US2023351014A1PendingUtilityA1

Method to prevent root level access attack and measurable sla security and compliance platform

76
Assignee: CYEMPTIVE TECH INCPriority: Jun 21, 2019Filed: Jul 11, 2023Published: Nov 2, 2023
Est. expiryJun 21, 2039(~12.9 yrs left)· nominal 20-yr term from priority
G06F 21/554G06F 21/54H04L 41/5019H04L 43/065H04L 43/16H04L 63/1433H04L 63/1491G06F 2221/034H04L 63/1408H04L 41/5009G06F 21/552G06F 21/57G06F 2221/2115G06F 2221/2127G06F 2221/2139H04L 63/1441
76
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A management system detects a change at the target device. The management system transmits a request message to authorization devices of the authorization users of the multi-user authorization pool to from the authorization users an indication of whether the detected change is approved. The management system receives a plurality of response messages from authorization devices of the multi-user authorization pool indicating whether the detected change is approved by the corresponding authorization user, and based on at least three of the plurality of response messages indicating a disapproval, that the detected change is disapproved. In response to the determination that the change is disapproved, an instruction message is sent to a target managed device to instruct the target managed device to rollback to an earlier state.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system comprising:
 a processor;   a computer-readable medium storing instructions that, when executed by the processor, cause the processor to perform operations comprising:
 detecting a change at a target device performed by a user having an administrative credential; 
 transmitting a request message to devices of a plurality of authorization users, the request message requesting from the authorization users an indication of whether the detected change is approved; 
 receiving a plurality of response messages from the devices of the plurality of authorization users, each of the plurality of response messages indicating whether the detected change is approved by the corresponding authorization user; 
 determining, based on at least a threshold number of the plurality of response messages indicating a disapproval, that the detected change is disapproved; and 
 causing the target device to rollback to an earlier state. 
   
     
     
         2 . The system of  claim 1 , wherein the computer-readable medium further stores instructions that, when executed by the processor, cause the process to perform operations comprising:
 receiving a message from the target device indicating that the detected change is a change to an operating system of the target device.   
     
     
         3 . The system of  claim 2 , wherein the message indicates that the detected change is a change to the operating system of the target device that is not included on an exception list. 
     
     
         4 . The system of  claim 2 , wherein the message includes a description of the detected change. 
     
     
         5 . The system of  claim 1 , wherein causing the target device to roll back to an earlier state comprises:
 causing the target device to replace a current copy of an operating system of the target device with a previously recorded copy of the operating system that is of a known good state.   
     
     
         6 . The system of  claim 1 , wherein determining that the detected change is disapproved comprises:
 determining whether response messages indicating disapproval have been received from a threshold proportion of the devices of the plurality of authorization users.   
     
     
         7 . The system of  claim 1 , wherein determining that the detected change is disapproved comprises:
 determining whether at least three response messages indicating disapproval have been received.   
     
     
         8 . A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
 detecting a change at a target device performed by a user having an administrative credential;   transmitting a request message to devices of a plurality of authorization users, the request message requesting from the authorization users an indication of whether the detected change is approved;   receiving a plurality of response messages from the devices of the plurality of authorization users, each of the plurality of response messages indicating whether the detected change is approved by the corresponding authorization user;   determining, based on at least a threshold number of the plurality of response messages indicating a disapproval, that the detected change is disapproved; and   causing the target device to rollback to an earlier state.   
     
     
         9 . The computer-readable medium of  claim 8 , further storing instructions that, when executed by the processor, cause the process to perform operations comprising:
 receiving a message from the target device indicating that the detected change is a change to an operating system of the target device.   
     
     
         10 . The computer-readable medium of  claim 9 , wherein the message indicates that the detected change is a change to the operating system of the target device that is not included on an exception list. 
     
     
         11 . The computer-readable medium of  claim 9 , wherein the message includes a description of the detected change. 
     
     
         12 . The computer-readable medium of  claim 8 , wherein causing the target device to roll back to an earlier state comprises:
 causing the target device to replace a current copy of an operating system of the target device with a previously recorded copy of the operating system that is of a known good state.   
     
     
         13 . The computer-readable medium of  claim 8 , wherein determining that the detected change is disapproved comprises:
 determining whether response messages indicating disapproval have been received from a threshold proportion of the devices of the plurality of authorization users.   
     
     
         14 . The computer-readable medium of  claim 8 , wherein determining that the detected change is disapproved comprises:
 determining whether at least three response messages indicating disapproval have been received.   
     
     
         15 . A method comprising:
 detecting a change at a target device performed by a user having an administrative credential;   transmitting a request message to devices of a plurality of authorization users, the request message requesting from the authorization users an indication of whether the detected change is approved;   receiving a plurality of response messages from the devices of the plurality of authorization users, each of the plurality of response messages indicating whether the detected change is approved by the corresponding authorization user;   determining, based on at least a threshold number of the plurality of response messages indicating a disapproval, that the detected change is disapproved; and   causing the target device to rollback to an earlier state.   
     
     
         16 . The method of  claim 15 , further comprising:
 receiving a message from the target device indicating that the detected change is a change to an operating system of the target device.   
     
     
         17 . The method of  claim 16 , wherein the message indicates that the detected change is a change to the operating system of the target device that is not included on an exception list. 
     
     
         18 . The method of  claim 16 , wherein the message includes a description of the detected change. 
     
     
         19 . The method of  claim 15 , wherein causing the target device to roll back to an earlier state comprises:
 causing the target device to replace a current copy of an operating system of the target device with a previously recorded copy of the operating system that is of a known good state.   
     
     
         20 . The method of  claim 15 , wherein determining that the detected change is disapproved comprises:
 determining whether response messages indicating disapproval have been received from a threshold proportion of the devices of the plurality of authorization users.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.