| 发明名称 | System and method for performing remote security assessment of firewalled computer | ||
| 摘要 | Methods and systems for scanning an endpoint terminal across an open computer network are disclosed. An exemplary method includes providing a scanner engine in a computer server in communication with an open computer network, and establishing a secure connection across the open computer network between the scanner engine and a scanner agent installed on the endpoint terminal in communication with the open computer network. Commands for collecting data regarding the endpoint terminal are sent from the scanner engine across the secure connection to the scanner agent. The scanner engine then receives the collected data from the scanner agent across the secure connection, analyzes the data to assess a current posture of the endpoint terminal, and determines any updates for the endpoint terminal from the analysis. Updates are sent across the secure connection to the scanner agent for installation on the endpoint terminal, and the secure connection may then be terminated. | ||
| 申请公布号 | US8925093(B2) | 申请公布日期 | 2014.12.30 |
| 申请号 | US201213482531 | 申请日期 | 2012.05.29 |
| 申请人 | Qualys, Inc. | 发明人 | Ali-Ahmad Wissam;Kandek Wolfgang;Kruse Holger;Dewan Vikas;Mazboudi Khair-ed-dine;Jampani Ganesh;Okumura Kenneth K. |
| 分类号 | G06F21/50;G06F21/60;H04L29/06 | 主分类号 | G06F21/50 |
| 代理机构 | Baker & McKenzie LLP | 代理人 | Baker & McKenzie LLP |
| 主权项 | 1. A method of conducting a scan on an endpoint system across an open computer network, the endpoint system being protected from the open computer network by a firewall, the method comprising: providing a scanner engine in a computer server in communication with the open computer network; providing a scanner agent installed on the endpoint system in communication with the open computer network through the firewall; establishing a secure layer connection between the scanner engine and the scanner agent without requiring credentialed access through an open firewall port; sending, from the scanner engine to the scanner agent installed on the endpoint system, commands for collecting data from the endpoint system; collecting data based on the commands via the secure layer connection regarding the endpoint system using the scanner agent, the collected data including at least one of system configuration information, system services information, or file system information; receiving the collected data from the scanner agent at the scanner engine via the secure layer connection; analyzing the collected data with the scanner engine to assess a current security vulnerability posture of the endpoint system, and determining any updates for the endpoint system from the analysis; and sending the updates via the secure layer connection to the scanner agent for installation on the endpoint system. | ||
| 地址 | Redwood Shores CA US | ||