Method And Apparatus For Measuring Information System Device Integrity And Evaluating Endpoint Posture
Abstract
Methods, devices, and systems disclosed herein measure endpoint user security event susceptibility (e.g., a malware infection) and provide information for endpoint posture evaluation. A relatively small software application may be installed using, for example, a systems management push system where the software runs on each endpoint system and reports back to a central repository or base system. The software runs on machines that it is pushed to and generates a score for that endpoint. That score is a quantification of endpoint user security risk, i.e., the likelihood that a particular endpoint is likely to be the source of a security event at some point in the future. This information may be used to generate a Relative Score for each endpoint so that the endpoints can be ranked from most secure to least secure and an Absolute Score so that a given distributed system can be compared to other distributed systems.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A method of identifying endpoint user susceptibility across a distributed computer system, comprising:
running a software application on a plurality of endpoints on a distributed system, wherein after said software application runs on one of said endpoints, said software application is erased from said one of said endpoints; receiving information from at least some of said plurality of endpoints; and ranking each of said endpoints from most secure to least secure.
2 . The method of claim 1 , further comprising:
generating a Relative Score for each of said plurality of endpoints from which said information was received based on analysis of a plurality of dimensions, each of said dimensions relating to a particular set of characteristics of a given of said plurality of endpoints, wherein said ranking of said endpoints is based on said Relative Scores.
3 . The method of claim 2 , wherein said Relative Score is based on a set of subscores, each of said subscores associated with one of said dimensions.
4 . The method of claim 3 , further comprising:
generating an Absolute Score based on a comparison of said subscores from each of said endpoints from which information was received and at least one different set of subscores from a different distributed computer system.
5 . The method of claim 4 , wherein said Absolute Score is expressed as a percentile which indicates that said distributed computer system is more secure than a percentage of a set of different distributed computer systems to which said distributed computer system was compared.
6 . The method of claim 4 , wherein said comparison is between a subset of distributed computer systems that share a common characteristic.
7 . The method of claim 3 , wherein said Relative Score is a weighted sum of said subscores.
8 . The method of claim 1 , wherein after said software application runs on one of said endpoints, said software application is erased from said one of said endpoints.
9 . The method of claim 1 , wherein said software application is smaller than 5 megabytes (MB).
10 . The method of claim 1 , wherein said at least one dimension is selected from a set of dimensions comprising management (user hygiene), forensic readiness, defensibility, insider threat indicia, spear phishing surface, exfiltration potential, performance, dark web footprint, and valuable employee indicia.
11 . The method of claim 10 , wherein said set of dimensions further comprises physical security.
12 . The method of claim 1 , wherein said at least one dimension comprises a management (user hygiene) dimension and a forensic readiness dimension.
13 . The method of claim 1 , wherein each of said dimensions comprises a comparison of at least one characteristic of one of said endpoints related to said dimension and an acceptable benchmark value of said characteristic.
14 . A set of instructions fixed in a non-transitory computer-readable medium, comprising:
pushing a software application from a base system to a plurality of endpoints on a first distributed system; executing said software application at said endpoints; erasing said software application from each of said endpoints after said software application executes at said endpoint; receiving information at said base system from at least some of said plurality of endpoints; ranking each of said endpoints from most secure to least secure based on a set of subscores associated with with at least one of a plurality of dimensions, each of said dimensions relating to a particular set of characteristics of a given of said plurality of endpoints; comparing said subscores to a set of subscores from other distributed systems to generate a comparative ranking of said first distributed system relative to said other distributed systems; and displaying one or both of said endpoint ranking and said distributed system ranking to at least one user.
15 . The set of instructions of claim 14 , wherein said ranking of said endpoints constitutes a Relative Score.
16 . The set of instructions of claim 15 , wherein said Relative Score is a weighted sum of said subscores.
17 . The set of instructions of claim 14 , wherein said software application is smaller than 5 megabytes (MB).
18 . The set of instructions of claim 14 , wherein said distributed system ranking constitutes an Absolute Score.
19 . The set of instructions of claim 14 , wherein said at least one dimension is selected from a set of dimensions comprising management (user hygiene), forensic readiness, defensibility, insider threat indicia, spear phishing surface, exfiltration potential, performance, dark web footprint, and valuable employee indicia.
20 . The set of instructions of claim 19 , wherein said set of dimensions further comprises physical security.Join the waitlist — get patent alerts
Track US2023328097A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.