Patents by Inventor Brian H. Hajost
Brian H. Hajost has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240089298Abstract: Embodiments of the present invention provide for a method, system, and apparatus for processing content during scan and/or remediation processing. The method includes receiving a scan request or a remediation request. Content from a datastore referencing one or more controls as well as one or more of a compliance value, remediation value, and an ignore switch corresponding to each control is then loaded. If a scan request is received, the computing environment is scanned to determine all controls in the computing environment and the current setting of each. Thereafter, a subset of controls is determined, where the current setting of each control in the subset is out of compliance, the out of compliance state for each control is not to be ignored, and a remediation value for the corresponding control is listed in the loaded content. Thereafter, information regarding each control is determined, captured, and then stored.Type: ApplicationFiled: November 20, 2023Publication date: March 14, 2024Applicant: Steelcloud LLCInventors: Brian H. Hajost, Matthew Richard Heimlich
-
Patent number: 11824895Abstract: Embodiments of the present invention provide for a method, system, and apparatus for processing content during scan and/or remediation processing. The method includes receiving a scan request or a remediation request. Content from a datastore referencing one or more controls as well as one or more of a compliance value, remediation value, and an ignore switch corresponding to each control is then loaded. If a scan request is received, the computing environment is scanned to determine all controls in the computing environment and the current setting of each. Thereafter, a subset of controls is determined, where the current setting of each control in the subset is out of compliance, the out of compliance state for each control is not to be ignored, and a remediation value for the corresponding control is listed in the loaded content. Thereafter, information regarding each control is determined, captured, and then stored.Type: GrantFiled: December 27, 2017Date of Patent: November 21, 2023Assignee: Steelcloud, LLC.Inventor: Brian H. Hajost
-
Patent number: 11641378Abstract: A method for migrating security benchmark compliance content from a source platform to a target platform includes filtering a set of configuration parameters in a source platform to a subset of configuration parameters, each of the parameters corresponding to a respectively different entry in a security checklist of a security benchmark. Then, a listing is presented in a user interface of each of the configuration parameters and for each configuration parameter, a corresponding entry in the security checklist regulating the configuration parameter according to a range of values. Finally, the configuration parameters in the subset are applied to a target platform excepting for at least one of the configuration parameters. Instead, alternative value within the range is received as input in the user interface and is applied to the target platform in lieu of the at least one of the configuration parameters.Type: GrantFiled: May 7, 2020Date of Patent: May 2, 2023Assignee: Steelcloud LLCInventor: Brian H. Hajost
-
Patent number: 11609995Abstract: Guard-railed security benchmark compliance assurance includes storing in memory of a computer a multiplicity of specific parameter values, retrieving from memory, different parameterized operating system directives arranged together in a programmatic module, populating different parameters of the directives with respective ones of the stored specific parameter values and invoking each of the directives with the populated different parameters through a command line shell of an operating system executing in the computer, each invocation establishing a different configuration setting in a computing environment hosted by the computer.Type: GrantFiled: May 7, 2020Date of Patent: March 21, 2023Assignee: SteelCloud, LLCInventors: Brian H. Hajost, Matthew Richard Heimlich, Fredi Jaramiilo
-
Patent number: 11368366Abstract: Embodiments of the present invention provide for group policy object (GPO) update compliance. A method for GPO update compliance includes selecting both a compliance update and also a computing system as an endpoint targeted for receiving the compliance update, directing execution of a remediation process that applies the compliance update onto the selected endpoint and performing a re-scan of the selected endpoint subsequent to the execution of the remediation process. The method further includes executing a GPO update within a threshold period of time after the re-scan and repeating the re-scan after the GPO update and then comparing a log produced by the repeated re-scan after the GPO update with a log produced by the re-scan before the GPO update, detecting an out-of-compliance update in the comparison and responding to the out-of-compliance update by directing a repair of the out-of-compliance update using a domain login for the selected endpoint.Type: GrantFiled: December 29, 2020Date of Patent: June 21, 2022Assignee: Steelcloud, Inc.Inventors: Brian H. Hajost, Fredi Jaramillo, Matthew Heimlich
-
Publication number: 20210350002Abstract: Guard-railed security benchmark compliance assurance includes storing in memory of a computer a multiplicity of specific parameter values, retrieving from memory, different parameterized operating system directives arranged together in a programmatic module, populating different parameters of the directives with respective ones of the stored specific parameter values and invoking each of the directives with the populated different parameters through a command line shell of an operating system executing in the computer, each invocation establishing a different configuration setting in a computing environment hosted by the computer.Type: ApplicationFiled: May 7, 2020Publication date: November 11, 2021Inventor: Brian H. Hajost
-
Publication number: 20210352112Abstract: A method for migrating security benchmark compliance content from a source platform to a target platform includes filtering a set of configuration parameters in a source platform to a subset of configuration parameters, each of the parameters corresponding to a respectively different entry in a security checklist of a security benchmark. Then, a listing is presented in a user interface of each of the configuration parameters and for each configuration parameter, a corresponding entry in the security checklist regulating the configuration parameter according to a range of values. Finally, the configuration parameters in the subset are applied to a target platform excepting for at least one of the configuration parameters. Instead, alternative value within the range is received as input in the user interface and is applied to the target platform in lieu of the at least one of the configuration parameters.Type: ApplicationFiled: May 7, 2020Publication date: November 11, 2021Inventor: Brian H. Hajost
-
Publication number: 20210119873Abstract: Embodiments of the present invention provide for group policy object (GPO) update compliance. A method for GPO update compliance includes selecting both a compliance update and also a computing system as an endpoint targeted for receiving the compliance update, directing execution of a remediation process that applies the compliance update onto the selected endpoint and performing a re-scan of the selected endpoint subsequent to the execution of the remediation process. The method further includes executing a GPO update within a threshold period of time after the re-scan and repeating the re-scan after the GPO update and then comparing a log produced by the repeated re-scan after the GPO update with a log produced by the re-scan before the GPO update, detecting an out-of-compliance update in the comparison and responding to the out-of-compliance update by directing a repair of the out-of-compliance update using a domain login for the selected endpoint.Type: ApplicationFiled: December 29, 2020Publication date: April 22, 2021Inventors: Brian H. Hajost, Fredi Jaramillo, Matthew Heimlich
-
Patent number: 10880171Abstract: Embodiments of the present invention provide for group policy object (GPO) update compliance. A method for GPO update compliance includes selecting both a compliance update and also a computing system as an endpoint targeted for receiving the compliance update, directing execution of a remediation process that applies the compliance update onto the selected endpoint and performing a re-scan of the selected endpoint subsequent to the execution of the remediation process. The method further includes executing a GPO update within a threshold period of time after the re-scan and repeating the re-scan after the GPO update and then comparing a log produced by the repeated re-scan after the GPO update with a log produced by the re-scan before the GPO update, detecting an out-of-compliance update in the comparison and responding to the out-of-compliance update by directing a repair of the out-of-compliance update using a domain login for the selected endpoint.Type: GrantFiled: September 9, 2018Date of Patent: December 29, 2020Assignee: STEELCLOUD, LLCInventors: Brian H. Hajost, Fredi Jaramillo, Matthew Heimlich
-
Patent number: 10341303Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a publishable computer file. The method includes selecting a first computer file encapsulating a source security policy for a computing device and creating a second computer file using the source security policy of the first computer file to create a local security policy and to encapsulate the created local security policy and also an operating system security policy. The method further includes calculating a hash value for the second computer file and storing the hash value in a header for the second computer file. The method yet further includes encrypting the second computer file, wherein the encrypted second computer file once loaded into memory of the computing device is processed by the computing device.Type: GrantFiled: December 8, 2016Date of Patent: July 2, 2019Assignee: STEELCLOUD, LLCInventors: Brian H. Hajost, Fredi Jaramillo, Bao Nguyen
-
Publication number: 20190199754Abstract: Embodiments of the present invention provide for a method, system, and apparatus for processing content during scan and/or remediation processing. The method includes receiving a scan request or a remediation request. Content from a datastore referencing one or more controls as well as one or more of a compliance value, remediation value, and an ignore switch corresponding to each control is then loaded. If a scan request is received, the computing environment is scanned to determine all controls in the computing environment and the current setting of each. Thereafter, a subset of controls is determined, where the current setting of each control in the subset is out of compliance, the out of compliance state for each control is not to be ignored, and a remediation value for the corresponding control is listed in the loaded content. Thereafter, information regarding each control is determined, captured, and then stored.Type: ApplicationFiled: December 27, 2017Publication date: June 27, 2019Inventor: Brian H. Hajost
-
Patent number: 10044742Abstract: Embodiments of the present invention provide a method, system, and computer program product for debugging a computer environment. In an embodiment of the invention, an anomaly is detected in a computing environment of multiple different computing devices disposed in multiple different network domains. Thereafter, administrative network privileges to access the multiple different network domains are acquired and existing resources in the computing environment are identified. Additionally, a signature file is loaded into a memory of the computer, where the signature file denotes infrastructure requirements of the computing environment, and the existing resources and the infrastructure requirements denoted in the signature file are compared to determine whether a disparity exists between the existing resources and the infrastructure requirements.Type: GrantFiled: November 28, 2017Date of Patent: August 7, 2018Assignee: STEELCLOUD, LLCInventors: Bao Nguyen, Fredi Jaramillo, Brian H. Hajost
-
Patent number: 9954900Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a publishable computer file. The method includes selecting a first computer file encapsulating a source security policy for a computing device and creating a second computer file using the source security policy of the first computer file to create a local security policy and to encapsulate the created local security policy and also an operating system security policy. The method further includes calculating a hash value for the second computer file and storing the hash value in a header for the second computer file. The method yet further includes encrypting the second computer file, wherein the encrypted second computer file once loaded into memory of the computing device is processed by the computing device.Type: GrantFiled: June 13, 2016Date of Patent: April 24, 2018Assignee: STEELCLOUD, LLCInventors: Brian H. Hajost, Fredi Jaramillo
-
Patent number: 9940115Abstract: Embodiments of the present invention provide a method, system, and computer program product for ensuring the veracity of a mobile application for deployment in a distributed computing environment. In an embodiment of the invention, a method for ensuring the veracity of a mobile application for deployment in a distributed computing environment is provided. The method includes detecting a mobile application being uploaded for deployment to a mobile computing device in the distributed computing environment, creating and then storing a fingerprint for the uploaded mobile application, calculating an offset value according to the fingerprint for the uploaded mobile application, and storing the offset value for the uploaded mobile application.Type: GrantFiled: March 6, 2017Date of Patent: April 10, 2018Assignee: STEELCLOUD, LLCInventor: Brian H. Hajost
-
Publication number: 20180083998Abstract: Embodiments of the present invention provide a method, system, and computer program product for debugging a computer environment. In an embodiment of the invention, an anomaly is detected in a computing environment of multiple different computing devices disposed in multiple different network domains. Thereafter, administrative network privileges to access the multiple different network domains are acquired and existing resources in the computing environment are identified. Additionally, a signature file is loaded into a memory of the computer, where the signature file denotes infrastructure requirements of the computing environment, and the existing resources and the infrastructure requirements denoted in the signature file are compared to determine whether a disparity exists between the existing resources and the infrastructure requirements.Type: ApplicationFiled: November 28, 2017Publication date: March 22, 2018Applicant: SteelCloud, LLCInventors: Bao Nguyen, Fredi Jaramillo, Brian H. Hajost
-
Patent number: 9853990Abstract: Embodiments of the present invention provide a method, system, and computer program product for debugging a computer environment. In an embodiment of the invention, an anomaly is detected in a computing environment of multiple different computing devices disposed in multiple different network domains. Thereafter, administrative network privileges to access the multiple different network domains are acquired and existing resources in the computing environment are identified. Additionally, a signature file is loaded into a memory of the computer, where the signature file denotes infrastructure requirements of the computing environment, and the existing resources and the infrastructure requirements denoted in the signature file are compared to determine whether a disparity exists between the existing resources and the infrastructure requirements.Type: GrantFiled: March 29, 2016Date of Patent: December 26, 2017Assignee: SteelCloud, LLCInventors: Bao Nguyen, Fredi Jaramillo, Brian H. Hajost
-
Publication number: 20170177316Abstract: Embodiments of the present invention provide a method, system, and computer program product for ensuring the veracity of a mobile application for deployment in a distributed computing environment. In an embodiment of the invention, a method for ensuring the veracity of a mobile application for deployment in a distributed computing environment is provided. The method includes detecting a mobile application being uploaded for deployment to a mobile computing device in the distributed computing environment, creating and then storing a fingerprint for the uploaded mobile application, calculating an offset value according to the fingerprint for the uploaded mobile application, and storing the offset value for the uploaded mobile application.Type: ApplicationFiled: March 6, 2017Publication date: June 22, 2017Inventor: Brian H. Hajost
-
Patent number: 9621596Abstract: Embodiments of the present invention provide a method, system, and computer program product for ensuring the veracity of a mobile application for deployment in a distributed computing environment. In an embodiment of the invention, a method for ensuring the veracity of a mobile application for deployment in a distributed computing environment is provided. The method includes detecting a mobile application being uploaded for deployment to a mobile computing device in the distributed computing environment, creating and then storing a fingerprint for the uploaded mobile application, calculating an offset value according to the fingerprint for the uploaded mobile application, and storing the offset value for the uploaded mobile application.Type: GrantFiled: December 9, 2013Date of Patent: April 11, 2017Assignee: SteelCloud, LLCInventor: Brian H. Hajost
-
Publication number: 20170093813Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a publishable computer file. The method includes selecting a first computer file encapsulating a source security policy for a computing device and creating a second computer file using the source security policy of the first computer file to create a local security policy and to encapsulate the created local security policy and also an operating system security policy. The method further includes calculating a hash value for the second computer file and storing the hash value in a header for the second computer file. The method yet further includes encrypting the second computer file, wherein the encrypted second computer file once loaded into memory of the computing device is processed by the computing device.Type: ApplicationFiled: December 8, 2016Publication date: March 30, 2017Inventors: Brian H. Hajost, Fredi Jaramillo, Bao Nguyen
-
Publication number: 20160301715Abstract: Embodiments of the present invention provide for a method, system, and apparatus for creating a publishable computer file. The method includes selecting a first computer file encapsulating a source security policy for a computing device and creating a second computer file using the source security policy of the first computer file to create a local security policy and to encapsulate the created local security policy and also an operating system security policy. The method further includes calculating a hash value for the second computer file and storing the hash value in a header for the second computer file. The method yet further includes encrypting the second computer file, wherein the encrypted second computer file once loaded into memory of the computing device is processed by the computing device.Type: ApplicationFiled: June 13, 2016Publication date: October 13, 2016Inventors: Brian H. Hajost, Fredi Jaramillo