Opportunistic system scanning

US 9,516,451 B2
Filed: 04/10/2012
Issued: 12/06/2016
Est. Priority Date: 04/10/2012
Status: Active Grant

First Claim

Patent Images

1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:

identify that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network;

determine that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network;

determine an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability;

identify a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan;

identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and

cause the first scan engine to perform the first scan on the detected particular computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected particular computing device remains on the network, wherein causing the first scan to be performed comprises sending a scan request to the identified first scan engine, and the scan request includes a scan script executable by the first scan engine to cause the first scan engine to perform the first scan.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Opportunistic scans can be performed by identifying, using at least one processing device, a detection of a particular computing device on a network of a computing environment. At least one scan to be performed on the detected particular computing device can be is identified and a particular scan engine, in a plurality of scan engines, is identified that is adapted to perform the at least one scan. The at least one scan is caused to be performed on the detected particular computing device while the detected particular computing device is on the network using the particular scan engine.

Citations

19 Claims

1. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network;
  
  determine that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network;
  
  determine an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability;
  
  identify a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan;
  
  identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and
  
  cause the first scan engine to perform the first scan on the detected particular computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected particular computing device remains on the network, wherein causing the first scan to be performed comprises sending a scan request to the identified first scan engine, and the scan request includes a scan script executable by the first scan engine to cause the first scan engine to perform the first scan.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The storage medium of claim 1, wherein the first scan engine is remote from the detected particular computing device.
  - 3. The storage medium of claim 2, wherein the first scan engine is adapted to perform network-based scans of remote computing devices.
  - 4. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to scan results of the performed first scan.
  - 5. The storage medium of claim 1, wherein the particular computing device is a mobile computing device.
  - 6. The storage medium of claim 1, wherein the particular computing device is detected by an asset detection tool on the network and detection of the particular computing device is identified from a message from the asset detection tool.
  - 7. The storage medium of claim 6, wherein the asset detection tool is a passive detection tool.
  - 8. The storage medium of claim 7, wherein the particular computing device was detected from data collected by a service in the network in connection with an event identified by the service.
  - 9. The storage medium of claim 7, wherein the particular computing device was detected from address information corresponding to the particular computing device included in traffic communicated in the network.
  - 10. The storage medium of claim 7, wherein the particular computing device was detected from address information added to a data store of a service within the network.
  - 11. The storage medium of claim 6, wherein the particular first scan engine and second scan engine are identified as associated with the asset detection tool detecting the particular computing device and the asset detection tool is one of a plurality of asset detection tools in the computing environment.
  - 12. The storage medium of claim 11, wherein identifying the scan engines associated with the asset detection tool includes querying a mapping of scan engines to asset detection tools.
  - 13. The storage medium of claim 6, wherein the asset detection tool is an active detection tool adapted to probe computing devices and detect whether computing devices are present on the network based on the probing.
  - 14. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to identify that the particular computing device is designated as a device to be scanned using the first scan in response to detection of the particular computing device within networks of the computing environment.
  - 15. The storage medium of claim 1, wherein the instructions, when executed, further cause the machine to:
    - identify detection of a second computing device on the network of the computing environment;
      
      identify another plurality of scans to be performed on the detected second computing device;
      
      identify a set of scan engines, in the plurality of scan engines, adapted to perform the other plurality of scans; and
      
      cause the other plurality of scans to be performed on the detected second computing device while the detected second computing device is on the network using the set of scan engines.

16. A method comprising:
- identifying, using at least one processing device, that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network;
  
  determining that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network;
  
  determining an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability;
  
  identifying a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan;
  
  identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and
  
  causing the first scan engine to perform the first scan on the detected particular computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected particular computing device remains on the network, wherein causing the first scan to be performed comprises sending a scan request to the identified first scan engine, and the scan request includes a scan script executable by the first scan engine to cause the first scan engine to perform the first scan.

17. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  an asset manager, comprising code operable, when executed by the at least one processor device, to;
  
  identify that a particular computing device has re-entered a network of a computing environment based on detection of the computing device on the network by an asset detection tool, wherein the particular computing device comprises a computing device previously detected on the network;
  
  determine that the particular computing device is included in a listing of a particular plurality of computing devices previously detected on the network for which vulnerability scans are to be opportunistically performed when each of the plurality of computing devices are re-detected on the network;
  
  determine an opportunity to perform at least two of a plurality of scans on the detected particular computing device based on the detection of the particular computing device, wherein the at least two scans comprises a first scan to detect whether the particular computing device possesses at least a first vulnerability and a second scan to detect whether the particular computing device possesses a different, second vulnerability;
  
  identify a first scan engine, in a plurality of scan engines, associated with the asset detection tool and adapted to perform at least the first scan;
  
  identify a second scan engine, in the plurality of scan engines, associated with the asset detection tool and adapted to perform the second scan; and
  
  cause the first scan engine to perform the first scan on the detected computing device and the second scan engine to perform the second scan on the detected particular computing device while the detected computing device remains on the network, wherein causing the first scan to be performed includes sending a scan request to the identified first scan engine, and the scan request includes a scan script that, when executed by the first scan engine, causes the first scan engine to perform the first scan.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, further comprising an asset detection engine adapted to detect activity of computing devices within the network and obtain identifications of the detected computing devices, wherein the asset detection engine comprises the first and second scan engines.
  - 19. The system of claim 17, further comprising the plurality of scan engines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Hugard, James Michael IV, Schrecker, Sven
Primary Examiner(s)
Srivastava, Vivek
Assistant Examiner(s)
DOAN, HIEN VAN

Application Number

US13/443,729
Publication Number

US 20130268652A1
Time in Patent Office

1,701 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04W 4/38 for collecting sensor infor...

H04W 4/80 Services using short range ...

Opportunistic system scanning

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Opportunistic system scanning

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links