Abstract: An embodiment includes a method of application vulnerability assessment and prioritization. The method includes ingesting modelling data from data sources for application vulnerabilities. The method includes transforming at least a portion of the modelling data to covariate vectors. The method includes extracting keywords and phrases from the modelling data and statistically measuring relevance of files of the modelling data based on the extracted keywords and phrases. The method includes generating threat levels of the application vulnerabilities based on the covariate vectors and the measured relevance. The method includes outputting the threat levels to a network management system. The method includes implementing, at a first endpoint device of the network, a first patch to address one of the application vulnerabilities.

Abstract: A method for patch management is described. The method includes downloading a patch that is incompatible with a patch management system. The method also includes creating an archive that is executable by the patch management system. The archive includes the incompatible patch. The method further includes sending the archive to the patch management system.

Abstract: A method of mobile device management (MDM) comprising scanning, by an optical reader of a first mobile device, an optical code. The optical code is generated based on a policy and a group that includes the first and a second mobile device. The optical code has encoded enrollment details of the policy. Responsive to the scanning, the method includes connecting to a computer interface on which an enrollment application is accessible and causing display of an enrollment page. The method includes receiving identification input entered into the enrollment page. In response to the identification input, the method includes automatically transferring the enrollment details and the identification input to the enrollment application. Based on the transfer, enrolling the first mobile device in a MDM system. Enrollment of the first mobile device includes enabling a set of functions of the first mobile device consistent with the policy of the group.

Abstract: A method of product update management in systems having product access restrictions associated with administrative credentials includes detecting that an operating system (OS) update is outstanding at an endpoint. The method includes communicating a request for an OS update to the endpoint and determining whether it is enrolled in a mobile device management (MDM) environment. If the endpoint is enrolled in the MDM environment, the method includes communicating a request for an MDM call to an MDM module of a management device. The MDM module includes authority to initiate the OS update. The method includes queuing and scheduling an OS update command with an MDM requester. The method includes communicating, by the MDM requester, an update command to a vendor agent of the endpoint. The method includes interfacing with a third party update service to retrieve an OS update and communicating with the OS to initiate installation the OS update.

Abstract: Techniques to provide secure access to a service via an unmanaged device are disclosed. In various embodiments, a request from an unmanaged device to access a service is received via a communication interface. A user associated with the request is authenticated at least in part by prompting the user to use a managed device associated with the user to interact with data displayed at the unmanaged device. Access to the service is provided via the unmanaged device at least in part via a virtual browser instance running on a secure node and configured to access the service on behalf of the user and stream data associated with the service to the unmanaged device.

Abstract: A method may include obtaining Domain Name System (DNS) configuration policies, that indicate how to direct a DNS query based on various Internet Protocol (IP) addresses or Fully Qualified Domain Names (FQDNs). The method may include obtaining a DNS query request on a first interface adapter in which the DNS query request is obtained from a DNS client and directed toward a particular FQDN. The method may include determining whether the particular FQDN included with the DNS query request is included in the DNS configuration policies and directing the DNS query request to an alternative DNS destination responsive to determining that the particular FQDN is not included in the DNS configuration policies. The method may include generating, at the alternative DNS destination, a DNS response that includes an error code, injecting the DNS response into a Transport Control Protocol (TCP)/IP stack, and sending the DNS response to the DNS client.

Abstract: An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method {1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or {2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences.

Abstract: A method of unsupported product update data conversion includes receiving an initial software distribution package including rules to detect a product update status and to install a product update on an endpoint. The product update is not supported by a third-party update network. The method includes identifying elements of a rule. The method includes parsing the elements of the rule, which includes adding parent components representative of the elements to an expression tree and detecting functions for the elements. The functions are configured to implement the elements in the third-party update network. The method includes aggregating the functions for the parsed elements into a script file. The method includes converting the expression tree into a final command to perform the script file. The method includes generating a compatible update package based on the final command and distributing it to the third-party update network to deploy the product update.

Abstract: A method of identification and remediation of a mass event in a managed network. The method includes receiving a first report of an event occurring at a first endpoint of the managed network. In response, a first action is performed. The first action being initiated based on a repeating event trigger not being triggered. The method includes receiving a second report of the event occurring at a second endpoint. In response, the method includes determining whether a threshold that triggers the repeating event trigger is exceeded. The threshold being indicative of a mass event in the managed network. Responsive to the threshold being exceeded, the method includes triggering the repeating event trigger and performing a second automated resolution action in the managed network. The second action being different from the first action. Responsive to the threshold not being exceeded, the method includes performing the first action at the second endpoint.

Abstract: A method of remote desktop protocol (RDP) operating system (OS) session remote-control includes providing security credentials to a client device. The method includes requesting OS sessions currently operating on the client device. The method includes receiving from an agent on the client device, an indication of OS sessions currently operating on the client device. The OS sessions include one or more RDP OS sessions and a console OS session. The method includes selecting a first RDP OS session of the one or more RDP OS sessions. Responsive to the selection of the first RDP OS session, the method includes communicating with an agent an instruction to initiate a remote-control interface with the client device. The remote-control interface is configured such that the agent transmits visual data of the RDP OS session to the service device and relays commands from the service device.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: A method may include monitoring a log file at an endpoint of a managed network, and an error log entry that indicates a technical error experienced at the endpoint may be identified. The method may include ignoring the log entries that are generated during a first time period following identification of the error log entry. A first set of log entries may be collected during a first time interval beginning at the end of the first time period and going back a second time period. A second set of log entries may be collected during a second time interval beginning at the end of the first time period and moving forward for a third time period. The first and second sets of log entries may be aggregated, and a mitigation action determined based on analysis of the aggregated log entries may be implemented as a solution to the technical error.

Abstract: An embodiment includes a method of client-server trust management. The method includes receiving, at a client device, a public key of a system server and locally seeding the public key in a secure storage at the client device. The method includes receiving a certificate list signed by a private key of the system server and verifying a source of the certificate list using the seeded public key. The method includes initiating a handshake process with a second device during which a digital device certificate of the second device is received. The method includes halting the handshake process and validating the second device by matching the digital device certificate with a certificate included on the verified certificate list. Based on the validation, the method includes managing a communication session with the second device to enable or prevent data transfer between the client device and the second device.

Abstract: An embodiment includes a method of real-time, endpoint-specific SLA compliance evaluation in a managed network. The method includes receiving SLA definition input that indicates an SLA definition of the managed network. Responsive to detection of a trigger event, the method includes initiating a scan of endpoints including retrieval of endpoint-level state data. The method includes identifying a portion of the retrieved state data relevant to the SLA definition. The method includes aggregating the portions of the retrieved state data. The method includes determining whether the managed network is SLA compliant at an endpoint-level of granularity based on the aggregated portions. Responsive to the managed network being noncompliant, the method includes identifying a subset of endpoints failing to meet the SLA definition and implementing a product modification process to address a metric of the SLA definition and change a product to bring the first endpoint into compliance.

Abstract: A method of real time monitor and control of a dynamic environment may include obtaining image data from a camera system directed towards a portion of a dynamic environment. The method may include identifying a first object and a second object in the image data. The method may include analyzing motion of the first object relative to the second object. The method may include identifying that a defined circumstance exists in the dynamic environment based on presence of a property of in the analyzed motion that exceeds an operating threshold. Responsive to the defined circumstance existing in the dynamic environment, the method may include generating a control signal that is configured to mitigate the defined circumstance and communicating the control signal to a device related to the first object such that an operational state of the first object is modified to bring the property within the operating threshold.

Abstract: An embodiment includes a method of self-election of a node in a subnet. The method includes receiving a first ping message. The first ping message is unicast from a second node, includes direct information related to the second node, and includes indirect information related to a third node. The method includes updating a first status of the second node in a status list stored at the first node consistent with the direct information. The method includes determining whether statuses of a threshold number of nodes have been received. Responsive to the threshold number of nodes being received, the method includes performing a local election operation. The method includes propagating a second ping message to a randomly identified additional node. The second ping message includes direct information regarding the first node and indirect information regarding at least one other node.

Abstract: An embodiment includes a method of computer software update in a managed network that includes endpoints having heterogenous operating systems. The method includes receiving a first update configured modify a first application on a first endpoint implementing a first non-Linux-based operating system (OS) and first metadata associated therewith. The method includes generating a first update package based on the first metadata and distributing the first update and the first update package to the first endpoint. The method includes accessing a product update list identifying a second application in an unpatched state on the second endpoint implementing a Linux-based OS and repository information of a repository device. Based on the repository information, the method includes accessing the second update and second metadata associated therewith. The method includes generating a second update package and distributing it and the second update such that the second endpoint locally implements the second update.

Abstract: A method and/or computer software for estimating the probability that a software weakness will be used in an exploit and/or malware and the probability that the developed exploit and/or malware will result in a compromise.

Abstract: An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences.