Abstract: Disclosed below are representative embodiments of methods, apparatus, and systems for managing and classifying assets in an information technology (“IT”) environment using a tag-based approach. The disclosed tag-based classification techniques can be implemented through a graphical user interface. Embodiments of the disclosed tag-based classification techniques can be used to allow a user to easily and quickly select and perform actions on groups of one or more assets (e.g., monitor policies, perform upgrades, etc.). For example, the tag-based classification techniques can automatically classify assets into “tag sets” (or “tagged sets”) based on node properties or user-selected criteria or conditions (e.g., criteria or conditions that are established in a user-created tagging profile or rule). The tagged assets can then be further filtered to identify even deeper relationships between the assets.

Abstract: An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating creation of a first memorialization, in digital form, of first one or more changes made to a first data processing device of the data processing environment. In various embodiments, the method may further include facilitating creation of a second and a third memorialization, both in digital form, of second and third one or more changes made to a second and a third data processing device of the data processing environment, respectively. In various embodiments, the method may still further include facilitating automated approval of the second and third changes made to the second and third data processing devices, using the first, second and third memorializations. Other embodiments of the present invention may include, but are not limited to, apparatus adapted to facilitate practice of the above-described method.

Abstract: Apparatus and methods are disclosed for implementing bandwidth throttling to regulate network traffic as can be used in, for example, vulnerability scanning and detection applications in a computer network environment. According to one embodiment, a method of routing network packets in a networked device having plural network interfaces combines applying traffic class and network interface throttling for marking network packets with a differentiated service code based on input received from a profiler application, throttling the bandwidth of network packets based on a threshold for a designated network interface for the packet, throttling the bandwidth of the bandwidth-throttled packets based on a threshold for its respective differentiated service code, and emitting network packets on each respective designated network interface.

Abstract: An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating creation of a first memorialization, in digital form, of first one or more changes made to a first data processing device of the data processing environment. In various embodiments, the method may further include facilitating creation of a second and a third memorialization, both in digital form, of second and third one or more changes made to a second and a third data processing device of the data processing environment, respectively. In various embodiments, the method may still further include facilitating automated approval of the second and third changes made to the second and third data processing devices, using the first, second and third memorializations. Other embodiments of the present invention may include, but are not limited to, apparatus adapted to facilitate practice of the above-described method.

Abstract: Apparatus and methods are disclosed for implementing software reconciliation frameworks to process changes detected to software installed on computer hosts. According to one embodiment, a method includes receiving change data describing changes to one or more software components stored on a computer-readable storage device, determining installed software on a computer associated with the computer-readable storage device, receiving a manifest comprising a description of file changes associated with a software patch or update for the installed software, and comparing the change data to the manifest. Based on the comparing, if the change data matches the manifest, the changes are promoted, and if the change data does not match the manifest, the changes are marked for further analysis.

Abstract: Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user. In various embodiments, a reason may be determined for causing a cluster of changes and the change catalog may updated with the reason.

Abstract: An automated method for facilitating management of a data processing environment is disclosed. In various embodiments, the method may include facilitating creation of a first memorialization, in digital form, of first one or more changes made to a first data processing device of the data processing environment. In various embodiments, the method may further include facilitating creation of a second and a third memorialization, both in digital form, of second and third one or more changes made to a second and a third data processing device of the data processing environment, respectively. In various embodiments, the method may still further include facilitating automated approval of the second and third changes made to the second and third data processing devices, using the first, second and third memorializations. Other embodiments of the present invention may include, but are not limited to, apparatus adapted to facilitate practice of the above-described method.

Abstract: Apparatus and methods are disclosed for generating, sending, and receiving messages in a networked environment using autonomous (or semi-autonomous) agents. In one example of the disclosed technology, a method of collecting data from an agent executing on a host computer connected to one or more agent data consumers via a network connection includes collecting host data, the collecting occurring whether or not the agent can currently send data via the network connection. When the agent cannot send data via the network connection, the agent spools at least a portion of the collected host data in a spooler. When the agent can send data via the computer network, the agent sends at least a portion of the spooled host data to at least one of the agent data consumers.

Abstract: Disclosed herein are methods, systems, and articles associated with remediation execution. In embodiments, a set of policy test failures may be selected for remediation. The set of policy test failures may be associated with a computer network with a number of nodes. For each failure within the set of policy test failures, a remediation script may be obtained to remediate a corresponding policy test failure. The remediation scripts may be selectively provided to nodes that are affected by policy test failures, for execution by the nodes. A remediation script result for each remediation script executed may be received. Based upon the remediation script results, it may be determined whether or not execution of the remediation scripts was successful.

Abstract: An organization's security data is compared to an aggregation of multiple organizations' security data. Security data is received from multiple organizations having organizational characteristics. The received security data is aggregated based on the organizational characteristics to generate sets of aggregate data associated with the organizational characteristics. A query is received from an organization of the multiple organizations. The query specifies a particular organizational characteristic. A set of aggregate data associated with the specified organizational characteristic is identified. A representation of the organization's security data in relation to the identified set of aggregate data is generated. The representation is transmitted to the organization in response to the query.

Abstract: Embodiments of the present invention provide methods and systems for automated change audit of an enterprise's IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls.

Abstract: Embodiments of the present disclosure provide methods and systems for triggering scripts based upon an alert within a virtual infrastructure. Other embodiments may be described and claimed.

Abstract: Disclosed herein are methods, systems, and articles associated with remediation workflow. A method may include determining one or more test failures related to a policy test within a computer network, and reviewing the one or more test failures. The method may further include, based upon a result of the reviewing, creating a remediation work order that includes at least one of the one or more test failures. Each test failure within the remediation work order may be approved or denied. For each test failure that is approved for remediation, a remediation process may be executed.

Abstract: A system comprises a security manager to scan a network for host instances representing hosts on the network at that time, and record characteristics of the host instances in a host record. The security manager subsequently scans the network for host instances in order to identify persistent hosts. A host profiling module takes snapshots of the network to generate host instances based on characteristics such as an IP address, a NetBIOS name, a DNS name, a MAC address. A host matching module correlates host instances from different snapshots using weighted rules (predetermined or customized) to discriminate between multiple potential matching host instances. Also, security logic makes security decisions based on data including persistent host information.

Abstract: Embodiments of the present invention provide methods and systems for automated change audit of an enterprise's IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls.

Abstract: An apparatus is provided with a change management module adapted to manage making changes to a data processing device of a data processing environment.

Abstract: A network services platform provides services to remote enterprise networks. The services platform provides a control module to a computer in the enterprise network. The control module executes on the computer and interacts with the services platform to establish an Internet Protocol (IP) tunnel between the services platform and the computer. The control module also establishes a bridge between the IP tunnel and the enterprise network. The services platform allocates a unique private IP address space to the enterprise network, and translates IP addresses in network communications between enterprise network addresses and corresponding services platform addresses in the allocated unique private address space. The services platform provides network services to the enterprise network via the IP tunnel and bridge.

Abstract: Disclosed herein are methods, systems, and articles associated with correlating detected changes within a computer network with remediation processes performed in response to policy test failures. In embodiments, on determination that a failure of a policy test has occurred within a computer network having a number of nodes, a remediation process may be executed to remediate the failure. Change at a node may be detected. Further, the detected change may be correlated with the execution of the remediation process, and the correlation may be identified.

Abstract: Methods, systems, and articles for receiving, by a monitor server, change data associated with a change captured on a target host, are described herein. In various embodiments, the target host may have provided the change data in response to detecting the change, and the change data may include one or more rules, settings, and/or parameters. Further, in some embodiments, the monitor server may then group the change data into clusters and may correlate the clusters with a change catalog in order to provide a possible reason or cause for the cluster of changes. Once the change data have been classified as clusters, a report may be generated providing classification or categorization and cluster information for the various changes. In various embodiments, the generating may comprise generating a report to the target host and/or to an administrative user.

Abstract: An enterprise network includes hosts running services. Some of the services have security vulnerabilities. There are one or more threat zones associated with the network. For example, a firewall may create two threat zones, one internal to the firewall and one external to it. A device profiler in the first threat zone profiles the hosts on the network and identifies the vulnerabilities that are present. A device profiler in the second threat zone determines which of the identified vulnerabilities are accessible from its zone. A risk module calculates the risk associated with a vulnerability based on the vulnerability's severity, threat level metrics for the threat zones, and an asset value of the host with the vulnerability. A reporting module prioritizes the vulnerabilities based on their risks.