Abstract: An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria include a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server.

Abstract: A method of evaluating a computer-implemented product that is deployed on one or more endpoints. The method includes identifying a first program and a second program of a product deployed on a first endpoint of multiple endpoints. The method includes implementing a diagnostic process at the first endpoint. The diagnostic process includes a first subroutine directed to the first program and a second subroutine directed to a second program. The subroutines each execute installation and functional parameter tests of the programs. Responsive to the first subroutine indicating that the first program is operational, the method includes outputting data that the first subroutine passed. Responsive to the second subroutine returning an unexpected result, the method includes outputting data indicating details of the unexpected result and implementing a remediation that modifies the second program or a condition at the first endpoint to mitigate the unexpected result.

Abstract: An embodiment includes a method of vulnerability detection and mitigation in a managed network. The method includes receiving a defined state of a product on a managed endpoint of a managed network. The method includes detecting a trigger event in the managed network. The trigger event is indicative of a change to the managed device or to the product that is inconsistent with the defined state. Responsive to detection of the trigger event, the method includes automatically implementing a product modification process. The product modification process includes distribution of at least one product update to a product installed at the managed endpoint.

Abstract: A method may include accessing a key from a secure storage. A payload may be encrypted using the key. A policy token may be generated. The policy token may include a publicly-readable header including a header identifier of the key and the payload encrypted using the key. The policy token may be sent. The policy token may be received. The publicly-readable header may be read. The key may be identified using the header identifier of the key from the publicly-readable header. The key may be accessed from the secure storage. The payload may be decrypted using the key.

Abstract: An embodiment includes a method of data collection optimization in a managed network having a digital experience platform that includes collecting data from managed endpoints using first collection criteria. The first collection criteria include a first frequency and a first verbosity. The method includes identifying, in the collected data, device context data that indicates a defined event exists relative to an endpoint. The collected data or the device context data are used to compute a digital experience index. Responsive to the identified device context data, the method includes modifying the first frequency or the first verbosity to implement a second collection criteria relative to a subset of managed endpoints; collecting additional data from the subset of managed endpoints using the second collection criteria; receiving additional context data that indicates the defined event no longer exists; and in response, collecting data from the managed endpoints using the first collection criteria.

Abstract: A method of remote desktop protocol (RDP) operating system (OS) session remote-control includes providing security credentials to a client device. The method includes requesting OS sessions currently operating on the client device. The method includes receiving from an agent on the client device, an indication of OS sessions currently operating on the client device. The OS sessions include one or more RDP OS sessions and a console OS session. The method includes selecting a first RDP OS session of the one or more RDP OS sessions. Responsive to the selection of the first RDP OS session, the method includes communicating with an agent an instruction to initiate a remote-control interface with the client device. The remote-control interface is configured such that the agent transmits visual data of the RDP OS session to the service device and relays commands from the service device.

Abstract: An embodiment includes a method of real-time, endpoint-specific SLA compliance evaluation in a managed network. The method includes receiving SLA definition input that indicates an SLA definition of the managed network. Responsive to detection of a trigger event, the method includes initiating a scan of endpoints including retrieval of endpoint-level state data. The method includes identifying a portion of the retrieved state data relevant to the SLA definition. The method includes aggregating the portions of the retrieved state data. The method includes determining whether the managed network is SLA compliant at an endpoint-level of granularity based on the aggregated portions. Responsive to the managed network being noncompliant, the method includes identifying a subset of endpoints failing to meet the SLA definition and implementing a product modification process to address a metric of the SLA definition and change a product to bring the first endpoint into compliance.

Abstract: An embodiment includes a method of application vulnerability assessment and prioritization. The method includes ingesting modelling data from data sources for application vulnerabilities. The method includes transforming at least a portion of the modelling data to covariate vectors. The method includes extracting keywords and phrases from the modelling data and statistically measuring relevance of files of the modelling data based on the extracted keywords and phrases. The method includes generating threat levels of the application vulnerabilities based on the covariate vectors and the measured relevance. The method includes outputting the threat levels to a network management system. The method includes implementing, at a first endpoint device of the network, a first patch to address one of the application vulnerabilities.

Abstract: A method for patch management is described. The method includes downloading a patch that is incompatible with a patch management system. The method also includes creating an archive that is executable by the patch management system. The archive includes the incompatible patch. The method further includes sending the archive to the patch management system.

Abstract: A method of mobile device management (MDM) comprising scanning, by an optical reader of a first mobile device, an optical code. The optical code is generated based on a policy and a group that includes the first and a second mobile device. The optical code has encoded enrollment details of the policy. Responsive to the scanning, the method includes connecting to a computer interface on which an enrollment application is accessible and causing display of an enrollment page. The method includes receiving identification input entered into the enrollment page. In response to the identification input, the method includes automatically transferring the enrollment details and the identification input to the enrollment application. Based on the transfer, enrolling the first mobile device in a MDM system. Enrollment of the first mobile device includes enabling a set of functions of the first mobile device consistent with the policy of the group.

Abstract: A method of product update management in systems having product access restrictions associated with administrative credentials includes detecting that an operating system (OS) update is outstanding at an endpoint. The method includes communicating a request for an OS update to the endpoint and determining whether it is enrolled in a mobile device management (MDM) environment. If the endpoint is enrolled in the MDM environment, the method includes communicating a request for an MDM call to an MDM module of a management device. The MDM module includes authority to initiate the OS update. The method includes queuing and scheduling an OS update command with an MDM requester. The method includes communicating, by the MDM requester, an update command to a vendor agent of the endpoint. The method includes interfacing with a third party update service to retrieve an OS update and communicating with the OS to initiate installation the OS update.

Abstract: Techniques to provide secure access to a service via an unmanaged device are disclosed. In various embodiments, a request from an unmanaged device to access a service is received via a communication interface. A user associated with the request is authenticated at least in part by prompting the user to use a managed device associated with the user to interact with data displayed at the unmanaged device. Access to the service is provided via the unmanaged device at least in part via a virtual browser instance running on a secure node and configured to access the service on behalf of the user and stream data associated with the service to the unmanaged device.

Abstract: A method may include obtaining Domain Name System (DNS) configuration policies, that indicate how to direct a DNS query based on various Internet Protocol (IP) addresses or Fully Qualified Domain Names (FQDNs). The method may include obtaining a DNS query request on a first interface adapter in which the DNS query request is obtained from a DNS client and directed toward a particular FQDN. The method may include determining whether the particular FQDN included with the DNS query request is included in the DNS configuration policies and directing the DNS query request to an alternative DNS destination responsive to determining that the particular FQDN is not included in the DNS configuration policies. The method may include generating, at the alternative DNS destination, a DNS response that includes an error code, injecting the DNS response into a Transport Control Protocol (TCP)/IP stack, and sending the DNS response to the DNS client.

Abstract: An apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method {1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or {2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based knowledge base from application request and response sequences.

Abstract: A method of unsupported product update data conversion includes receiving an initial software distribution package including rules to detect a product update status and to install a product update on an endpoint. The product update is not supported by a third-party update network. The method includes identifying elements of a rule. The method includes parsing the elements of the rule, which includes adding parent components representative of the elements to an expression tree and detecting functions for the elements. The functions are configured to implement the elements in the third-party update network. The method includes aggregating the functions for the parsed elements into a script file. The method includes converting the expression tree into a final command to perform the script file. The method includes generating a compatible update package based on the final command and distributing it to the third-party update network to deploy the product update.

Abstract: A method of remote desktop protocol (RDP) operating system (OS) session remote-control includes providing security credentials to a client device. The method includes requesting OS sessions currently operating on the client device. The method includes receiving from an agent on the client device, an indication of OS sessions currently operating on the client device. The OS sessions include one or more RDP OS sessions and a console OS session. The method includes selecting a first RDP OS session of the one or more RDP OS sessions. Responsive to the selection of the first RDP OS session, the method includes communicating with an agent an instruction to initiate a remote-control interface with the client device. The remote-control interface is configured such that the agent transmits visual data of the RDP OS session to the service device and relays commands from the service device.

Abstract: A method of identification and remediation of a mass event in a managed network. The method includes receiving a first report of an event occurring at a first endpoint of the managed network. In response, a first action is performed. The first action being initiated based on a repeating event trigger not being triggered. The method includes receiving a second report of the event occurring at a second endpoint. In response, the method includes determining whether a threshold that triggers the repeating event trigger is exceeded. The threshold being indicative of a mass event in the managed network. Responsive to the threshold being exceeded, the method includes triggering the repeating event trigger and performing a second automated resolution action in the managed network. The second action being different from the first action. Responsive to the threshold not being exceeded, the method includes performing the first action at the second endpoint.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.

Abstract: A method may include monitoring a log file at an endpoint of a managed network, and an error log entry that indicates a technical error experienced at the endpoint may be identified. The method may include ignoring the log entries that are generated during a first time period following identification of the error log entry. A first set of log entries may be collected during a first time interval beginning at the end of the first time period and going back a second time period. A second set of log entries may be collected during a second time interval beginning at the end of the first time period and moving forward for a third time period. The first and second sets of log entries may be aggregated, and a mitigation action determined based on analysis of the aggregated log entries may be implemented as a solution to the technical error.