Abstract: An embodiment includes a method of computer software update in a managed network that includes endpoints having heterogenous operating systems. The method includes receiving a first update configured modify a first application on a first endpoint implementing a first non-Linux-based operating system (OS) and first metadata associated therewith. The method includes generating a first update package based on the first metadata and distributing the first update and the first update package to the first endpoint. The method includes accessing a product update list identifying a second application in an unpatched state on the second endpoint implementing a Linux-based OS and repository information of a repository device. Based on the repository information, the method includes accessing the second update and second metadata associated therewith. The method includes generating a second update package and distributing it and the second update such that the second endpoint locally implements the second update.

Abstract: A method and/or computer software for estimating the probability that a software weakness will be used in an exploit and/or malware and the probability that the developed exploit and/or malware will result in a compromise.

Abstract: An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences.

Abstract: A method of remote device diagnosis and mitigation includes receiving a signal indicative of an intermittent technical state of a first device. Immediately responsive thereto, the method includes interrogating the first device for parameters. The method includes interrogating the first device for the parameters at a third time outside receipt of the signal. The parameters include a transient parameter present at a first time of the intermittent technical state and not present a second time following the first time. The method includes recording the parameters from the first time in a first data file and the parameters for the third time in an additional data file. The first data file is compared with the additional data file to identify a difference in a parameter indicative of a cause of the intermittent technical state. The method includes remotely implementing a change on the first device to mitigate the cause.

Abstract: An embodiment includes a method of software utilization evaluation in a managed network. The method includes receiving a software parameter for a software implemented by a managed device in a managed network. The method includes obtaining status data of the software on the device. The status data indicating whether the software is in use at the device at a time. The method includes aggregating the status data to determine a software usage of the software at the device. Responsive to the software usage being below a usage threshold, the method includes generating software management action. The usage threshold being based on the software parameter. Responsive to a state at a management device, the method includes implementing the software management action to remotely modify at least one aspect of the managed device.

Abstract: A method may include obtaining a first sensor input signal and converting the first sensor input signal to a second sensor input signal having a common data format based on one or more data conversion rules. The method may include appending the second sensor input signal with a variable that describes information relating to the first sensor input signal. The method may include broadcasting the second sensor input signal in the common data format to one or more data storages and sending an instruction to actuate warehouse operations to one or more receiving systems based on the one or more data storages to which the second sensor input signal is broadcast. The method may include controlling one or more operations of a warehouse based on the instruction to actuate warehouse operations.

Abstract: Systems, devices, and methods are disclosed to send a signal to deploy a software patch at a compute device, to identify, based on a dependency map, a set of system components on the compute device that are likely to be impacted by the software patch, to monitor a set of parameters for a set of applications on the compute device that interact with a set of system components, to compare values for the set of parameters to one or more predefined criteria and to determine a compatibility classification for the software patch. Systems, devices, and methods are disclosed to update the dependency map based on the compatibility classification to define an updated dependency map, and based on the updated dependency map send a signal to deploy the software patch at a set of compute devices.

Abstract: A method of evaluating a computer-implemented product that is deployed on one or more endpoints. The method includes identifying a first program and a second program of a product deployed on a first endpoint of multiple endpoints. The method includes implementing a diagnostic process at the first endpoint. The diagnostic process includes a first subroutine directed to the first program and a second subroutine directed to a second program. The subroutines each execute installation and functional parameter tests of the programs. Responsive to the first subroutine indicating that the first program is operational, the method includes outputting data that the first subroutine passed. Responsive to the second subroutine returning an unexpected result, the method includes outputting data indicating details of the unexpected result and implementing a remediation that modifies the second program or a condition at the first endpoint to mitigate the unexpected result.

Abstract: An embodiment includes a method of self-election of a node in a subnet. The method includes receiving a first ping message. The first ping message is unicast from a second node, includes direct information related to the second node, and includes indirect information related to a third node. The method includes updating a first status of the second node in a status list stored at the first node consistent with the direct information. The method includes determining whether statuses of a threshold number of nodes have been received. Responsive to the threshold number of nodes being received, the method includes performing a local election operation. The method includes propagating a second ping message to a randomly identified additional node. The second ping message includes direct information regarding the first node and indirect information regarding at least one other node.

Abstract: A method of automated software management includes importing update metadata consumed from an update list describing cybersecurity vulnerabilities and product updates. Based on the update metadata, the method includes generating an initial update list including outstanding product updates for endpoints included in a managed network. The method includes discovering products of an endpoint of the managed network. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update.

Abstract: Techniques are disclosed to obtain device posture of a third party managed device. In various embodiments, a unique identifier of the third party managed device is embedded in a registration communication sent from a third party managed device to an access node associated with a first party management entity. The registration communication is sent from the third party managed device to the access node. The access node is configured to store data associating the unique identifier with the third party managed device, and to use the unique identifier to obtain from the third party management entity device posture information for the third party managed device.

Abstract: A request generated by an unmanaged app to access a resource is received from a mobile device. A notification is sent to the mobile device. A device level VPN connection to the mobile device is established. A unique identifier is associated with the device level VPN. App level traffic received via the device level VPN is tagged with the unique identifier. Access to the resource is allowed in response to the request based at least in part on a determination based on the tags that app level traffic from a trusted app and app level traffic from the unmanaged app are associated with the same mobile device.

Abstract: A method may include accessing a key from a secure storage. A payload may be encrypted using the key. A policy token may be generated. The policy token may include a publicly-readable header including a header identifier of the key and the payload encrypted using the key. The policy token may be sent. The policy token may be received. The publicly-readable header may be read. The key may be identified using the header identifier of the key from the publicly-readable header. The key may be accessed from the secure storage. The payload may be decrypted using the key.

Abstract: A method of a device-level management based on a digital experience includes developing a calculated device index (CDI) expression for a managed device of a managed network. The CDI expression includes a combination of weighted, normalized attribute values. The attributes reflect a digital experience metric of a user relative to the device. The method includes determining a normal device index range (NDIR) that defines values of a CDI indicative of normal operation of the device. The method includes monitoring current attribute data representative of multiple attributes associated with the device. Based on the current attribute data, the method includes computing the CDI using the CDI expression and evaluating the computed CDI relative to the NDIR. Responsive to the CDI being outside the NDIR, the method includes identifying a first attribute that is in an anomalous condition and that contributed to the CDI and implementing an action to mitigate the condition.

Abstract: A method of remote desktop protocol (RDP) operating system (OS) session remote-control includes providing security credentials to a client device. The method includes requesting OS sessions currently operating on the client device. The method includes receiving from an agent on the client device, an indication of OS sessions currently operating on the client device. The OS sessions include one or more RDP OS sessions and a console OS session. The method includes selecting a first RDP OS session of the one or more RDP OS sessions. Responsive to the selection of the first RDP OS session, the method includes communicating with an agent an instruction to initiate a remote-control interface with the client device. The remote-control interface is configured such that the agent transmits visual data of the RDP OS session to the service device and relays commands from the service device.

Abstract: A method of product update analysis and management includes receiving metadata of a product update related to a code change of an application on an endpoint of a managed network. The method includes scraping posts related to the product update from two different internet websites. The method includes aggregating the posts from the internet websites. The method includes quantifying a social volume from the aggregated posts. The social volume being a measure of discussion related to the product update. The method includes extracting content from the aggregated posts. Based on the extracted content, the method includes summarizing the posts into a collection of terms or phrases representative of a topic of the posts. The method includes causing display of an indication of the social volume and the collection of terms or phrases. The method includes implementing the product update to affect a change in program code at the application.

Abstract: A method of establishing communication with a second device via wireless communication channel that is not natively secure. The method includes performing mutual authentication between the first and second devices by receiving via the communication interface from the second device a FIDO public certificate of the second device and using a FIDO public key of the second device. The FIDO public key of the second device having been registered by the second device with a FIDO relying party in connection with a user identity associated with both the first device and the second device. The FIDO public key of the second device having been fetched by the first device from the FIDO relying party in connection with FIDO registration of the first device with the FIDO relying party in connection with the user identity. The method may include negotiating a shared secret used to engage in ongoing communication.

Abstract: A method of profiling an endpoint includes generating a structured request including a set of inquiries, each of which being directed to an endpoint parameter and including a parameter name. The method includes generating a scan message including the set of inquiries and an additional inquiry directed to an additional endpoint parameter. The method includes receiving a single response from the endpoint including raw parameter data responsive to the set of inquiries and the additional inquiry. The method includes storing the raw parameter data in a data lake organized according to extracted metadata. The method includes labeling each data portion using the parameter name and the extracted metadata. The method may include accessing, from the data lake, portions of the raw parameter data responsive to the set of inquiries based on labels associated therewith. The method includes generating a profile report derived from the accessed data.

Abstract: An embodiment includes a method of client-server trust management. The method includes receiving, at a client device, a public key of a system server and locally seeding the public key in a secure storage at the client device. The method includes receiving a certificate list signed by a private key of the system server and verifying a source of the certificate list using the seeded public key. The method includes initiating a handshake process with a second device during which a digital device certificate of the second device is received. The method includes halting the handshake process and validating the second device by matching the digital device certificate with a certificate included on the verified certificate list. Based on the validation, the method includes managing a communication session with the second device to enable or prevent data transfer between the client device and the second device.

Abstract: A method may include obtaining Domain Name System (DNS) configuration policies, that indicate how to direct a DNS query based on various Internet Protocol (IP) addresses or Fully Qualified Domain Names (FQDNs). The method may include obtaining a DNS query request on a first interface adapter in which the DNS query request is obtained from a DNS client and directed toward a particular FQDN. The method may include determining whether the particular FQDN included with the DNS query request is included in the DNS configuration policies and directing the DNS query request to an alternative DNS destination responsive to determining that the particular FQDN is not included in the DNS configuration policies. The method may include generating, at the alternative DNS destination, a DNS response that includes an error code, injecting the DNS response into a Transport Control Protocol (TCP)/IP stack, and sending the DNS response to the DNS client.