Scanning and remediating configuration settings of a device using a policy-driven approach
a technology of configuration settings and policy, applied in the direction of digital transmission, securing communication, electrical equipment, etc., can solve the problems of becoming increasingly difficult to effectively secure information contained on electronic devices as well as information transmitted to and from electronic devices, and conventional cybersecurity systems often fail to adequately address potential security issues, and conventional diagnostic tools are limited to providing a report of settings or configurations on a device that are out of compliance with a known set of standards
Pending Publication Date: 2022-08-04
VMWARE INC
View PDF45 Cites 1 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Benefits of technology
The present patent provides systems, methods, and computer-readable media that can enforce security policies on a client device. These systems perform operations that enable an agent on the client device to both scan and fix security issues. There is an idealmpotent operation in which a check and fix of a security policy are the same operation. This allows the systems to efficiently identify and remediate configuration settings of a client device that are out of compliance with security standards using a single software agent. The systems also provide a policy-driven approach to enforcing security policies, which can improve performance of the client device while complying with multiple security standards. This approach is more effective in addressing potential security issues across a wider range of client devices and applications.
Problems solved by technology
As software and hardware become more complex, it becomes increasingly difficult to effectively secure information contained on electronic devices as well as information transmitted to and from electronic devices (e.g., over the Internet).
Indeed, in an attempt to gather information, many individuals use viruses, spyware, malware, and other threatening tools to gather sensitive and / or valuable information.
While many tools exist for avoiding potential threats in cybersecurity of electronic devices, conventional cybersecurity systems often fail to adequately address potential security issues.
Conventional diagnostic tools, however, are limited to providing a report of settings or configurations on a device that are out of compliance with a known set of standards.
In addition to failing to enable effective diagnosis and remediation of potential security issues, conventional cybersecurity systems can be inflexible and computationally prohibitive.
For example, conventional cybersecurity systems are often limited to scanning a device for compliance with a specific security standard (e.g., Center for Internet Security (CIS) standards, Standard Technical Implementation Guide (STIG) standards, Payment Card Industry (PCI) standards, and Health Insurance Portability and Accountability Act (HIPAA)).
However, conventional cybersecurity systems may fail to effectively identify potential security threats for other devices or programs not specifically tailored to the security standard.
Furthermore, while a device may simply run different security checks based on multiple security standards, running comprehensive checks based on multiple standards can be expensive and can utilize significant computing resources.
These along with additional problems and issues exist with regard to conventional cybersecurity systems.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0019]One or more embodiments of the present disclosure include a configuration management system and configuration management agents that facilitate effective and flexible enforcement of security policies on a client device (or other computing device). For example, in one or more embodiments, a configuration management agent (or simply “agent”) can identify a plurality of security policies including configuration states associated with configuration settings of the client device. Upon receiving a request to implement the security policies on the client device, the agent can perform operations to enforce the configuration states defined by the security policies. In particular, the agent can enforce the configuration states defined by the security policies by checking and fixing a configuration setting associated with the configuration state. Indeed, the agent can enforce security policies by performing idempotent operations in which a check and a fix of a configuration setting are t...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present disclosure relates to systems, methods, and computer-readable media for implementing an efficient and flexible policy-driven approach to securing a computing device. For example, systems disclosed herein can enforce a first security policy of a first security standard. Systems disclosed herein can further audit for a first compliance level with the first security standard. Systems disclosed herein can further audit for a second compliance level with a second security standard. Systems disclosed herein can further determine an overlap between the first security standard and the second security standard, the overlap associated with a second security policy. Systems disclosed herein can further enforce the second security standard. Systems disclosed herein can further determine an update of the first compliance level based on the overlap.
Description
RELATED APPLICATION[0001]This patent arises from a continuation of U.S. patent application Ser. No. 16 / 125,543, (now U.S. Pat. No. 11,310,283) which was filed on Sep. 7, 2018. U.S. patent application Ser. No. 16 / 125,543 is hereby incorporated herein by reference in its entirety. Priority to U.S. patent application Ser. No. 16 / 125,543 is hereby claimed.BACKGROUND[0002]Recent years have seen rapid development in software products and electronic devices. For example, software products can affect functionality related to communication of data to and from electronic devices as well as operation of operating systems and / or individual applications installed on the electronic devices. As software and hardware become more complex, it becomes increasingly difficult to effectively secure information contained on electronic devices as well as information transmitted to and from electronic devices (e.g., over the Internet). Indeed, in an attempt to gather information, many individuals use viruse...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(United States)
IPC IPC(8): H04L9/40H04L41/0816H04L41/0866
CPCH04L63/205H04L41/0866H04L41/0816H04L63/20H04L41/0894
Inventor HATCH, THOMAS S.
Owner VMWARE INC