Patent application number | Description | Published |
20120017274 | WEB SCANNING SITE MAP ANNOTATION - A computerized website vulnerability scanner includes a scanning module operable to navigate through a website and scan the website for vulnerabilities, and an annotation module operable to present a map of web pages comprising a part of the website. The annotation module is also operable to receive annotations from a user that are associated with the web pages, and the scanning module is further operable to use the user-provided annotations in subsequently scanning the website. | 01-19-2012 |
20130096980 | USER-DEFINED COUNTERMEASURES - A particular set of computing assets is identified on a particular computing system including a plurality of computing assets. A user definition is received of a particular countermeasure applied to the particular set of assets, the user definition of the countermeasure including identification of each asset in the particular set of assets and identification of at least one vulnerability or threat addressed by the particular countermeasure in a plurality of known vulnerabilities or threats. Based on the user definition, actual deployment of the particular countermeasure on the particular computing system is assumed in a risk assessment of at least a portion of the particular computing system. | 04-18-2013 |
20130097701 | USER BEHAVIORAL RISK ASSESSMENT - A particular activity performed by a particular user of a computing device is identified, for instance, by an agent installed on the computing device. It is determined that the particular activity qualifies as a particular use violation in a plurality of pre-defined use violations. A behavioral risk score for the particular score for the user is determined based at least in part on the determination that the particular activity of the particular user qualifies as a particular use violation. Determining that the particular activity qualifies as a particular use violation can include determining that the particular activity violates a particular rule or event trigger corresponding to a particular pre-defined use violation. | 04-18-2013 |
20130097709 | USER BEHAVIORAL RISK ASSESSMENT - A predetermined particular behavioral profile is identified associated with at least one particular user of a computing system, the particular behavioral profile identifying expected behavior of the at least one user within the computing system. Activities associated with use of the computing system by the particular user are identified and it is determined whether the identified activities correlate with the particular behavioral profile. Identifying an activity that deviates from the particular behavioral profile beyond a particular threshold triggers a risk event relating to the particular user. | 04-18-2013 |
20130097710 | MOBILE RISK ASSESSMENT - At least one available wireless access point is identified at a particular location and a connection is established with the available wireless access point. Communication is attempted with a trusted endpoint over the wireless access point and the attempted communication with the trusted endpoint over the wireless access point is monitored to assess risk associated with the wireless access point. Results of the assessment, in some instances, can be reported to an access point risk manager and risk associated with future attempts to use the wireless access point can be assessed based at least in part on the reported assessment results. | 04-18-2013 |
20130097711 | MOBILE RISK ASSESSMENT - A query is received from a particular endpoint device identifying a particular wireless access point encountered by the particular endpoint device. Pre-existing risk assessment data is identified for the identified particular wireless access point and query result data is sent to the particular endpoint device characterizing pre-assessed risk associated with the particular wireless access point. In some instances, the query result data is generated based on the pre-existing risk assessment data. In some instances, pre-existing risk assessment data can be the result of an earlier risk assessment carried-out at least in part by an endpoint device interfacing with and testing the particular wireless access point. | 04-18-2013 |
20130171965 | SIMPLIFIED MOBILE COMMUNICATION DEVICE - A first communication device is detected as being substantially collocated with a second communication device using a short-range wireless network. A connection is established between the first and second communication devices over the short-range wireless network. In some instances, authentication data can be sent from the second communication device to the first communication device to authenticate a user to the first communication device. Further, input is received from the first communication device over the short-range wireless network specifying a telephone number for a telephone call using the second communication device. A connection is established between the second communication device and a cellular base station to initiate the telephone call with a third communication device associated with the telephone number. In some instances, the second communication device is a wireless headset device. | 07-04-2013 |
20130174246 | SYSTEM AND METHOD FOR CLOUD BASED SCANNING FOR COMPUTER VULNERABILITIES IN A NETWORK ENVIRONMENT - A method in one embodiment includes establishing a first secure tunnel between a scanner and a configuration manager, and a second secure tunnel between the scanner and a scan controller, where the scanner is located in a public network and the configuration manager and the scan controller are located in a private network, communicating scanner configuration information between the scanner and the configuration manager over the first secure tunnel, and communicating scan information between the scanner and the scan controller over the second secure tunnel. The secure tunnels may be established from within the private network, by forwarding a first origination port and a second origination port to a first destination port and a second destination port, respectively. The first and second origination ports may be located in the public network, and the first and second destination ports may be located in the private network. | 07-04-2013 |
20130191919 | CALCULATING QUANTITATIVE ASSET RISK - A standardized vulnerability score is identified for a particular vulnerability in a plurality of known vulnerabilities, the standardized vulnerability score indicating a relative level of risk associated with the particular vulnerability relative other vulnerabilities. A vulnerability detection score is determined that indicates an estimated probability that a particular asset possess the particular vulnerability and a vulnerability composite score is determined for the particular asset to the particular vulnerability, the vulnerability composite score derived from the standardized vulnerability score and the vulnerability detection score. A countermeasure component score is identified that indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset. A risk metric for the particular asset and the particular vulnerability is determined from the vulnerability composite score and the countermeasure component score. In some instances, aggregate risk scores can be calculated from a plurality of calculated risk metrics. | 07-25-2013 |
20130247203 | Identifying Relationships Between Security Metrics - A security metrics system receives security information data for a network system of computers and metric definitions from metric sources. Each metric definition defines a heuristic for calculating a score for the network system from one or more security signal values at a time in the plurality of times, wherein the score quantifies a security metric for the network system. The system calculates each metric definition for a plurality of times and selecting metric definitions that are related to the performance of and are indicative of one or more other metric definitions as candidates to be key performance indicators. | 09-19-2013 |
20130247204 | SYSTEM AND METHOD FOR APPLICATION SECURITY ASSESSMENT - A system and method in one embodiment includes modules for running a test script to generate a request to a target application, receiving a response from the target application, and running a detector script to inspect the response for a vulnerability. More specific embodiments include a target web site, populating a work in a queue, where the work corresponds to content in the response, and running a second test script or detector script to generate a follow-up request to the application if the vulnerability has been identified in the response. Other embodiments include extracting the work from the queue, and running a second test script corresponding to the extracted work. Other embodiments include storing an injection in an injection cache, de-registering the injection from the injection cache if it is identified in the response, and re-crawling the application, if the injection has not been de-registered from the injection cache. | 09-19-2013 |
20130247205 | CALCULATING QUANTITATIVE ASSET RISK - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating quantitative risk metrics for assets and threats. Risk metrics are generated for individual assets and individual threats. These individual metrics can then be analyzed to generate aggregate risk metrics for assets, groups of assets, and threats. Assets and threats can be ordered according to their aggregate risk metrics. | 09-19-2013 |
20130268652 | OPPORTUNISTIC SYSTEM SCANNING - Opportunistic scans can be performed by identifying, using at least one processing device, a detection of a particular computing device on a network of a computing environment. At least one scan to be performed on the detected particular computing device can be is identified and a particular scan engine, in a plurality of scan engines, is identified that is adapted to perform the at least one scan. The at least one scan is caused to be performed on the detected particular computing device while the detected particular computing device is on the network using the particular scan engine. | 10-10-2013 |
20130268687 | WIRELESS TOKEN DEVICE - A first computing device is detected as substantially collocated with a wireless token device, using a short-range wireless communication network, and a connection is established between the first computing device and the wireless token device over the short-range wireless network. Authentication data stored in memory of the wireless token device is sent from the wireless token device to the first computing device over the short-range wireless network. The first computing device is authenticated to a particular computing session based on the authentication data and authenticating the first computing device permits the first computing device to participate in the particular computing session. | 10-10-2013 |
20130268758 | WIRELESS STORAGE DEVICE - A first computing device is detected as substantially collocated with a wireless storage device, using a short-range wireless communication network. A connection is established between the first computing device and the wireless storage device over the short-range wireless network. Data stored in memory of the wireless storage device is sent from the wireless storage device to the first computing device over the short-range wireless network for a presentation of the data using a user interface of the first computing device. The wireless storage device lacks user interfaces for the presentation of the data. In some instances, authentication of either or both of the first computing device or wireless storage device can be accomplished through communication between the first computing device and wireless storage device over the short-range wireless communication network. | 10-10-2013 |
20130268766 | WIRELESS TOKEN DEVICE - A first computing device is detected as substantially collocated with a wireless token device, using a short-range wireless communication network and a connection is established between the first computing device and the token device over the short-range wireless network. Authentication data is sent to the first computing device from the token device over the short-range wireless network to authenticate the token device at the first computing device. Authentication of the token device permits data accessible through the first computing device to be made available to a holder of the token device and to be presented on a user interface of the first computing device. In some instances, the wireless token device may otherwise lack user interfaces for presenting the data itself. | 10-10-2013 |
20130268767 | WIRELESS TOKEN AUTHENTICATION - Authentication data is received, from a first computing device, based on data received by the first computing device from a wireless token device, the authentication data used to authenticate a first user to a particular computing session hosted remote from the first computing device. The first computing device is authenticated to the particular computing session based on the received authentication data. The first computing device is permitted to consume resources of the particular computing session. In some instances, the data received by the first computing device from the wireless token device includes the authentication data. | 10-10-2013 |
20130269028 | UNIFIED SCAN MANAGEMENT - A particular scan set to be performed on at least a portion of a computing environment is identified. A particular scan engine, in a plurality of scan engines, is identified that is adapted to perform at least one scan in the particular scan set, each scan engine in the plurality of scan engines adapted to perform one or more scans on one or more host devices in the computing environment. A request is sent to the particular scan engine to perform the at least one scan in the particular scan set and scan result data is received from the particular scan engine corresponding to the at least one scan in the particular scan set. | 10-10-2013 |
20130269029 | UNIFIED SCAN ENGINE - A scan engine receives a request to perform a particular scan on at least a portion of a computing environment. The scan engine identifies a particular language interpreter in a set of available language interpreters for use in performing the particular scan and performs the particular scan using the particular language interpreter. The scan engine returns results of the particular scan. In some implementations, the scan engine is implemented on an agent enabling communication between the scan engine and an asset management system. | 10-10-2013 |
20130275574 | ASSET DETECTION SYSTEM - A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system. | 10-17-2013 |
20130275575 | NETWORK ADDRESS REPOSITORY MANAGEMENT - A first Internet protocol version 6 (IPv6) address of a particular computing device within a network is identified using a first passive discovery sensor performing a first discovery task. A second discovery task is caused to be performed using the first IPv6 address and an attribute of the particular computing device is identified from results of the second discovery task. The first IPv6 address and attribute of the particular device is added to a repository maintaining a record of detected IPv6 addresses within the network. In some instances, a first passive discovery sensor can be one of an event-based discovery sensor, a latent-type discovery sensor, and an indirect-type discovery sensor. | 10-17-2013 |
20130276053 | SYSTEM ASSET REPOSITORY MANAGEMENT - A plurality of system entities described in an asset repository are identified, the asset repository defining a particular hierarchical organization of the plurality of system entities within a computing environment. A particular system entity in the plurality of system entities is tagged with a particular tag. The particular system entity is associated with a particular security policy based on the particular system entity being tagged with the particular tag. The particular security policy is applied to system entities in the asset repository tagged with one or more tags in a particular set of tags including the particular tag. | 10-17-2013 |
20140172495 | SYSTEM AND METHOD FOR AUTOMATED BRAND PROTECTION - Brand threat information is identified relating to potential threats to one or more brands of one or more organizations. A characteristic of one or more operating environments is identified and a relation is determined between a particular one of the potential threats and the characteristic. The determined relation is used to determine risk associated with a particular brand of an organization. | 06-19-2014 |
20140172706 | SECURITY BROKER - An attempted transaction is identified involving a customer device and the first customer device is redirected to a security broker. A security report for the first customer device is received from the security broker. The security report is based on security data transmitted from the customer device to the security broker. An action can be performed in association with the attempted transaction based at least in part on the received security report. In some aspects, the security broker receives security data describing security conditions on the customer device in connection with the transaction between the customer device and a transaction partner. A risk tolerance policy is identified that corresponds to the transaction partner, such as an ecommerce provider. A security report is generated based on a comparison of the risk tolerance policy and the security data and the security report. | 06-19-2014 |
20140173738 | USER DEVICE SECURITY PROFILE - Attribute data of an endpoint computing device is collected that describes attributes of the endpoint computing device. The attribute data is communicated to a security score generator and security score data is received for the endpoint computing device. A graphical dashboard interface is caused to be presented on a display device, the dashboard interface presenting a plurality of security ratings based on the security score data, each security rating representing an amount of risk determined to be associated with a corresponding user activity on the endpoint device in a plurality of user activities. | 06-19-2014 |
20140173739 | AUTOMATED ASSET CRITICALITY ASSESSMENT - A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset. | 06-19-2014 |
20140181844 | HARDWARE MANAGEMENT INTERFACE - A management controller of a computing device is identified, the first management controller implemented in hardware of the first computing device and independent of a central processing unit (CPU) of the computing device. The management controller is queried for attributes of the computing device. Data is received from the management controller identifying one or more attributes of the computing device and a device drive is identified for the computing device. Communication is facilitated with the computing device using the device driver. In some instances, an inter-device operation is identified involving the computing device and at least one other computing device. The exchange of messages in the operation can be facilitated, for instance, by translating a message from the computing device for use by the other computing device involved in the operation. | 06-26-2014 |
20140181891 | HARDWARE MANAGEMENT INTERFACE - A management controller of a computing device is identified on a network and queried for attributes of the computing device. The management controller is securely implemented in hardware of the computing device and is independent of a central processing unit (CPU) of the computing device. Data is received from the management controller that identifies one or more attributes of the computing device. A security policy of the network is implemented for the computing device based on the one or more attributes. | 06-26-2014 |
20140181892 | HARDWARE-BASED DEVICE AUTHENTICATION - An opportunity for a computing device to participate in a secure session with a particular domain is identified. A domain identifier of the particular domain is received and a secured microcontroller of the computing device is used to identify a secured, persistent hardware identifier of the computing device stored in secured memory of the computing device. A secure identifier is derived for a pairing of the computing device and the particular domain based on the hardware identifier and domain identifier of the particular domain and the secure identifier is transmitted over a secured channel to the particular domain. The particular domain can verify identity of the computing device from the secure identifier and apply security policies to transactions involving the computing device and the particular domain based at least in part on the secure identifier. | 06-26-2014 |
20140181893 | HARDWARE-BASED DEVICE AUTHENTICATION - An opportunity for a computing device to participate in a secure session with a particular domain is identified. A secured microcontroller of the computing device is used to identify a secured, persistent seed corresponding to the particular domain and stored in secured memory of the computing device. A secure identifier is derived based on the seed and sent for use by the particular domain in authenticating the computing device to the particular domain for the secure session. The particular domain can further apply security policies to transactions involving the computing device and particular domain based at least in part on the secure identifier. | 06-26-2014 |
20140181894 | TRUSTED CONTAINER - A secure identifier is derived, using a secured microcontroller of a computing device, that is unique to a pairing of the computing device and a particular domain. Secure posture data corresponding to attributes of the computing device is identified in secured memory of the computing device. The secure identifier and security posture is sent in a secured container to a management device of the particular domain. The particular domain can utilize the information in the secured container to authenticate the computing device and determine a security task to be performed relating to interactions of the computing device with the particular domain. | 06-26-2014 |
20140208413 | SYSTEM AND METHOD FOR AN ENDPOINT HARDWARE ASSISTED NETWORK FIREWALL IN A SECURITY ENVIRONMENT - A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow. | 07-24-2014 |
20140250533 | MOBILE RISK ASSESSMENT - A query is received from a particular endpoint device identifying a particular wireless access point encountered by the particular endpoint device. Pre-existing risk assessment data is identified for the identified particular wireless access point and query result data is sent to the particular endpoint device characterizing pre-assessed risk associated with the particular wireless access point. In some instances, the query result data is generated based on the pre-existing risk assessment data. In some instances, pre-existing risk assessment data can be the result of an earlier risk assessment carried-out at least in part by an endpoint device interfacing with and testing the particular wireless access point. | 09-04-2014 |