Method for enforcing endpoint health standards

US 9,930,060 B2
Filed: 04/27/2016
Issued: 03/27/2018
Est. Priority Date: 06/01/2015
Status: Active Grant

First Claim

Patent Images

1. A method for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user, the method comprising:

at a remote server, implementing an inline frame;

embedding the inline frame within a web application, wherein the web application operates independently of the remote server;

using the inline frame embedded within the web application to transmit one or more health data probes from the remote server to the endpoint user device, the endpoint user device comprising an agentless endpoint user device with respect to the remote server, the one or more endpoint health data probes requesting current endpoint health data from the one or more non-agent applications or non-agent services operating with the endpoint user device;

collecting, at the inline frame, the current endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, wherein collecting the current endpoint health data comprises;

in response to receiving the one or more health data probes, receiving, at the inline frame, an HTTP user-agent header comprising (i) a current operating system type and (ii) a current operating system version of the endpoint user device, wherein the endpoint health data comprises the operating system type and the operating system version;

generating a comparison of the current endpoint health data of the end user device and endpoint health standards, the endpoint health standards comprising expected endpoint health data, wherein generating the comparison comprises;

comparing the current operating system type and the current operating system version to an expected operating system type and an expected operating system version, the expected endpoint health data comprising the expected operating system type and the expected operating system version; and

generating a second comparison of the current endpoint health data of the end user device and historic endpoint health data of the end user device, wherein generating the second comparison comprises;

comparing the current operating system type and the current operating system version of the endpoint user device to historic endpoint health data of the endpoint user device;

generating endpoint health intelligence from the comparison of the endpoint health data and the endpoint health standards, the endpoint health intelligence indicating endpoint security health of the endpoint user device;

generating an endpoint health notification from the endpoint health intelligence; and

notifying an administrator of a computer network with the endpoint health notification.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user includes collecting, at an inline frame implemented with a web application, endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, generating endpoint health intelligence from the endpoint health data, the endpoint health intelligence indicating endpoint security health of the endpoint user device, generating a first endpoint health notification comprising the endpoint health intelligence, and notifying an administrator of network with the first endpoint health notification.

Citations

25 Claims

1. A method for enforcing standards regarding security vulnerabilities for an endpoint user device associated with a user, the method comprising:
- at a remote server, implementing an inline frame;
  
  embedding the inline frame within a web application, wherein the web application operates independently of the remote server;
  
  using the inline frame embedded within the web application to transmit one or more health data probes from the remote server to the endpoint user device, the endpoint user device comprising an agentless endpoint user device with respect to the remote server, the one or more endpoint health data probes requesting current endpoint health data from the one or more non-agent applications or non-agent services operating with the endpoint user device;
  
  collecting, at the inline frame, the current endpoint health data of the endpoint user device in response to the user interfacing with the web application through the endpoint user device, wherein collecting the current endpoint health data comprises;
  
  in response to receiving the one or more health data probes, receiving, at the inline frame, an HTTP user-agent header comprising (i) a current operating system type and (ii) a current operating system version of the endpoint user device, wherein the endpoint health data comprises the operating system type and the operating system version;
  
  generating a comparison of the current endpoint health data of the end user device and endpoint health standards, the endpoint health standards comprising expected endpoint health data, wherein generating the comparison comprises;
  
  comparing the current operating system type and the current operating system version to an expected operating system type and an expected operating system version, the expected endpoint health data comprising the expected operating system type and the expected operating system version; and
  
  generating a second comparison of the current endpoint health data of the end user device and historic endpoint health data of the end user device, wherein generating the second comparison comprises;
  
  comparing the current operating system type and the current operating system version of the endpoint user device to historic endpoint health data of the endpoint user device;
  
  generating endpoint health intelligence from the comparison of the endpoint health data and the endpoint health standards, the endpoint health intelligence indicating endpoint security health of the endpoint user device;
  
  generating an endpoint health notification from the endpoint health intelligence; and
  
  notifying an administrator of a computer network with the endpoint health notification.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein the endpoint health data comprises endpoint operating system type and operating system version;
    - wherein generating the endpoint health intelligence comprises generating the endpoint health intelligence based on the operating system type and the operating system version.
  - 3. The method of claim 2, wherein collecting the endpoint health data comprises extracting, at the inline frame, the operating system type and the operating system version from an HTTP user-agent header.
  - 4. The method of claim 1, wherein collecting the endpoint health data includes performing, at the inline frame, digital fingerprinting of the agentless endpoint user device to collect hardware properties of the agentless endpoint user device, the endpoint health data comprising the hardware properties.
  - 5. The method of claim 1, wherein collecting the endpoint health data comprises collecting hardware properties of the agentless endpoint user device;
    - wherein the method further comprises generating an endpoint device profile from the hardware properties;
      
      wherein generating endpoint health intelligence comprises generating endpoint health intelligence from the endpoint device profile.
  - 6. The method of claim 1, wherein generating the endpoint health intelligence comprises generating the endpoint health intelligence from a comparison of the endpoint health data and endpoint health standards, the endpoint health standards comprising expected endpoint health data.
  - 7. The method of claim 6 further comprising:
    - collecting security information related to a version of an application operating on the agentless endpoint user device; and
      
      updating the expected endpoint health data based on the security information.
  - 8. The method of claim 6, further comprising:
    - collecting, at the inline frame, second endpoint health data of a second endpoint user device in response to a second user interfacing with the web application through the second endpoint user device;
      
      generating second endpoint health intelligence from the second endpoint health data;
      
      generating a second endpoint health notification comprising the second endpoint health intelligence; and
      
      notifying a second administrator of a second network with the second endpoint health notification.
  - 9. The method of claim 8, further comprising:
    - receiving, from the second administrator, a flagging of the second endpoint health data as vulnerable; and
      
      automatically updating the endpoint health standards with the second endpoint health data and the flagging.
  - 10. The method of claim 6, wherein comparing the endpoint health data to the endpoint health standards comprises:
    - generating a vulnerability indication using a machine learning model generated from the endpoint health standards, wherein the vulnerability indication is associated with the endpoint health data, and wherein the first endpoint health notification comprises the vulnerability indication.
  - 11. The method of claim 10, further comprising:
    - receiving, from the first administrator, verification of the vulnerability indication; and
      
      updating the machine learning model with the endpoint health data and the verification.
  - 12. The method of claim 11, further comprising receiving the verification at a security interface provided to the first administrator, the security interface accessible over the Internet.
  - 13. The method of claim 6, wherein generating the first endpoint health notification comprises generating the first endpoint health notification comprising a vulnerability warning, in response to the endpoint health data failing to meet an endpoint health standard of the endpoint health standards.
  - 14. The method of claim 1, wherein generating the endpoint health intelligence comprises generating a comparison between the endpoint health data of the agentless endpoint user device and second endpoint health data of a second endpoint user device, and wherein the first endpoint health notification comprises the comparison between the endpoint health data and the second endpoint health data.
  - 15. The method of claim 14, wherein the second endpoint user device is associated with a second user.
  - 16. The method of claim 1, wherein generating the endpoint health intelligence comprises identifying a security vulnerability associated with the endpoint health data, and wherein the first endpoint health notification comprises an indication of the security vulnerability.
  - 17. The method of claim 1, wherein collecting the endpoint health data comprises collecting the endpoint health data without installing an agent on the agentless endpoint user device.
  - 18. The method of claim 1, wherein the inline frame is used to authenticate the user, and wherein collecting the endpoint health data comprises collecting the endpoint health data only at the inline frame.
  - 19. The method of claim 1, further comprising providing a security interface to the administrator, the security interface accessible over the Internet, wherein notifying the administrator comprises presenting, through a wireless communicable link with an administrator device associated with the first administrator, the first endpoint health notification at the security interface.
  - 20. The method of claim 1, further comprising notifying the user with a second endpoint health notification comprising the endpoint health intelligence.
  - 21. The method of claim 20, wherein notifying the user comprises notifying the user at the agentless endpoint user device through the inline frame.
  - 22. The method of claim 1, wherein the agentless endpoint user device comprises an agentless entity with respect to the inline frame and the remote server.
  - 23. The method of claim 1, wherein the endpoint health intelligence comprises an indication of an unrecognized vulnerability at the agentless endpoint user device,wherein in response to detecting the unrecognized vulnerability at the agentless endpoint user device, automatically updating endpoint health standards of the computer network, andwherein updating the endpoint health standards includes updating the computer network'"'"'s access policies.
  - 24. The method of claim 1, wherein when a property of the current endpoint health data fails to meet a corresponding endpoint health standard for that property, identifying a security vulnerability based on the property failing to meet the corresponding endpoint health standard.
  - 25. The method of claim 1, wherein generating the endpoint health intelligence includes generating the endpoint health intelligence data after an amount of endpoint health data collected by the inline frame exceeds a threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas
Primary Examiner(s)
LESNIEWSKI, VICTOR D

Application Number

US15/139,545
Publication Number

US 20160350539A1
Time in Patent Office

699 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

Method for enforcing endpoint health standards

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method for enforcing endpoint health standards

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links