US2023328097A1PendingUtilityA1

Method And Apparatus For Measuring Information System Device Integrity And Evaluating Endpoint Posture

Assignee: SIX ENGINES LLCPriority: Aug 22, 2019Filed: Jun 16, 2023Published: Oct 12, 2023
Est. expiryAug 22, 2039(~13.1 yrs left)· nominal 20-yr term from priority
H04L 63/1433H04L 63/1425H04L 63/1416H04L 63/1483
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods, devices, and systems disclosed herein measure endpoint user security event susceptibility (e.g., a malware infection) and provide information for endpoint posture evaluation. A relatively small software application may be installed using, for example, a systems management push system where the software runs on each endpoint system and reports back to a central repository or base system. The software runs on machines that it is pushed to and generates a score for that endpoint. That score is a quantification of endpoint user security risk, i.e., the likelihood that a particular endpoint is likely to be the source of a security event at some point in the future. This information may be used to generate a Relative Score for each endpoint so that the endpoints can be ranked from most secure to least secure and an Absolute Score so that a given distributed system can be compared to other distributed systems.

Claims

exact text as granted — not AI-modified
We claim: 
     
         1 . A method of identifying endpoint user susceptibility across a distributed computer system, comprising:
 running a software application on a plurality of endpoints on a distributed system, wherein after said software application runs on one of said endpoints, said software application is erased from said one of said endpoints;   receiving information from at least some of said plurality of endpoints; and   ranking each of said endpoints from most secure to least secure.   
     
     
         2 . The method of  claim 1 , further comprising:
 generating a Relative Score for each of said plurality of endpoints from which said information was received based on analysis of a plurality of dimensions, each of said dimensions relating to a particular set of characteristics of a given of said plurality of endpoints,   wherein said ranking of said endpoints is based on said Relative Scores.   
     
     
         3 . The method of  claim 2 , wherein said Relative Score is based on a set of subscores, each of said subscores associated with one of said dimensions. 
     
     
         4 . The method of  claim 3 , further comprising:
 generating an Absolute Score based on a comparison of said subscores from each of said endpoints from which information was received and at least one different set of subscores from a different distributed computer system.   
     
     
         5 . The method of  claim 4 , wherein said Absolute Score is expressed as a percentile which indicates that said distributed computer system is more secure than a percentage of a set of different distributed computer systems to which said distributed computer system was compared. 
     
     
         6 . The method of  claim 4 , wherein said comparison is between a subset of distributed computer systems that share a common characteristic. 
     
     
         7 . The method of  claim 3 , wherein said Relative Score is a weighted sum of said subscores. 
     
     
         8 . The method of  claim 1 , wherein after said software application runs on one of said endpoints, said software application is erased from said one of said endpoints. 
     
     
         9 . The method of  claim 1 , wherein said software application is smaller than 5 megabytes (MB). 
     
     
         10 . The method of  claim 1 , wherein said at least one dimension is selected from a set of dimensions comprising management (user hygiene), forensic readiness, defensibility, insider threat indicia, spear phishing surface, exfiltration potential, performance, dark web footprint, and valuable employee indicia. 
     
     
         11 . The method of  claim 10 , wherein said set of dimensions further comprises physical security. 
     
     
         12 . The method of  claim 1 , wherein said at least one dimension comprises a management (user hygiene) dimension and a forensic readiness dimension. 
     
     
         13 . The method of  claim 1 , wherein each of said dimensions comprises a comparison of at least one characteristic of one of said endpoints related to said dimension and an acceptable benchmark value of said characteristic. 
     
     
         14 . A set of instructions fixed in a non-transitory computer-readable medium, comprising:
 pushing a software application from a base system to a plurality of endpoints on a first distributed system;   executing said software application at said endpoints;   erasing said software application from each of said endpoints after said software application executes at said endpoint;   receiving information at said base system from at least some of said plurality of endpoints;   ranking each of said endpoints from most secure to least secure based on a set of subscores associated with with at least one of a plurality of dimensions, each of said dimensions relating to a particular set of characteristics of a given of said plurality of endpoints;   comparing said subscores to a set of subscores from other distributed systems to generate a comparative ranking of said first distributed system relative to said other distributed systems; and   displaying one or both of said endpoint ranking and said distributed system ranking to at least one user.   
     
     
         15 . The set of instructions of  claim 14 , wherein said ranking of said endpoints constitutes a Relative Score. 
     
     
         16 . The set of instructions of  claim 15 , wherein said Relative Score is a weighted sum of said subscores. 
     
     
         17 . The set of instructions of  claim 14 , wherein said software application is smaller than 5 megabytes (MB). 
     
     
         18 . The set of instructions of  claim 14 , wherein said distributed system ranking constitutes an Absolute Score. 
     
     
         19 . The set of instructions of  claim 14 , wherein said at least one dimension is selected from a set of dimensions comprising management (user hygiene), forensic readiness, defensibility, insider threat indicia, spear phishing surface, exfiltration potential, performance, dark web footprint, and valuable employee indicia. 
     
     
         20 . The set of instructions of  claim 19 , wherein said set of dimensions further comprises physical security.

Join the waitlist — get patent alerts

Track US2023328097A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.