scan in the scan set.
  - 5. The storage medium of claim 4, wherein the request causes the particular language interpreter to be temporarily activated on the first scan engine during the at least one scan in the scan set.
  - 6. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to:
    - send a request to a second one of the set of scan engines to perform another scan in the scan set, wherein scan result data is also received from the second scan engine corresponding to the other scan in the scan set.
  - 7. The storage medium of claim 6, wherein the instructions, when executed, further cause the machine to aggregate received scan result data corresponding to each scan in the scan set.
  - 8. The storage medium of claim 6, wherein the second scan engine is a host-based scan engine hosted on a device in the portion of the computing environment and the other scan comprises an internal scan of the particular target device.
  - 9. The storage medium of claim 6, wherein the request to the second scan engine to perform the other scan is sent in response to the scan result data received from the first scan engine corresponding to the particular scan.
  - 10. The storage medium of claim 1, wherein the particular scan set is based, at least in part, on a security policy of the computing environment applicable to the portion of the computing environment.
  - 11. The storage medium of claim 10, wherein identifying the particular scan set includes generating the particular scan set based on the security policy.
  - 12. The storage medium of claim 10, wherein the security policy is one of device-centric policy, an organization-specific policy, and a regulatory policy.
  - 13. The storage medium of claim 1, wherein the at least a portion of the computing environment includes the entire computing environment.
  - 14. The storage medium of claim 1, wherein the particular scan engine is identified as operable to also perform a second scan in the particular scan set different from the particular scan, and the instructions, when executed, further cause the machine to:
    - send a request to the first scan engine to perform the second scan; and
      
      receive scan results data from the first scan engine corresponding to the second scan.
  - 15. The storage medium of claim 14, wherein the second scan involves a different scan target than the particular scan.
  - 16. The storage medium of claim 14, wherein the second scan is a different type of scan from the particular scan.
  - 17. The storage medium of claim 16, wherein the particular scan utilized a particular computing language and the second scan utilizes a different computing language than the particular scan.
  - 18. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to:
    - identify a second scan set different from the particular scan set to be performed on at least a portion of the computing environment;
      
      determine another set of scan engines in the plurality of scan engines to perform scans in the second scan set; and
      
      request scan engines in the other set of scan engines to perform the scans in the second scan set; and
      
      receive scan result data for the second scan set from corresponding scan engines in the other set of scan engines.
  - 19. The storage medium of claim 18, wherein the first scan engine is also included in the other set of scan engines.

20. A method comprising:
- identifying a particular scan set to be performed on at least a portion of a computing environment, wherein the particular scan set comprises a plurality of scans and is to assess a particular policy of the computing environment;
  
  determining a set of scan engines, in a plurality of scan engines, to perform the plurality of scans, wherein the set of scan engines comprises two or more different scan engines, and identifying the set of scan engines comprises identifying, for each of the plurality of scans, a respective scan engine in the plurality of scan engines operable to perform the scan on one or more host devices in the computing environment;
  
  sending a first request to a first one of the scan engines in the set of scan engines to perform at least one particular scan in the particular scan set, wherein the first scan engine is a network-based scan engine remote from the portion of the computing environment;
  
  receiving scan result data from the first scan engine identifying results of the particular scan; and
  
  sending a second request to a second-scan engine in the set of scan engines to perform at least one other scan based on results of the particular scan, wherein the second scan engine comprises a host-based scan engine hosted on a particular device in the portion of the computing environment and is to perform internal scans of the particular device, the second request indicates at least a portion of the results of the particular scan, and the other scan comprises a particular internal scan of the particular device using at least a portion of the results of the particular scan.

21. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  an asset management system server, adapted when executed by the at least one processor device to;
  
  identify a particular scan set to be performed on at least a portion of a computing environment, wherein the particular scan set comprises a plurality of scans and is to assess a particular policy of the computing environment;
  
  determine a set of scan engines, in a plurality of scan engines, to perform the plurality of scans, wherein the set of scan engines comprises two or more different scan engines, and identifying the set of scan engines comprises identifying, for each of the plurality of scans, a respective scan engine in the plurality of scan engines operable to perform the scan on one or more host devices in the computing environment;
  
  send a first request to a first one of the scan engines in the set of scan engines to perform at least one particular scan in the particular scan set, wherein the first scan engine is a network-based scan engine remote from the portion of the computing environment;
  
  receive scan result data from the first scan engine identifying results of the particular scan; and
  
  send a second request to a second-scan engine in the set of scan engines to perform at least one other scan based on results of the particular scan, wherein the second scan engine comprises a host-based scan engine hosted on a particular device in the portion of the computing environment and is to perform internal scans of the particular device, the second request indicates at least a portion of the results of the particular scan, and the other scan comprises a particular internal scan of the particular device using at least a portion of the results of the particular scan.
- View Dependent Claims (22, 23)
- - 22. The system of claim 21, further comprising the plurality of scan engines, the plurality of scan engines further comprising at least one host-based scan engine and the set of scan engines is determined to include the host-based scan engine.
  - 23. The system of claim 22, wherein each scan engine in the plurality of scan engines is a unified scan engine adapted to make use of a respective library of language interpreters included on the respective unified scan engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Nakawatase, Ryan Tadashi, Hugard, James Michael IV, Schrecker, Sven
Primary Examiner(s)
Lagor, Alexander

Application Number

US13/443,176
Publication Number

US 20130269028A1
Time in Patent Office

1,575 Days
Field of Search

726 22- 25
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Unified scan management

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Unified scan management

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links