Abstract: A cloud extension agent can be provided on a customer premise for interfacing, via an outbound secure connection, cloud based services. The cloud extension agent can reach the cloud based services through existing firewall infrastructure, thereby providing simple, secure deployment. Furthermore, the secure connection can enable substantially real-time communication with a cloud service to provide web-based, substantially real time control or management of resources on the customer premises via the cloud extension agent.

Abstract: Utilizing a server-based rules-based action framework, methods and systems gather status and configuration information about each of a plurality of mobile devices, which include devices from different mobile platforms. At the server, software processes monitor status information and respond automatically to changes, causing administrator-selected rules to be evaluated to determine if an action should automatically be initiated.

Abstract: Systems and methods facilitate the deployment of software modules from a file server to agents on endpoints. Agents can contact a heartbeat server to receive information about a latest manifest file that identifies the software modules that should be installed on the endpoint. Agents can then determine from the manifest information whether new files need to be downloaded and automatically download them. A scripting engine can be used to allow run-time installation of modules without causing significant downtime of the endpoint. The scripting engine can utilize the agent to report back status and data from the software modules to allow modules to be used with a mobile device management platform.

Abstract: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Abstract: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Abstract: Systems and methods facilitate the deployment of software modules from a file server to agents on endpoints. Agents can contact a heartbeat server to receive information about a latest manifest file that identifies the software modules that should be installed on the endpoint. Agents can then determine from the manifest information whether new files need to be downloaded and automatically download them. A scripting engine can be used to allow run-time installation of modules without causing significant downtime of the endpoint. The scripting engine can utilize the agent to report back status and data from the software modules to allow modules to be used with a mobile device management platform.

Abstract: Utilizing a server-based rules-based action framework, methods and systems gather status and configuration information about each of a plurality of mobile devices, which include devices from different mobile platforms. At the server, software processes monitor status information and respond automatically to changes, causing administrator-selected rules to be evaluated to determine if an action should automatically be initiated.

Abstract: A cloud extension agent can be provided on a customer premise for interfacing, via an outbound secure connection, cloud based services. The cloud extension agent can reach the cloud based services through existing firewall infrastructure, thereby providing simple, secure deployment. Furthermore, the secure connection can enable substantially real-time communication with a cloud service to provide web-based, substantially real time control or management of resources on the customer premises via the cloud extension agent.

Abstract: A remote access client is provided for enabling communication between a remote data terminal configured to access a public network, and an enterprise network by way of a VPN tunnel through the public network. The remote access client includes at least one application program interface (API) to receive a first verification of the operating state of a predetermined application of the remote data terminal to enable a connection agent for establishing a point of presence on the public network. Upon connection to the point of presence, the API exchanges data between the remote access client and the predetermined application of the remote data terminal. The remote access client receives a second periodic verification of the operating state of the predetermined application via the API for terminating the connection to the point of presence upon the absence of the second verification.

Abstract: A consolidated security application dashboard system is described wherein a plurality of endpoint systems include visibility agents that collect status and event attributes/metrics from a plurality of security applications and upload the information to datamarts on a backend server. The backend server aggregates and processed the security application attributes/metrics to enable configurable dashboards to present summary and detailed information to IT users about the security metrics relating to a group of endpoints.

Abstract: Universal connection data collection solution for monitoring, collecting and reporting connection data and/or attributes for endpoint computing devices making a connection to a network for use in analyzing user behavior and device connectivity efficiencies. Embodiments include IP connections wherein the universal connections data collection module is notified by the OS of IP connection events. Embodiments may include a standalone mode of the universal connections data collection solution and add-on modes wherein the universal connections data collection solution integrates with a third party connection manager using an API to communicate. The universal connections data collection solution monitors the state of network connections by enumerating connections, comparing the list of active connections to the last known snapshot of the network state to determine a network state change (e.g., new connection, change in connection state, disconnection), and periodically updating the statics of the connected network.

Abstract: A computer-implemented method and apparatus prevents unsecured access to a computer over a network by a client running on a remote computer. In one aspect of the present invention, a client policy is stored on the remote computer. The client policy includes a configuration of the remote computer that reduces the likelihood of a security breach of the computer as a result of the remote computer accessing the computer. A request is received from a user for access to the computer. It is verified that the remote computer conforms with the client policy, and the client is connected to said computer.

Abstract: A system, method, signal, and computer program product for providing secure wireless access to private databases and applications without requiring a separate wireless client-server internetworking security protocol infrastructure. The wireless device (201) communicates with the wireless access service provider (205) via hypertext transfer protocol (HTTP) messages, and the wireless access service provider (205) and the secure network (204) perform a RADIUS authentification for the wireless device (201).

Abstract: A test management application on a test management server includes a user interface on a Web-based portal by which a user can define one or more tests, selecting any desired configuration of operating system, connection type, and/or application, which are then saved in a test management database in the central server. Multiple tests involving the same configuration can be defined and saved for later selection, either individually or as a group of tests. A client agent engine on a test device can query the test management server for tests that can be conducted using the device's current configuration. If no such tests are found, the device can then query the test management server for the next available test. Upon allocation of the next available test to the device, the necessary system configuration for that test can be automatically retrieved, installed, and verified by the device. The device under test is automatically rebuilt to have the proper configuration for the test to be run.

Abstract: An enterprise information system consists of two fundamental components—the data and the business logic. Relational databases can provide a stable, clear and robust implementation of transactions with ACID properties and a declarative query language (SQL) for managing data and are at the core of modern enterprise computing. But modern programming languages like Java—a compiled language, and Javascript—a scriptable language, provide a much better environment for implementing complex business logic. Object Relational Mapping (ORM) tools provide a bridge between the relational environment and the object environment, so that data can be persisted in a relational data model and business logic can be encoded using objects. An extension to the standard ORM is provided to allow an application written in an object oriented language to deal with the information it manipulates in terms of objects, rather than in terms of database-specific concepts such as rows, columns and tables.

Abstract: A security agent monitoring and protection system is provided. A security agent on an end point computing device can be accompanied by or can load into the device's memory at startup one or more independent software processes whose primary function is to directly protect the security agent itself and take protective actions against the end point computing device should a security agent protecting the device become disabled. Protection of the security agent can be achieved in several ways, including installing the security agent with restricted permissions, making it difficult to shutdown, restarting the security agent automatically if it is halted without authorization, disabling network connectivity of the end point device if the security agent does not successfully start or restart, protecting executable and dynamic link library (DLL) files of the security agent, and controlling access to the security agent's Common Object Model (COM) interfaces.

Abstract: An application programming interface (API) translation agent and method for converting a message from one application configured according to a first API to a message configured according to a second API so that the first application, which is configured to communicate only in accordance with the first API, can communicate with a second application, which is configured to communicate only in accordance with the second API. The first and second applications can include a security application and a network access control (NAC) agent installed on an end point computing device, and the API translation agent can be used by the NAC agent to obtain information regarding a security status of the end point computing device, the information being used to determine whether the end point computing device is in compliance with the security policies of a network.

Abstract: An application programming interface (API) translation agent and method for converting a message from one application configured according to a first API to a message configured according to a second API so that the first application, which is configured to communicate only in accordance with the first API, can communicate with a second application, which is configured to communicate only in accordance with the second API. The first and second applications can include a security application and a network access control (NAC) agent installed on an end point computing device, and the API translation agent can be used by the NAC agent to obtain information regarding a security status of the end point computing device, the information being used to determine whether the end point computing device is in compliance with the security policies of a network.

Abstract: A computer-implemented method and apparatus prevents unsecured access to a computer over a network by a client running on a remote computer. In one aspect of the present invention, a client policy is stored on the remote computer. The client policy includes a configuration of the remote computer that reduces the likelihood of a security breach of the computer as a result of the remote computer accessing the computer. A request is received from a user for access to the computer. It is verified that the remote computer conforms with the client policy, and the client is connected to said computer.

Abstract: A computer-implemented method and apparatus prevents unsecured access to a computer over a network by a client running on a remote computer. In one aspect of the present invention, a client policy is stored on the remote computer. The client policy includes a configuration of the remote computer that reduces the likelihood of a security breach of the computer as a result of the remote computer accessing the computer. A request is received from a user for access to the computer. It is verified that the remote computer conforms with the client policy, and the client is connected to said computer.