Method to prevent root level access attack and measurable sla security and compliance platform
Abstract
A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system comprising:
a processor; a computer-readable medium storing instructions that, when executed by the processor, cause the processor to perform operations comprising:
detecting a change at a target device performed by a user having an administrative credential;
transmitting a request message to devices of a plurality of authorization users, the request message requesting from the authorization users an indication of whether the detected change is approved;
receiving a plurality of response messages from the devices of the plurality of authorization users, each of the plurality of response messages indicating whether the detected change is approved by the corresponding authorization user;
determining, based on at least a threshold number of the plurality of response messages indicating a disapproval, that the detected change is disapproved; and
causing the target device to rollback to an earlier state.
2 . The system of claim 1 , wherein the computer-readable medium further stores instructions that, when executed by the processor, cause the process to perform operations comprising:
receiving a message from the target device indicating that the detected change is a change to an operating system of the target device.
3 . The system of claim 2 , wherein the message indicates that the detected change is a change to the operating system of the target device that is not included on an exception list.
4 . The system of claim 2 , wherein the message includes a description of the detected change.
5 . The system of claim 1 , wherein causing the target device to roll back to an earlier state comprises:
causing the target device to replace a current copy of an operating system of the target device with a previously recorded copy of the operating system that is of a known good state.
6 . The system of claim 1 , wherein determining that the detected change is disapproved comprises:
determining whether response messages indicating disapproval have been received from a threshold proportion of the devices of the plurality of authorization users.
7 . The system of claim 1 , wherein determining that the detected change is disapproved comprises:
determining whether at least three response messages indicating disapproval have been received.
8 . A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
detecting a change at a target device performed by a user having an administrative credential; transmitting a request message to devices of a plurality of authorization users, the request message requesting from the authorization users an indication of whether the detected change is approved; receiving a plurality of response messages from the devices of the plurality of authorization users, each of the plurality of response messages indicating whether the detected change is approved by the corresponding authorization user; determining, based on at least a threshold number of the plurality of response messages indicating a disapproval, that the detected change is disapproved; and causing the target device to rollback to an earlier state.
9 . The computer-readable medium of claim 8 , further storing instructions that, when executed by the processor, cause the process to perform operations comprising:
receiving a message from the target device indicating that the detected change is a change to an operating system of the target device.
10 . The computer-readable medium of claim 9 , wherein the message indicates that the detected change is a change to the operating system of the target device that is not included on an exception list.
11 . The computer-readable medium of claim 9 , wherein the message includes a description of the detected change.
12 . The computer-readable medium of claim 8 , wherein causing the target device to roll back to an earlier state comprises:
causing the target device to replace a current copy of an operating system of the target device with a previously recorded copy of the operating system that is of a known good state.
13 . The computer-readable medium of claim 8 , wherein determining that the detected change is disapproved comprises:
determining whether response messages indicating disapproval have been received from a threshold proportion of the devices of the plurality of authorization users.
14 . The computer-readable medium of claim 8 , wherein determining that the detected change is disapproved comprises:
determining whether at least three response messages indicating disapproval have been received.
15 . A method comprising:
detecting a change at a target device performed by a user having an administrative credential; transmitting a request message to devices of a plurality of authorization users, the request message requesting from the authorization users an indication of whether the detected change is approved; receiving a plurality of response messages from the devices of the plurality of authorization users, each of the plurality of response messages indicating whether the detected change is approved by the corresponding authorization user; determining, based on at least a threshold number of the plurality of response messages indicating a disapproval, that the detected change is disapproved; and causing the target device to rollback to an earlier state.
16 . The method of claim 15 , further comprising:
receiving a message from the target device indicating that the detected change is a change to an operating system of the target device.
17 . The method of claim 16 , wherein the message indicates that the detected change is a change to the operating system of the target device that is not included on an exception list.
18 . The method of claim 16 , wherein the message includes a description of the detected change.
19 . The method of claim 15 , wherein causing the target device to roll back to an earlier state comprises:
causing the target device to replace a current copy of an operating system of the target device with a previously recorded copy of the operating system that is of a known good state.
20 . The method of claim 15 , wherein determining that the detected change is disapproved comprises:
determining whether response messages indicating disapproval have been received from a threshold proportion of the devices of the plurality of authorization users.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.