Abstract: Apparatus and methods are disclosed for implementing bandwidth throttling to regulate network traffic as can be used in, for example, vulnerability scanning and detection applications in a computer network environment. According to one embodiment, a method of routing network packets in a networked device having plural network interfaces combines applying traffic class and network interface throttling for marking network packets with a differentiated service code based on input received from a profiler application, throttling the bandwidth of network packets based on a threshold for a designated network interface for the packet, throttling the bandwidth of the bandwidth-throttled packets based on a threshold for its respective differentiated service code, and emitting network packets on each respective designated network interface.

Abstract: Apparatus and methods are disclosed for identifying differences in objects of a computing device using definitions expressed in vulnerability assessment languages such as Open Vulnerability and Assessment Language (OVAL). In one example of the disclosed technology, a method includes receiving criteria for evaluating the computing device using an agent. The criteria specify object tests used to generate associated state values based on states or status of the tested objects. The criteria are evaluated and first state values generated by performing the object tests are stored as expected values for object tests. The criteria are then evaluated by re-performing the object tests, and second state values thereby generated are compared to the first state values. One or more differences between the first and second state values can be identified and reported to, for example, a monitor server.

Abstract: An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating detecting of a change to an element of a data processing device of the data processing environment. In various embodiments, the method may further include facilitating reconciling the change with a conformance authority, the conformance authority having one or more guidelines. Other embodiments of the present invention may include, but are not limited to, apparatuses adapted to facilitate practice of the above-described method.

Abstract: Embodiments of the present invention provide methods and systems for automated change audit of an enterprise's IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls.

Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for managing, monitoring, controlling, and/or classifying assets in an information technology (“IT”) environment. Certain embodiments leverage bath services oriented architecture concepts and event mechanisms to create a platform with which additional controls can easily integrate.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for improving the functioning of IT assets in an IT infrastructure. The embodiments help secure and protect against outside cybersecurity attacks on IT assets and infrastructures, such as internet-centric attacks. Particular embodiments comprise detecting exploitable vulnerabilities of IT assets of an IT infrastructure, using the observed vulnerability data together with collected event log data to determine whether a respective vulnerability has actually been exploited for an asset, integrating change audit data and third-party threat data with the vulnerability data for exploited vulnerabilities, generating user interfaces/reports that display selected aspects of the integrated data, and/or modifying the asset to address the exploited vulnerability in response.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from a compliance and configuration control (“CCC”) tool and generating information for a security information and event management (“SIEM”) tool based on the information from the CCC tool. For example, in one exemplary embodiment, information from a CCC tool is transferred to a SIEM tool or logging tool by receiving the information from the CCC tool in a format that is not recognized by the SIEM tool or logging tool, and generating an output message in a message format that is recognized by the SIEM tool or logging tool. In particular embodiments, the message format is a customizable message format that is adaptable to multiple different SIEM tools or logging tools. In further embodiments, the data transferred to the SIEM tool comprises data indicative of compliance policy changes.

Abstract: Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user. In various embodiments, a reason may be determined for causing a cluster of changes and the change catalog may updated with the reason.

Abstract: An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating detecting of a change to an element of a data processing device of the data processing environment. In various embodiments, the method may further include facilitating reconciling the change with a conformance authority, the conformance authority having one or more guidelines. Other embodiments of the present invention may include, but are not limited to, apparatuses adapted to facilitate practice of the above-described method.

Abstract: Apparatus and methods are disclosed for generating, sending, and receiving messages in a networked environment using autonomous (or semi-autonomous) agents. In one example of the disclosed technology, a method of controlling message flow in a computer network comprising a plurality of agents, agent data consumers, and an agent message bridge configured to send messages by receiving a set of messages, at least some of the messages including a message type, queuing the set of messages in a spooler that includes an indication of the respective message type for each of the messages, receive an indication that sending some of the messages queued in the spooler should be delayed for one or more indicated message types, and sending at least one of the messages to a selected one or more of the agent data consumers, the sent messages not being of the indicated message types.

Abstract: Disclosed herein are methods, systems, and articles associated with remediation execution. In embodiments, a set of policy test failures may be selected for remediation. The set of policy test failures may be associated with a computer network with a number of nodes. For each failure within the set of policy test failures, a remediation script may be obtained to remediate a corresponding policy test failure. The remediation scripts may be selectively provided to nodes that are affected by policy test failures, for execution by the nodes. A remediation script result for each remediation script executed may be received. Based upon the remediation script results, it may be determined whether or not execution of the remediation scripts was successful.

Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for managing, monitoring, controlling, and/or classifying assets in an information technology (“IT”) environment. Certain embodiments leverage both services oriented architecture concepts and event mechanisms to create a platform with which additional controls can easily integrate.

Abstract: Embodiments of the present invention provide methods and systems for automated change audit of an enterprise's IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls.

Abstract: Apparatus and methods are disclosed herein for analyzing computer programs for potential security vulnerabilities. In one computer-implemented embodiment of the disclosed technology, a method includes analyzing a package for an application (e.g., a mobile device application package) by disassembling at least a portion of executable code associated with the application, searching for a pattern associated with a potentially vulnerably function or method, and, if the function or method is defined, then analyzing disassembled code for the function to determine whether a vulnerability is present. In some examples, a number of packages are stored in an application store database and scanned periodically to statically analyze the package for vulnerabilities.

Abstract: Disclosed herein are methods, systems, and articles associated with remediation workflow. A method may include determining one or more test failures related to a policy test within a computer network, and reviewing the one or more test failures. The method may further include, based upon a result of the reviewing, creating a remediation work order that includes at least one of the one or more test failures. Each test failure within the remediation work order may be approved or denied. For each test failure that is approved for remediation, a remediation process may be executed.

Abstract: Apparatus and methods are disclosed for performing dynamic vulnerability correlation suitable for use in enterprise information technology (IT) environments, including vulnerability filtering, patch correlation, and vulnerability paring. According to one disclosed embodiment, a method of vulnerability filtering includes attempting to execute vulnerability scanning rules according to a specified order in a rule hierarchy, and depending on the type of the rule hierarchy and on whether the attempt was successful, not executing additional rules in the rule hierarchy. In another disclosed embodiment, a method of patch correlation includes executing vulnerability scanning rules based on a correlation associations including, if a particular vulnerability is detected, then not executing other correlated scanning rules for a particular software patch.

Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for managing and classifying assets in an information technology (“IF”) environment using a tag-based approach. The disclosed tag-based classification techniques can be implemented through a graphical user interface. Embodiments of the disclosed tag-based classification techniques can be used to allow a user to easily and quickly select, and perform actions on groups of one or more assets (e.g., monitor policies, perform upgrades, etc.). For example, the tag-based classification techniques can automatically classify assets into “tag sets” (or “tagged sets”) based on node properties or user-selected criteria or conditions (e.g., criteria or conditions that are established in a user-created tagging profile or rule). The tagged assets can then be further filtered to identify even deeper relationships between the assets.

Abstract: In various embodiments, a compliance server receives change data associated with a change captured on a target host. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Also, in various embodiments, the compliance server may determine whether the one or more rules, settings, and/or parameters meet one or more compliance policies and generate one or more test results based at least on the results of the determining. Further, in some embodiments, the target host may detect a change to a rule, setting, and/or parameter based on a collection policy defining what change data is to be collected by the target host and provide data associated with the rule, setting, and/or parameter as change data to the compliance server.

Abstract: Disclosed herein are representative embodiments of methods, apparatus, and systems for processing and managing information from one or more security control tools, such as a security configuration management tool, a vulnerability management tool, an event logging tool, or other IT infrastructure security or monitoring tool that is used to monitor, secure, and/or control assets in an IT infrastructure. For example, in some embodiments, user interfaces are disclosed that allow a user to quickly view, filter, and evaluate the degree of security control coverage in selected assets of an enterprise. In further embodiments, user interfaces are disclosed that allow a user to view and evaluate the current security state for selected assets in across a variety of categories and, in some cases, as guided by a two-dimensional vulnerability risk matrix.

Abstract: Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user. In various embodiments, a reason may be determined for causing a cluster of changes and the change catalog may updated with the reason.