Scanning Content Items Based on User Activity
US-2016092683-A1 · Mar 31, 2016 · US
Practical and dynamic approach to enterprise hardening
US10025937B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10025937-B1 |
| Application number | US-201514752619-A |
| Country | US |
| Kind code | B1 |
| Filing date | Jun 26, 2015 |
| Priority date | Jun 26, 2015 |
| Publication date | Jul 17, 2018 |
| Grant date | Jul 17, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening policy. The client computer is reconfigured based on the second hardening policy.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: monitoring activity on a client computer by an agent executing on the client computer, wherein the client computer is associated with a first hardening policy; evaluating the monitored activity based on one or more metrics, wherein each of the metrics is within a tolerance specified in the first hardening policy, and wherein the one or more metrics include a stability metric indicating a level of stability of the client computer, the stability metric being associated with the monitored activity which indicates a rate at which one or more applications are installed on the client computer; determining that at least one of the metrics is outside of the tolerance specified in the first hardening policy; associating the client computer with a second hardening policy based on the determination; and reconfiguring the client computer based on the second hardening policy, wherein reconfiguring the client computer based on the second hardening policy comprises: allowing installation of applications that are not included in a whitelist associated with the second hardening policy. 2. The method of claim 1 , wherein the monitored activity is further evaluated based on a context associated with the client computer. 3. The method of claim 1 , wherein the one or more metrics further include a risk metric indicating a likelihood that the client computer is susceptible to an attack. 4. The method of claim 1 , wherein the monitored activity includes at least one of activity of a user logged into the client computer, activity of one or more applications executing on the client computer, activity of network resources of the client computer, and system activity of the client computer. 5. The method of claim 1 , wherein reconfiguring the client computer based on the second hardening policy comprises: restricting access to network resources that are not included in a whitelist associated with the second hardening policy. 6. The method of claim 1 , wherein reconfiguring the client computer based on the second hardening policy comprises: restricting access to applications that are not included in a whitelist associated with the second hardening policy. 7. A non-transitory computer-readable storage medium storing instructions, which, when executed on a processor, perform an operation, the operation comprising: monitoring activity on a client computer by an agent executing on the client computer, wherein the client computer is associated with a first hardening policy; evaluating the monitored activity based on one or more metrics, wherein each of the metrics is within a tolerance specified in the first hardening policy, and wherein the one or more metrics include a stability metric indicating a level of stability of the client computer, the stability metric being associated with the monitored activity which indicates a rate at which one or more applications are installed on the client computer; determining that at least one of the metrics is outside of the tolerance specified in the first hardening policy; associating the client computer with a second hardening policy based on the determination; and reconfiguring the client computer based on the second hardening policy, wherein reconfiguring the client computer based on the second hardening policy comprises: allowing installation of applications that are not included in a whitelist associated with the second hardening policy. 8. The computer-readable storage medium of claim 7 , wherein the monitored activity is further evaluated based on a context associated with the client computer. 9. The computer-readable storage medium of claim 7 , wherein the one or more metrics further include a risk metric indicating a likelihood that the client computer is susceptible to an attack. 10. The computer-readable storage medium of claim 7 , wherein the monitored activity includes at least one of activity of a user logged into the client computer, activity of one or more applications executing on the client computer, activity of network resources of the client computer, and system activity of the client computer. 11. The computer-readable storage medium of claim 7 , wherein reconfiguring the client computer based on the second hardening policy comprises: restricting access to network resources that are not included in a whitelist associated with the second hardening policy. 12. The computer-readable storage medium of claim 7 , wherein reconfiguring the client computer based on the second hardening policy comprises: restricting access to applications that are not included in a whitelist associated with the second hardening policy. 13. A client computer comprising: a processor; and a memory storing program code, which, when executed on the processor, performs an operation, the operation comprising: monitoring activity on the client computer by an agent executing on the client computer, wherein the client computer is associated with a first hardening policy, evaluating the monitored activity based on one or more metrics, wherein each of the metrics is within a tolerance specified in the first hardening policy, and wherein the one or more metrics include a stability metric indicating a level of stability of the client computer, the stability metric being associated with the monitored activity which indicates a rate at which one or more applications are installed on the client computer, determining that at least one of the metrics is outside of the tolerance specified in the first hardening policy, associating the client computer with a second hardening policy based on the determination, and reconfiguring the client computer based on the second hardening policy, wherein reconfiguring the client computer based on the second hardening policy comprises: allowing installation of applications that are not included in a whitelist associated with the second hardening policy. 14. The client computer of claim 13 , wherein the monitored activity is further evaluated based on a context associated with the client computer. 15. The client computer of claim 13 , wherein the one or more metrics further include a risk metric indicating a likelihood that the client computer is susceptible to an attack. 16. The client computer of claim 13 , wherein the monitored activity includes at least one of activity of a user logged into the client computer, activity of one or more applications executing on the client computer, activity of network resources of the client computer, and system activity of the client computer. 17. The system client computer of claim 13 , wherein reconfiguring the client computer based on the second hardening policy comprises: restricting access to applications that are not included in a whitelist associated with the second hardening policy.
Assignees
Inventors
Classifications
- G06F21/604Primary
Tools and structures for managing or administering access control systems · CPC title
involving long-term monitoring or reporting · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Establishing or using transaction specific rules · CPC title
involving fraud or risk level assessment in transaction processing · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10025937B1 cover?
- Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance speci…
- Who is the assignee on this patent?
- Symantec Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/604. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).