Endpoint management using trust rating data

US 8,239,915 B1
Filed: 06/30/2006
Issued: 08/07/2012
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium encoded with instructions, that when executed by one or more processors, cause the processor to carry out a process for endpoint management, the process comprising:

receiving from an endpoint an endpoint request to join a managed network, the endpoint identifying to a server in the request one or more applications currently on the endpoint;

determining if the identified applications are represented in a compliance policy database, wherein the compliance policy database comprises a list of applications and one or more security policy rules associated with each application in the list of applications that impose required settings for the application that must be met for providing access to the managed network;

in response to a determination that an identified application is not represented in the compliance policy database;

querying a content provider service to obtain one or more factors for the application not represented in the compliance policy database for use in computing a trust rating for the application not represented in the compliance policy database, or a pre-computed trust rating for the application not represented in the compliance policy database;

determining a trust rating for the application not represented in the compliance policy database based on the one or more factors for the application not represented in the compliance policy database or the pre-computed trust rating; and

dynamically generating one or more security policy rules for the application represented in the compliance policy database based on the determined trust rating, the one or more security policy rules for use in a managed endpoint compliance scheme; and

in response to a determination that an identified application is represented in the compliance policy database;

retrieving the one or more security policy rules associated with the represented application from the compliance policy database.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for implementing dynamic endpoint management. In accordance with one embodiment, whenever an endpoint joins a managed network for the first time, or rejoins that network, a local security module submits a list of applications (e.g., all or incremental) to a security server. The server validates the list and sends back a rule set (e.g., allow/block rules and/or required application security settings) for those applications. If the server has no information for a given application, it may further subscribe to content from a content provider or service. When the server is queried regarding an unknown application, the server sends a query to the service provider to obtain a trust rating for that unknown application. The trust rating can then be used to generate a rule set for the unknown application. Functionality can be shifted from server to client, and vice-versa if so desired.

230 Citations

18 Claims

1. A non-transitory machine-readable medium encoded with instructions, that when executed by one or more processors, cause the processor to carry out a process for endpoint management, the process comprising:
- receiving from an endpoint an endpoint request to join a managed network, the endpoint identifying to a server in the request one or more applications currently on the endpoint;
  
  determining if the identified applications are represented in a compliance policy database, wherein the compliance policy database comprises a list of applications and one or more security policy rules associated with each application in the list of applications that impose required settings for the application that must be met for providing access to the managed network;
  
  in response to a determination that an identified application is not represented in the compliance policy database;
  
  querying a content provider service to obtain one or more factors for the application not represented in the compliance policy database for use in computing a trust rating for the application not represented in the compliance policy database, or a pre-computed trust rating for the application not represented in the compliance policy database;
  
  determining a trust rating for the application not represented in the compliance policy database based on the one or more factors for the application not represented in the compliance policy database or the pre-computed trust rating; and
  
  dynamically generating one or more security policy rules for the application represented in the compliance policy database based on the determined trust rating, the one or more security policy rules for use in a managed endpoint compliance scheme; and
  
  in response to a determination that an identified application is represented in the compliance policy database;
  
  retrieving the one or more security policy rules associated with the represented application from the compliance policy database.
- View Dependent Claims (2, 3, 4, 5, 6, 16)
- - 2. The non-transitory machine-readable medium of claim 1, the process further comprising:
    - compiling the one or more security policy rules into a response; and
      
      sending the response to the requesting endpoint.
  - 3. The non-transitory machine-readable medium of claim 1 wherein the endpoint is joining the managed network for the first time, and the request identifies all applications at the endpoint.
  - 4. The non-transitory machine-readable medium of claim 1 wherein the endpoint is rejoining the managed network after having been disconnected, and the request identifies only applications that have changed, including new applications.
  - 5. The non-transitory machine-readable medium of claim 1 wherein querying a content provider service to obtain one or more factors for the application not represented in the compliance policy database includes polling a peer group of the endpoint and receiving responses from the peer group.
  - 6. The non-transitory machine-readable medium of claim 1 wherein querying a content provider service to obtain one or more factors for the application not represented in the compliance policy database includes querying a storage that catalogues applications by unique ID and has one or more factors associated with each ID.
  - 16. The non-transitory machine-readable medium of claim 1, wherein each of the one or more applications currently on the endpoint comprises an application installed on the endpoint.

7. A non-transitory machine-readable medium encoded with instructions, that when executed by one or more processors, cause the processor to carry out a process for endpoint management, the process comprising:
- detecting a one or more applications on an endpoint;
  
  generating an endpoint request to join a managed network, the request identifying the one or more applications on the endpoint;
  
  sending the endpoint request from the endpoint to the managed network for analysis, the managed network configured to;
  
  determine if the identified applications are represented in a compliance policy database comprising a list of applications and one or more security policy rules associated with each application in the list of applications;
  
  responsive to a determination that an identified application is not represented in the compliance policy database, query a content provider service to obtain one or more factors for the application not represented in the compliance policy database used to compute a trust rating for the application not represented in the compliance policy database, or to obtain a pre-computed trust rating for the application not represented in the compliance policy database;
  
  determine a trust rating for the application not represented in the compliance policy database based on the one or more factors for the application not represented in the compliance policy database or the pre-computed trust rating; and
  
  dynamically generate one or more security policy rules for the application not represented in the compliance policy database based on the determined trust rating, the one or more security policy rules for use in a managed endpoint compliance scheme; and
  
  receiving from the managed network one or more security policy rules for each of the identified applications responsive to the endpoint request, with at least one of the security policy rules having been dynamically generated.
- View Dependent Claims (8, 9, 10, 11, 17)
- - 8. The non-transitory machine-readable medium of claim 7 wherein the endpoint is joining the managed network for the first time, and the endpoint request identifies all endpoint applications on the endpoint.
  - 9. The non-transitory machine-readable medium of claim 7 wherein the request identifies only applications that have changed since a last time applications were identified, including new applications.
  - 10. The non-transitory machine-readable medium of claim 7 further comprising:
    - scanning the endpoint regularly for new applications or for applications that have changed since a previous scan; and
      
      dynamically updating a server with each of the new applications on the endpoint.
  - 11. The non-transitory machine-readable medium of claim 7 further comprising:
    - indexing the applications on the endpoint, excluding applications that are known to be trusted applications;
      
      monitoring for new applications; and
      
      responsive to detecting a new application, capturing one or more attributes about the application and capturing system information at a time of detection of the new application.
  - 17. The non-transitory machine-readable medium of claim 7, wherein each of the one or more applications on the endpoint comprises an application installed on the endpoint.

12. A system for endpoint management, comprising:
- a server comprising a non-transitory machine-readable medium encoded with instructions and a processor configured to execute the instructions, the instructions configured to cause the server to;
  
  receive from an endpoint an endpoint request to join a managed network, the endpoint identifying to the server in the request one or more applications currently on the endpoint;
  
  determine if the identified applications are represented in a compliance policy database, wherein the compliance policy database comprises a list of applications and one or more security policy rules associated with each application in the list of applications that impose required settings for the application that must be met for providing access to the managed network;
  
  in response to a determination that an identified application is not represented in the compliance policy database;
  
  query a content provider service to obtain one or more factors for the application not represented in the compliance policy database for use in computing a trust rating for the application not represented in the compliance policy database or a pre-computed trust rating for the application not represented in the compliance policy database;
  
  determine a trust rating for the application not represented in the compliance policy database based on the one or more factors for the application not represented in the compliance policy database or the pre-computed trust rating; and
  
  dynamically generate one or more security policy rules for the application not represented in the compliance policy database based on the determined trust rating, the one or more security policy rules for use in a managed endpoint compliance scheme; and
  
  in response to a determination that an identified application is represented in the compliance policy database;
  
  retrieve the one or more security policy rules associated with the represented application from the compliance policy database.
- View Dependent Claims (13, 14, 15, 18)
- - 13. The system of claim 12, wherein the instructions are further configured to cause the server tocompile the one or more security policy rules into a response;
    - andsend the response to the requesting endpoint.
  - 14. The system of claim 12 wherein querying the content provider service includes at least one of polling a peer group of the endpoint and querying a storage that catalogues applications by unique ID and has one or more application factors associated with each ID.
  - 15. The system of claim 12 wherein the endpoint is joining the managed network for the first time, and the endpoint request received by the server identifies all endpoint applications on the endpoint.
  - 18. The system of claim 12, wherein each of the one or more applications currently on the endpoint comprises an application installed on the endpoint.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Hernacki, Brian
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Lee, Jason

Application Number

US11/427,938
Time in Patent Office

2,230 Days
Field of Search

726/1, 726/4, 713/166
US Class Current

726/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/604   Tools and structures for ma...

H04L 63/20   for managing network securi...

Endpoint management using trust rating data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

230 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Endpoint management using trust rating data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

230 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links