| 发明名称 |
Endpoint enabled for enterprise security assessment sharing |
| 摘要 |
An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken. |
| 申请公布号 |
US8955105(B2) |
申请公布日期 |
2015.02.10 |
| 申请号 |
US200711724060 |
申请日期 |
2007.03.14 |
| 申请人 |
Microsoft Corporation |
发明人 |
Hudis Efim;Helman Yair;Malka Joseph;Barash Uri |
| 分类号 |
G06F11/00 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
Tabor Ben;Drakos Kate;Minhas Micky |
| 主权项 |
1. An architecture implemented on a computer for a security product endpoint arranged for use in an enterprise security environment, the architecture comprising:
a communication channel that is commonly accessible by each security product endpoint in a plurality of security product endpoints that are deployed in the enterprise security environment; a common assessment sharing agent that is arranged for implementing a publish and subscribe model for security assessments over the common communication channel, wherein both publishers and subscribers on the security channel are security product endpoints, each security assessment being categorized by type and being published to the common communication channel, and arranged to provide contextual meaning to an object in the environment; and a common assessment generating engine that is operatively coupled as a client to the common assessment sharing agent, and arranged for generating a security assessment according to rules which take into account any combination of
a. locally-available information about the object or other objects being monitored by a security product endpoint,b. currently active security assessments received by the security product endpoint, andc. local actions taken by the security product endpoint in the past, in which sets of locally-available information for the security product endpoints are mutually exclusive, the common assessment generating engine being further arranged for generating the security assessment for transmission over the common communication channel by correlating the locally-available information data to a security assessment to which the security product endpoint subscribes. |
| 地址 |
Redmond WA US |
