Client device state collection and network-based processing solution

US 20150222765A9
Filed: 03/15/2013
Published: 08/06/2015
Est. Priority Date: 02/24/2013
Status: Active Grant

First Claim

Patent Images

1. A system for receiving and storing state data for a plurality of remote endpoint devices, the plurality of endpoint devices intermittently connected to the system, wherein the system includes:

a) a network interface for communicating over a network with the plurality of endpoint devices;

b) a repository for storing a plurality of state records, the plurality of state records comprising a state image for each of the plurality of endpoint devices; and

c) a processor unit in communication with the repository and for causing a manifest to be sent to at least some of the plurality of endpoint devices, the manifest providing directions to be executed at the at least some of the plurality of endpoint devices for endpoint state data to be gathered;

wherein the system is operable to receive state image deltas from the at least some of the plurality of endpoint devices, to merge the state image deltas into the repository, and to make the state images associated with the at least some of the plurality of endpoint devices available for analysis, wherein the at least some of the plurality of endpoint devices may be intermittently connected to the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The presently described embodiments relate to a novel system and method to collect state as a snapshot from a potentially transient endpoint and transmit the state to a public or private network for storage and processing. This system and method allows for the synchronization and virtualization of the endpoint state image in the network for purposes of processing, analysis, and reporting, including but not limited to endpoint vulnerability auditing.

33 Citations

View as Search Results

16 Claims

1. A system for receiving and storing state data for a plurality of remote endpoint devices, the plurality of endpoint devices intermittently connected to the system, wherein the system includes:
- a) a network interface for communicating over a network with the plurality of endpoint devices;
  
  b) a repository for storing a plurality of state records, the plurality of state records comprising a state image for each of the plurality of endpoint devices; and
  
  c) a processor unit in communication with the repository and for causing a manifest to be sent to at least some of the plurality of endpoint devices, the manifest providing directions to be executed at the at least some of the plurality of endpoint devices for endpoint state data to be gathered;
  
  wherein the system is operable to receive state image deltas from the at least some of the plurality of endpoint devices, to merge the state image deltas into the repository, and to make the state images associated with the at least some of the plurality of endpoint devices available for analysis, wherein the at least some of the plurality of endpoint devices may be intermittently connected to the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, and further comprising a scanner in communication with the repository, the scanner operable to analyze one or more of the state images stored in the repository.
  - 3. The system of claim 2, wherein the scanner is operable to determine possible vulnerabilities of one or more of the plurality of endpoint devices based on their state images without regard to whether such endpoint devices are connected to the network at the time of the analysis.
  - 4. The system of claim 1, wherein the state image records include directory records and wherein the repository is operable to organize the plurality of state records for each state image at least in part according to a hash of a pathname of a particular record in its associated endpoint device.
  - 5. The system of claim 4, wherein the repository is further operable to store a hash of a parent pathname of the particular record, whereby the repository includes parent/child relationships that are maintained according to the directory pathname hashes associated with the plurality of state records.
  - 6. The system of claim 5, whereby if a certain parent directory is updated, its subsidiary directories can automatically have state data gathered from them by virtue of the maintained relationships according to the directory pathname hashes associated with the plurality of state records.
  - 7. The system of claim 1, wherein the repository is operable to be updated according to the transmission of the state image deltas from the endpoint devices whereby if a certain hash is a new hash value it can be automatically added to and merged into the repository.
  - 8. The system of claim 1, wherein the plurality of state records are selected from the group consisting of directory records, registry state records, file system states, and environmental variable states.
  - 9. The system of claim 1, wherein the repository update process is idempotent such that the update process can be applied multiple times without introducing erroneous changes in the repository.
  - 10. The system of claim 1, wherein the processor unit is operable to establish higher and lower priority state collections for the gathering of the endpoint state data.
  - 11. The system of claim 1, and further comprising analyzing agents that can be propagated to and associated with the plurality of endpoint devices and which are operable in communication with the network interface to gather the endpoint state data from the plurality of endpoint devices.
  - 12. The system of claim 11, wherein the analyzing agents are further operable to build state images on their associated endpoint devices.
  - 13. The system of claim 12, wherein the state images built by the analyzing agents are stored on their associated endpoint devices as hashes of the endpoint state data.
  - 14. The system of claim 12, wherein at least some of the analyzing agents are application programming interfaces.
  - 15. The system of claim 14, wherein at least some of the application programming interfaces further serve to identify the endpoint devices with which they are associated.

16. A system for receiving and storing state data for a plurality of remote endpoint devices, the plurality of endpoint devices intermittently connected to the system, wherein the system includes:
- a) a network interface for communicating over a network with the plurality of endpoint devices;
  
  b) a repository for storing a plurality of state records, the plurality of state records comprising a state image for each of the plurality of endpoint devices; and
  
  c) a processor unit in communication with the repository and for causing a manifest to be sent to at least some of the plurality of endpoint devices, the manifest providing directions to be executed at the at least some of the plurality of endpoint devices for endpoint state data to be gathered; and
  
  d) a plurality of analyzing agents that can be propagated to and associated with the at least some of the plurality of endpoint devices and which are operable in communication with the network interface to gather state data from the at least some of the plurality of endpoint devices;
  
  wherein the system is operable to receive state image deltas from the at least some of the plurality of endpoint devices, to merge those state image deltas into the repository, and to make the state images from the at least some of the plurality of endpoint devices available for analysis, wherein the at least some of the plurality of endpoint devices may be intermittently connected to the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualys Incorporated
Original Assignee
Qualys Incorporated
Inventors
Kawach, Rami, Cook, Terry K., Sprague, Roger W. Jr., Stratton, Patrick J.

Granted Patent

US 10,341,509 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04N 1/00244 with a server, e.g. an inte...

H04N 1/21 Intermediate information st...

Client device state collection and network-based processing solution

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Client device state collection and network-based processing solution

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links