Network appliance for vulnerability assessment auditing over multiple networks

US 8,554,903 B2
Filed: 10/23/2007
Issued: 10/08/2013
Est. Priority Date: 01/19/2005
Status: Active Grant

First Claim

Patent Images

1. A system for managing an audit of a computing asset over a network comprising:

an audit extension device comprising;

program code that is operative to cause the audit extension device to perform actions, comprising;

receiving through a security perimeter an audit request to be performed on the computing asset, which audit request comprises, at least in part, a request for information to be provided by the computing asset;

reflecting the audit based on the request towards the computing asset; and

sending a result of the audit through the security perimeter; and

an audit device comprising;

program code that is operative to cause the audit device to perform actions, comprising;

sending the audit request through the security perimeter to the audit extension device;

receiving the result of the audit from the audit extension device through the security perimeter; and

based at least in part on a security policy, performing a remediation action.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device'"'"'s audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks.

38 Citations

View as Search Results

15 Claims

1. A system for managing an audit of a computing asset over a network comprising:
- an audit extension device comprising;
  
  program code that is operative to cause the audit extension device to perform actions, comprising;
  
  receiving through a security perimeter an audit request to be performed on the computing asset, which audit request comprises, at least in part, a request for information to be provided by the computing asset;
  
  reflecting the audit based on the request towards the computing asset; and
  
  sending a result of the audit through the security perimeter; and
  
  an audit device comprising;
  
  program code that is operative to cause the audit device to perform actions, comprising;
  
  sending the audit request through the security perimeter to the audit extension device;
  
  receiving the result of the audit from the audit extension device through the security perimeter; and
  
  based at least in part on a security policy, performing a remediation action.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the program code of the audit extension device is operative to cause the audit extension device to perform actions, further comprising:
    - in response to a first detection that the audit device is in a failure condition, assuming operations of the audit device; and
      
      in response to a second detection that the audit device is no longer in the failure condition, or a network device is assuming operations of the audit device, communicating with the audit device or the network device and relinquishing operations of the audit device.
  - 3. The system of claim 1, wherein the computing asset is on a same side of the security perimeter as the audit extension device.
  - 4. The system of claim 1, wherein the audit request further comprises at least one of a request for a configuration, a probe, or a request for a resource associated with the computing asset.
  - 5. The system of claim 1, wherein performing a remediation action further comprises at least one of providing a recommendation on a configuration, control, security policy, or a procedure associated with the computing asset.
  - 6. The system of claim 1, wherein at least one of the audit extension device or the audit device is configured as a network appliance.
  - 7. The system of claim 1, wherein at least one of the receiving the audit request or the sending the result of the audit is performed through a secure network path.

8. A network device for managing an audit of a computing asset over a network, comprising:
- a transceiver configured to send and receive data over the network; and
  
  an audit extension component that is programmed to perform actions comprising;
  
  receiving, from another device, through a security perimeter an audit request to be performed on the computing asset, which audit request comprises, at least in part, a request for information to be provided by the computing asset;
  
  reflecting the audit based on the request towards the computing asset;
  
  receiving a response to the audit; and
  
  sending the response of the audit through the security perimeter towards the other device.
- View Dependent Claims (9)
- - 9. The network device of claim 8, wherein the network device is configured to operate as a slave device to the other device such that in response to a failure detection of the other device, the network device is further configured to assume at least one operation of the other device, including at least one of quarantining the computing asset, or performing a remediation action upon the computing asset based at least in part on the response of the audit.

10. A network device for managing an audit of a computing asset over a network, comprising:
- a transceiver configured to send and receive data over the network; and
  
  an audit component that is programmed to perform actions comprising;
  
  sending an audit request through a security perimeter to an audit extension device that is configured to reflect the audit request towards the computing asset, which audit request comprises, at least in part, a request for information to be provided by the computing asset;
  
  receiving a result of the audit from the audit extension device through the security perimeter; and
  
  based at least in part on a security policy, performing a remediation action.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The network device of claim 10, wherein the computing asset is on a same networking side of the security perimeter as the audit extension device.
  - 12. The network device of claim 10, wherein the computing asset is on a different networking side of the security perimeter as the audit extension device.
  - 13. The network device of claim 10, wherein the actions further comprises:
    - configuring the computing asset to be on a quarantined network; and
      
      in response to the result of the audit or the remediation action indicates that the computing asset satisfies the security policy, configuring the computing asset to no longer be on the quarantined network.
  - 14. The network device of claim 10, wherein the actions further comprises:
    - employing the audit extension device to remotely perform at least one of quarantining the computing asset, or performing a remediation action upon the computing asset based at least in part on the response of the audit.

15. A method for managing an audit of a computing asset over a network, comprising:
- sending through a security perimeter, to a network device, an audit request of the computing asset, wherein the computing asset is on a different side of the security perimeter as the network device and which audit request comprises, at least in part, a request for information to be provided by the computing asset;
  
  enabling the audit to be performed based on the request upon the computing asset; and
  
  using the network device to reflect the audit towards the computing asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Vadarro Services LLC (Intellectual Ventures LLC)
Inventors
Boscolo, Christopher Daniel, Gilde, Robert G., Webb, Evan M.
Primary Examiner(s)
LIN, WEN TAI

Application Number

US11/877,496
Publication Number

US 20080060076A1
Time in Patent Office

2,177 Days
Field of Search

None
US Class Current

709/224
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

Network appliance for vulnerability assessment auditing over multiple networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Network appliance for vulnerability assessment auditing over multiple networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links