Endpoint management using trust rating data

US 8,763,076 B1
Filed: 06/04/2012
Issued: 06/24/2014
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium encoded with instructions, that when executed by one or more processors, cause the processor to carry out a process for endpoint management, the process comprising:

receiving from an endpoint a request to join a managed network, the request identifying to a server one or more applications currently on the endpoint;

determining if the identified applications are represented in a compliance policy database, wherein the compliance policy database comprises a list of applications and at least one security policy rule associated with each application in the list of applications;

in response to a determination that an identified first application is not represented in the compliance policy database;

determining a trust rating for the first application; and

dynamically generating at least one security policy rule associated with the first application based on the determined trust rating; and

in response to a determination that each identified application is represented in the compliance policy database, accessing the at least one security policy rule associated with each of the identified applications from the compliance policy database.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for implementing dynamic endpoint management. In accordance with one embodiment, whenever an endpoint joins a managed network for the first time, or rejoins that network, a local security module submits a list of applications (e.g., all or incremental) to a security server. The server validates the list and sends back a rule set (e.g., allow/block rules and/or required application security settings) for those applications. If the server has no information for a given application, it may further subscribe to content from a content provider or service. When the server is queried regarding an unknown application, the server sends a query to the service provider to obtain a trust rating for that unknown application. The trust rating can then be used to generate a rule set for the unknown application. Functionality can be shifted from server to client, and vice-versa if so desired.

158 Citations

18 Claims

1. A non-transitory machine-readable medium encoded with instructions, that when executed by one or more processors, cause the processor to carry out a process for endpoint management, the process comprising:
- receiving from an endpoint a request to join a managed network, the request identifying to a server one or more applications currently on the endpoint;
  
  determining if the identified applications are represented in a compliance policy database, wherein the compliance policy database comprises a list of applications and at least one security policy rule associated with each application in the list of applications;
  
  in response to a determination that an identified first application is not represented in the compliance policy database;
  
  determining a trust rating for the first application; and
  
  dynamically generating at least one security policy rule associated with the first application based on the determined trust rating; and
  
  in response to a determination that each identified application is represented in the compliance policy database, accessing the at least one security policy rule associated with each of the identified applications from the compliance policy database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory machine-readable medium of claim 1, the process further comprising:
    - compiling a security policy rule associated with an identified application into a response; and
      
      sending the response to the requesting endpoint.
  - 3. The non-transitory machine-readable medium of claim 1 wherein the endpoint is joining the managed network for the first time, and wherein the request identifies all applications at the endpoint.
  - 4. The non-transitory machine-readable medium of claim 1 wherein the endpoint is rejoining the managed network after having been disconnected, and wherein the request identifies only applications that have changed or been added to the endpoint since the endpoint was last connected to the managed network.
  - 5. The non-transitory machine-readable medium of claim 1 wherein determining the trust rating comprises querying a content provider service to obtain one or more factors for use in computing the trust rating for the first application by polling a peer group of the endpoint and receiving responses from the peer group.
  - 6. The non-transitory machine-readable medium of claim 1 wherein determining the trust rating comprises querying a content provider service to obtain one or more factors for use in computing the trust rating for the first application by querying a storage that catalogues applications by unique ID and has one or more factors associated with each ID.
  - 7. The non-transitory machine-readable medium of claim 1 wherein each security policy rule associated with an application comprises at least one of:
    - an allow determination for the application allowing an endpoint with the application to join the managed network, a block determination for the application preventing an endpoint with the application from joining the managed network, a compliance policy for the application indicating one or more compliance requirements that must be satisfied by the application before an endpoint with the application can join the managed network, a licensing policy for the application indicating one or more license requirements that must be satisfied by the application before an endpoint with the application can join the managed network, a launch time requirement for the application indicating a time that the application must launch for an endpoint with the application to join the managed network, and a security patch requirement for the application indicating one or more security patches that must be installed on an endpoint with the application before the endpoint can join the managed network.

8. A non-transitory machine-readable medium encoded with instructions, that when executed by one or more processors, cause the processor to carry out a process for endpoint management, the process comprising:
- detecting one or more applications currently on an endpoint;
  
  generating a request to join a managed network, the request identifying the one or more applications on the endpoint;
  
  sending the request from the endpoint to the managed network, the managed network configured to;
  
  determine if the identified applications are represented in a compliance policy database comprising a list of applications and at least one security policy rule associated with each application in the list of applications;
  
  responsive to a determination that an identified first application is not represented in the compliance policy database;
  
  determine a trust rating for the first application; and
  
  dynamically generate at least security policy rule for the first application based on the determined trust rating; and
  
  responsive to a determination that each identified application is represented in the compliance policy database, access the at least one security policy rule associated with each of the identified applications from the compliance policy database; and
  
  receiving from the managed network at least one security policy rule for each of the identified applications responsive to the request, with at least one of the received security policy rules having been dynamically generated by the managed network.
- View Dependent Claims (9, 10, 11)
- - 9. The non-transitory machine-readable medium of claim 8 wherein the endpoint is joining the managed network for the first time, and wherein the request identifies all applications on the endpoint.
  - 10. The non-transitory machine-readable medium of claim 8 wherein the request identifies only applications that have changed or been added to the endpoint since a last time applications were identified.
  - 11. The non-transitory machine-readable medium of claim 8 wherein each security policy rule associated with an application comprises at least one of:
    - an allow determination for the application allowing an endpoint with the application to join the managed network, a block determination for the application preventing an endpoint with the application from joining the managed network, a compliance policy for the application indicating one or more compliance requirements that must be satisfied by the application before an endpoint with the application can join the managed network, a licensing policy for the application indicating one or more license requirements that must be satisfied by the application before an endpoint with the application can join the managed network, a launch time requirement for the application indicating a time that the application must launch for an endpoint with the application to join the managed network, and a security patch requirement for the application indicating one or more security patches that must be installed on an endpoint with the application before the endpoint can join the managed network.

12. A system for endpoint management, comprising:
- a server comprising a non-transitory machine-readable medium encoded with instructions and a processor configured to execute the instructions, the instructions executable to cause the server to;
  
  receive from an endpoint a request to join a managed network, the request identifying to the server one or more applications currently on the endpoint;
  
  determine if the identified applications are represented in a compliance policy database, wherein the compliance policy database comprises a list of applications and at least one security policy rule associated with each application in the list of applications;
  
  in response to a determination that an identified first application is not represented in the compliance policy database;
  
  determine a trust rating for the first application; and
  
  dynamically generate at least one security policy rule for the first application based on the determined trust rating; and
  
  in response to a determination that each identified application is represented in the compliance policy database, accessing the at least one security policy rule associated with each of the identified applications from the compliance policy database.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12, wherein the instructions are executable to further cause the server to:
    - compile a security policy rule associated with an identified application into a response; and
      
      send the response to the requesting endpoint.
  - 14. The system of claim 12 wherein the endpoint is joining the managed network for the first time, and wherein the request identifies all applications at the endpoint.
  - 15. The system of claim 12 wherein the endpoint is rejoining the managed network after having been disconnected, and wherein the request identifies only applications that have changed or been added to the endpoint since the endpoint was last connected to the managed network.
  - 16. The system of claim 12 wherein determining the trust rating comprises querying a content provider service to obtain one or more factors for use in computing the trust rating for the first application by polling a peer group of the endpoint and receiving responses from the peer group.
  - 17. The system of claim 12 wherein determining the trust rating comprises querying a content provider service to obtain one or more factors for use in computing the trust rating for the first application by querying a storage that catalogues applications by unique ID and has one or more factors associated with each ID.
  - 18. The system of claim 12 wherein each security policy rule associated with an application comprises at least one of:
    - an allow determination for the application allowing an endpoint with the application to join the managed network, a block determination for the application preventing an endpoint with the application from joining the managed network, a compliance policy for the application indicating one or more compliance requirements that must be satisfied by the application before an endpoint with the application can join the managed network, a licensing policy for the application indicating one or more license requirements that must be satisfied by the application before an endpoint with the application can join the managed network, a launch time requirement for the application indicating a time that the application must launch for an endpoint with the application to join the managed network, and a security patch requirement for the application indicating one or more security patches that must be installed on an endpoint with the application before the endpoint can join the managed network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Hernacki, Brian
Primary Examiner(s)
LEE, JASON T

Application Number

US13/488,419
Time in Patent Office

750 Days
Field of Search

726/1, 726/4
US Class Current

726/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/604   Tools and structures for ma...

H04L 63/20   for managing network securi...

Endpoint management using trust rating data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Endpoint management using trust rating data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links