Abstract: A method of automated software management includes importing update metadata consumed from an update list describing cybersecurity vulnerabilities and product updates. Based on the update metadata, the method includes generating an initial update list including outstanding product updates for endpoints included in a managed network. The method includes discovering products of an endpoint of the managed network. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update.

Abstract: A method of profiling an endpoint includes generating a structured request including a set of inquiries, each of which being directed to an endpoint parameter and including a parameter name. The method includes generating a scan message including the set of inquiries and an additional inquiry directed to an additional endpoint parameter. The method includes receiving a single response from the endpoint including raw parameter data responsive to the set of inquiries and the additional inquiry. The method includes storing the raw parameter data in a data lake organized according to extracted metadata. The method includes labeling each data portion using the parameter name and the extracted metadata. The method may include accessing, from the data lake, portions of the raw parameter data responsive to the set of inquiries based on labels associated therewith. The method includes generating a profile report derived from the accessed data.

Abstract: A diagnostic tool configured to locally implement two or more diagnostic tests related to an on-premises patch management product operating on a defective endpoint device. The diagnostic tool includes one or more non-transitory computer-readable storage media configured to perform a console diagnostic test, an endpoint diagnostic test, and an agent diagnostic test to validate a functionality and an application configuration relating to the defective endpoint device responsive to the launch of the diagnostic tool and without further action by a user of the defective endpoint device. The diagnostic tool is configured to identify diagnostic failures and diagnostic successes resulting from the diagnostic tests, to determine suggested solutions to the diagnostic failures, generate a display that depicts the results of the diagnostic tests, and cause removal of the diagnostic tool from the defective endpoint device after the display of the graphical user interface is caused.

Abstract: An embodiment includes a method of augmenting performance and compliance of language model-based copilots. The method includes receiving application-specific guidance providing instructions that restrict responses output by an application-specific copilot based on a large language model (LLM). The method includes communicating to the LLM the application-specific guidance and setting an initial set of model parameters for the LLM. The method includes sequentially optimizing model parameters related to multiple model output characteristics of the LLM to generate a final set of model parameters. The method includes communicating the final set of model parameters to the LLM such that the final set of model parameters is implemented in the LLM during operations implemented by the copilot. The method includes deploying the copilot in an environment such that the copilot receives an actual query and replies with an actual response based on the LLM implementing the final set of model parameters.

Abstract: A method of securely storing a device password. The method includes receiving from a relying party, via a communication interface, a first public encryption key associated with a first device associated with a user identity. The method includes generating, at a second device associated with the same user identity and registering with the relying party, a public encryption key pair that includes a second public encryption key. The method includes performing a first level of encryption with respect to a password encryption key associated with encrypting a device password of the second device to produce a singly encrypted password encryption key using the second public encryption key. The method includes performing a second level of encryption with respect to the singly encrypted password encryption key to produce a doubly encrypted password encryption key using the first public encryption key and storing the it on the second device.

Abstract: A method of device management system migration includes scraping device and group structure data from a first system implemented to manage a network of devices. The group structure data is indicative of an arrangement of the devices. The method includes identifying device groups. The method includes building a network model representative of the arrangement. The network model substantially replicates the device groups. The method includes populating the second system with the device groups. The method includes generating an exportable data file based on the device data. The method includes communicating the exportable data file such that the second system organizes the managed devices into the migrated device groups of the second system. The method includes causing a provisioning of the devices into the second system such that the devices establish communication with the second system and receive management configurations consistent with the migrated device groups.

Abstract: An embodiment includes a method of health and functionality evaluation of an agent on a managed endpoint. The method includes receiving an agent event message that includes data representing platform health indicators and capacity health indicators. The platform health indicators include quantifications of functionality of communication channels and components that implement the agent. The capacity health indicators include quantifications of functionality of engines that are configured to implement a management operation. The method includes examining the agent event message for a change in status of the health of the agent. Responsive to the agent event message indicating the change, the method includes emitting an updated agent event. The method includes triggering generation a health score for the agent based on the updated agent event and historical agent health data. The method includes communicating to a webhost the health score where it is caused to be displayed.

Abstract: A method of automated software management includes generating an initial update list including outstanding product updates for an endpoint. The method includes receiving from a third-party agent, product metadata related to products loaded on the endpoint. Based on discovered products, the method includes generating an endpoint-specific inventory including product metadata of the products loaded on the endpoint. The method includes identifying an unnecessary product update of the outstanding product updates not related to the discovered products. The method includes filtering the unnecessary product update from the initial update list to generate a modified update list including a subset of outstanding product updates and omitting the unnecessary product update. The method includes distributing only the subset of outstanding product updates of the modified update list to the managed endpoint.

Abstract: An embodiment includes a method of vocal profile generation and implementation that includes causing display of a prompt for a user that represents an input value of a processing engine. The method includes obtaining a first spoken pronunciation from the user that corresponds to the prompt. The method includes generating a vocal profile based on the first spoken pronunciation that provides a basis for interpretation of vocal input received on distributed devices. The method includes storing the vocal profile at a data storage with other vocal profiles generated for users. The method includes obtaining identifier information that indicates that the user is operating a distributed device. Responsive to the identifier information, the method includes retrieving the vocal profile and loading it onto the distributed device such that obtained vocal input is interpreted according to the vocal profile prior its communication as an input value to the processing engine.

Abstract: A method of credential sharing between users in a system includes creating a credential for a first user that is configured such that entry of secure details of the credential enables execution of an operation. The method includes receiving data indicative of a first selection of the credential and a second selection of a second user. The method includes encrypting the secure details such that the second user is capable of decrypting the secure details and other users are incapable of decrypting the secure details. The method includes appending a profile of the second user with encrypted secure details. The method includes receiving an execution request to perform the first operation from the second user and decrypting the secure details. After entry of the decrypted secure details, the method includes authenticating the second user using the secure details and enabling execution of the first operation by the second user.

Abstract: An embodiment includes a method of self-election of a node in a subnet. The method includes receiving a first ping message. The first ping message is unicast from a second node, includes direct information related to the second node, and includes indirect information related to a third node. The method includes updating a first status of the second node in a status list stored at the first node consistent with the direct information. The method includes determining whether statuses of a threshold number of nodes have been received. Responsive to the threshold number of nodes being received, the method includes performing a local election operation. The method includes propagating a second ping message to a randomly identified additional node. The second ping message includes direct information regarding the first node and indirect information regarding at least one other node.

Abstract: A method may include obtaining Domain Name System (DNS) configuration policies, that indicate how to direct a DNS query based on various Internet Protocol (IP) addresses or Fully Qualified Domain Names (FQDNs). The method may include obtaining a DNS query request on a first interface adapter in which the DNS query request is obtained from a DNS client and directed toward a particular FQDN. The method may include determining whether the particular FQDN included with the DNS query request is included in the DNS configuration policies and directing the DNS query request to an alternative DNS destination responsive to determining that the particular FQDN is not included in the DNS configuration policies. The method may include generating, at the alternative DNS destination, a DNS response that includes an error code, injecting the DNS response into a Transport Control Protocol (TCP)/IP stack, and sending the DNS response to the DNS client.

Abstract: A method of executable storage in a peer-to-peer based software package distribution system. The method includes receiving an instruction to install a software package. An executable configured to execute installation of the software package may be available at a uniform resource location (URL). The method includes detecting a designation parameter. The method includes generating a subfolder name based on the designation parameter. The method includes searching a local cache folder and a peer cache folder for the executable based on the subfolder name. Responsive to the executable being unavailable at the local and peer cache folders, the method includes downloading the first executable from the URL. The method includes generating a subfolder for the executable in the local cache folder. The subfolder has the generated subfolder name. The method includes storing the executable in the generated subfolder.

Abstract: A method of establishing communication with a second device via wireless communication channel that is not natively secure. The method includes performing mutual authentication between the first and second devices by receiving via the communication interface from the second device a FIDO public certificate of the second device and using a FIDO public key of the second device. The FIDO public key of the second device having been registered by the second device with a FIDO relying party in connection with a user identity associated with both the first device and the second device. The FIDO public key of the second device having been fetched by the first device from the FIDO relying party in connection with FIDO registration of the first device with the FIDO relying party in connection with the user identity. The method may include negotiating a shared secret used to engage in ongoing communication.

Abstract: A method of dynamic structured data communication includes registering a structure configured for data communication between applications. The structure includes a structure name and a mapping between data elements and attributes related to the data elements. The structure is registered such that it is accessible to a second application. The method includes receiving encoded data from a first application. The encoded data includes values for the data elements encoded according to the structure and an indication of the structure name. The method includes resolving the encoded data to identify the structure name. Based on the structure name, the method includes accessing the structure and decoding the encoded data according to the accessed structure. The decoding includes generation of a first value that corresponds to a first data element of the encoded data and generated to conform to a first attribute mapped to the first data element in the accessed structure.

Abstract: An embodiment includes a method of application vulnerability assessment and prioritization. The method includes ingesting modelling data from data sources for application vulnerabilities. The method includes transforming at least a portion of the modelling data to covariate vectors. The method includes extracting keywords and phrases from the modelling data and statistically measuring relevance of files of the modelling data based on the extracted keywords and phrases. The method includes generating threat levels of the application vulnerabilities based on the covariate vectors and the measured relevance. The method includes outputting the threat levels to a network management system. The method includes implementing, at a first endpoint device of the network, a first patch to address one of the application vulnerabilities.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria include a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server.

Abstract: A method of evaluating a computer-implemented product that is deployed on one or more endpoints. The method includes identifying a first program and a second program of a product deployed on a first endpoint of multiple endpoints. The method includes implementing a diagnostic process at the first endpoint. The diagnostic process includes a first subroutine directed to the first program and a second subroutine directed to a second program. The subroutines each execute installation and functional parameter tests of the programs. Responsive to the first subroutine indicating that the first program is operational, the method includes outputting data that the first subroutine passed. Responsive to the second subroutine returning an unexpected result, the method includes outputting data indicating details of the unexpected result and implementing a remediation that modifies the second program or a condition at the first endpoint to mitigate the unexpected result.

Abstract: A method may include accessing a key from a secure storage. A payload may be encrypted using the key. A policy token may be generated. The policy token may include a publicly-readable header including a header identifier of the key and the payload encrypted using the key. The policy token may be sent. The policy token may be received. The publicly-readable header may be read. The key may be identified using the header identifier of the key from the publicly-readable header. The key may be accessed from the secure storage. The payload may be decrypted using the key.

Abstract: An embodiment includes a method of vulnerability detection and mitigation in a managed network. The method includes receiving a defined state of a product on a managed endpoint of a managed network. The method includes detecting a trigger event in the managed network. The trigger event is indicative of a change to the managed device or to the product that is inconsistent with the defined state. Responsive to detection of the trigger event, the method includes automatically implementing a product modification process. The product modification process includes distribution of at least one product update to a product installed at the managed endpoint.