Abstract: A method of profiling an endpoint includes generating a structured request including a set of inquiries, each of which being directed to an endpoint parameter and including a parameter name. The method includes generating a scan message including the set of inquiries and an additional inquiry directed to an additional endpoint parameter. The method includes receiving a single response from the endpoint including raw parameter data responsive to the set of inquiries and the additional inquiry. The method includes storing the raw parameter data in a data lake organized according to extracted metadata. The method includes labeling each data portion using the parameter name and the extracted metadata. The method may include accessing, from the data lake, portions of the raw parameter data responsive to the set of inquiries based on labels associated therewith. The method includes generating a profile report derived from the accessed data.

Abstract: An embodiment includes a method of client-server trust management. The method includes receiving, at a client device, a public key of a system server and locally seeding the public key in a secure storage at the client device. The method includes receiving a certificate list signed by a private key of the system server and verifying a source of the certificate list using the seeded public key. The method includes initiating a handshake process with a second device during which a digital device certificate of the second device is received. The method includes halting the handshake process and validating the second device by matching the digital device certificate with a certificate included on the verified certificate list. Based on the validation, the method includes managing a communication session with the second device to enable or prevent data transfer between the client device and the second device.

Abstract: A method may include obtaining Domain Name System (DNS) configuration policies, that indicate how to direct a DNS query based on various Internet Protocol (IP) addresses or Fully Qualified Domain Names (FQDNs). The method may include obtaining a DNS query request on a first interface adapter in which the DNS query request is obtained from a DNS client and directed toward a particular FQDN. The method may include determining whether the particular FQDN included with the DNS query request is included in the DNS configuration policies and directing the DNS query request to an alternative DNS destination responsive to determining that the particular FQDN is not included in the DNS configuration policies. The method may include generating, at the alternative DNS destination, a DNS response that includes an error code, injecting the DNS response into a Transport Control Protocol (TCP)/IP stack, and sending the DNS response to the DNS client.

Abstract: A method and/or computer software for estimating the probability that a software weakness will be used in an exploit and/or malware and the probability that the developed exploit and/or malware will result in a compromise.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor detects a software application installed on a client computing device, and/or usage data. Detected usage data is associated with a current user of the client computing device and with the software application. The processor identifies a user role for the current user based on the software application and/or usage data. The processor applies a security configuration to the client computing device based on the user role. The security configuration limits access by the current user to a portion of the software application. The processor sends an identifier of the user role to an administrative server for storage in an Active Directory (AD) database.

Abstract: An embodiment includes a method of real-time, endpoint-specific SLA compliance evaluation in a managed network. The method includes receiving SLA definition input that indicates an SLA definition of the managed network. Responsive to detection of a trigger event, the method includes initiating a scan of endpoints including retrieval of endpoint-level state data. The method includes identifying a portion of the retrieved state data relevant to the SLA definition. The method includes aggregating the portions of the retrieved state data. The method includes determining whether the managed network is SLA compliant at an endpoint-level of granularity based on the aggregated portions. Responsive to the managed network being noncompliant, the method includes identifying a subset of endpoints failing to meet the SLA definition and implementing a product modification process to address a metric of the SLA definition and change a product to bring the first endpoint into compliance.

Abstract: A method of identification and remediation of a mass event in a managed network. The method includes receiving a first report of an event occurring at a first endpoint of the managed network. In response, a first action is performed. The first action being initiated based on a repeating event trigger not being triggered. The method includes receiving a second report of the event occurring at a second endpoint. In response, the method includes determining whether a threshold that triggers the repeating event trigger is exceeded. The threshold being indicative of a mass event in the managed network. Responsive to the threshold being exceeded, the method includes triggering the repeating event trigger and performing a second automated resolution action in the managed network. The second action being different from the first action. Responsive to the threshold not being exceeded, the method includes performing the first action at the second endpoint.

Abstract: A method of automated software management includes generating an initial update list including outstanding product updates for an endpoint. The method includes receiving from a third-party agent, product metadata related to products loaded on the endpoint. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update. The method includes distributing only the subset of outstanding product updates of the modified update list to the managed endpoint.

Abstract: Techniques are disclosed to provide application extension-based authentication on a device under third party management. In various embodiments, a unique identifier associated with an authentication app is stored on the device. An app extension framework that enables a native app to request, via an app extension associated with the authentication app, access to a service with which the native app is associated is provided. The authentication app is configured to use the unique identifier to determine a security posture of the device and to grant or deny access to the service based at least in part on the security posture of the device.

Abstract: A method of credential sharing between users in a system includes creating a credential for a first user that is configured such that entry of secure details of the credential enables execution of an operation. The method includes receiving data indicative of a first selection of the credential and a second selection of a second user. The method includes encrypting the secure details such that the second user is capable of decrypting the secure details and other users are incapable of decrypting the secure details. The method includes appending a profile of the second user with encrypted secure details. The method includes receiving an execution request to perform the first operation from the second user and decrypting the secure details. After entry of the decrypted secure details, the method includes authenticating the second user using the secure details and enabling execution of the first operation by the second user.

Abstract: An embodiment includes a method of secured, remote device access through dynamic scope adjustment in an incident management system. The method includes receiving an incident report indicative of a technical issue at a first device. Responsive to receipt of the incident report, the method includes determining that the first device is assigned an information technology (IT) support provider and dynamically elevating the first device to a scope of the IT support provider. Following a correction of at least a portion of the technical issue by the IT support provider, the method includes dynamically relegating the first device from the scope to prevent remote access to the first device following the correction.

Abstract: Systems, devices, and methods are disclosed to send a signal to deploy a software patch at a compute device, to identify, based on a dependency map, a set of system components on the compute device that are likely to be impacted by the software patch, to monitor a set of parameters for a set of applications on the compute device that interact with a set of system components, to compare values for the set of parameters to one or more predefined criteria and to determine a compatibility classification for the software patch. Systems, devices, and methods are disclosed to update the dependency map based on the compatibility classification to define an updated dependency map, and based on the updated dependency map send a signal to deploy the software patch at a set of compute devices.

Abstract: Content delivery optimization and recommendation is disclosed. A manner of delivering a content object to a mobile device may be determined at least in part by applying a behavior model associated with a user of the mobile device to attributes associated with the content object. The behavior model may be generated based at least in part on observed activities of the user. The content object is provided to the mobile device in the determined manner.

Abstract: A method of application integrity verification and remediation includes scanning an appliance to identify installed program files associated with an application under analysis deployed at the appliance. The method includes computing a hash value of a first installed file of the installed program files. The method includes determining whether the first installed file exists in vendor program files of the application that are maintained separate from the installed program files. The method includes fetching a hash value of a first vendor file of the vendor program files. The first vendor file corresponds to the first installed file. Responsive to the fetched hash value differing from the computed hash value, the method includes classifying the first installed program file as a compromised file and remediating the compromised file at the network appliance.

Abstract: A method for managing nodes is disclosed. The method includes testing a management script on a management server for managing at least one node. The method also includes receiving administrator validation to distribute the management script. The method further includes sending the validated management script to one or more management servers on one or more networks.

Abstract: A method of remote device diagnosis and mitigation includes receiving a signal indicative of an intermittent technical state of a first device. Immediately responsive thereto, the method includes interrogating the first device for parameters. The method includes interrogating the first device for the parameters at a third time outside receipt of the signal. The parameters include a transient parameter present at a first time of the intermittent technical state and not present a second time following the first time. The method includes recording the parameters from the first time in a first data file and the parameters for the third time in an additional data file. The first data file is compared with the additional data file to identify a difference in a parameter indicative of a cause of the intermittent technical state. The method includes remotely implementing a change on the first device to mitigate the cause.

Abstract: A method for automatic presentation of a terminal application screen is described. The method includes receiving terminal application screen data from a server. The method also includes selecting a transformation template based on a comparison of text in the terminal application screen data to identification text in the transformation template. The transformation template includes instructions for transforming the terminal application screen data into an HTML page. The method further includes transforming the terminal application screen data into the HTML page using the selected transformation template. The HTML page is displayed in a web interface on a client device.

Abstract: Systems, devices, and methods are disclosed to send a signal to deploy a software patch at a compute device, to identify, based on a dependency map, a set of system components on the compute device that are likely to be impacted by the software patch, to monitor a set of parameters for a set of applications on the compute device that interact with a set of system components, to compare values for the set of parameters to one or more predefined criteria and to determine a compatibility classification for the software patch. Systems, devices, and methods are disclosed to update the dependency map based on the compatibility classification to define an updated dependency map, and based on the updated dependency map send a signal to deploy the software patch at a set of compute devices.

Abstract: A method for converting data between two data transfer protocols is described. The method includes receiving first HyperText Transfer Protocol (HTTP) enabled data from a first computer system. The method also includes converting the first HTTP-enabled data obtained from the first computer system to first remote terminal session data. The method also includes sending the first remote terminal session data to a second computer system via a remote terminal session.

Abstract: An embodiment includes a method of vulnerability detection and mitigation in a managed network. The method includes receiving a defined state of a product on a managed endpoint of a managed network. The method includes detecting a trigger event in the managed network. The trigger event is indicative of a change to the managed device or to the product that is inconsistent with the defined state. Responsive to detection of the trigger event, the method includes automatically implementing a product modification process. The product modification process includes distribution of at least one product update to a product installed at the managed endpoint.