Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies. Each security policy defines a parameter condition violation of which is potentially indicative of unauthorized activity on or manipulation of the second computer system to make it vulnerable to attack. When a result of the determination is affirmative, then a remediation is identified by the first computer system that can be applied to the second computer system to address the violation; and the remediation is deployed to the second computer system.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies. Each security policy defines a parameter condition violation of which is potentially indicative of unauthorized activity on or manipulation of the second computer system to make it vulnerable to attack. When a result of the determination is affirmative, then a remediation is identified by the first computer system that can be applied to the second computer system to address the violation; and the remediation is deployed to the second computer system.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, an agent running on an endpoint system collects information regarding a program-code-based operational state of the endpoint system. The agent transmits the information to a remote computer system via a network coupling the endpoint system and the remote computer system in communication. The remote computer system enforces one or more security policies with respect to the endpoint system based on the received information.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a computer system is periodically sampled. A determination is made regarding whether the program-code-based operational state represents a violation of a security policy by evaluating the information with respect to multiple security policies each of with defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the computer system or manipulation of the computer system to make the computer system vulnerable to attack. When a violation exists then a remediation is identified and deployed to the computer system. The violation is based at least in part on one or more of: whether a particular process is running; the existence, version or status of a particular application; and a version, type or configuration of an operating system installed.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a computer system is periodically sampled. A determination is made regarding whether the program-code-based operational state represents a violation of a security policy by evaluating the information with respect to multiple security policies each of with defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the computer system or manipulation of the computer system to make the computer system vulnerable to attack. When a violation exists then a remediation is identified and deployed to the computer system. The violation is based at least in part on one or more of: whether a particular process is running; the existence, version or status of a particular application; and a version, type or configuration of an operating system installed.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information is received by one computer system regarding a program-code-based operational state of another computer system at a particular time. It is determined whether the program-code-based operational state represents a violation of security policies that have been applied to or are active in regard to the computer system at issue by evaluating the received information with respect to the security policies. Each security policy defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation to make the computer system at issue vulnerable to attack. When a security policy violation is detected, then a remediation is identified that can address the violation; and the remediation is caused to be deployed to the computer system at issue.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, an agent running on an endpoint system collects information regarding a program-code-based operational state of the endpoint system. The agent transmits the information to a remote computer system via a network coupling the endpoint system and the remote computer system in communication. The remote computer system enforces one or more security policies with respect to the endpoint system based on the received information.

Abstract: Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information is received by one computer system regarding a program-code-based operational state of another computer system at a particular time. It is determined whether the program-code-based operational state represents a violation of security policies that have been applied to or are active in regard to the computer system at issue by evaluating the received information with respect to the security policies. Each security policy defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation to make the computer system at issue vulnerable to attack. When a security policy violation is detected, then a remediation is identified that can address the violation; and the remediation is caused to be deployed to the computer system at issue.

Abstract: Methods and systems for automatically determining one or more remediations for a remotely monitored host asset are provided. According to one embodiment, a policy database, having stored therein policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation of the host asset, is maintained by a remote server. The remote server receives via a network, a value of a parameter of the host asset. The parameter value is one of multiple parameter values that collectively characterize an operational state of the host asset. A determination is made whether there is a policy violation based on the parameter value by retrieving and evaluating one or more policies with reference to the parameter value. When a policy violation is confirmed, a remediation is retrieved from a remediation database associated with the remote server and the remediation is deployed to the host asset.

Abstract: A method, of automatically determining one or more remediations for a device that includes a processor, may include: receiving values of a plurality of parameters which collectively characterize an operational state of the device, there being at least one policy associated with at least a given one of the plurality of parameters, policy defining as a condition thereof one or more potential values of, or based upon, the given parameter, satisfaction of the condition potentially being indicative of unauthorized activity or manipulation of the device; automatically determining, from the received parameter values, whether the conditions for any policies are satisfied, respectively; and automatically selecting one or more remediations for the device according to the satisfied policies, respectively.

Abstract: A machine-actionable memory may include: one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between at least one R_ID field, the contents of which denote an identification (ID) of a remediation (R_ID); and at least one POL_ID field, the contents of which denotes an ID of at least one policy (POL_ID), the at-least-one policy respectively defining a condition satisfaction of which is potentially indicative of unauthorized activity or manipulation of the device.

Abstract: A machine-actionable memory may include: one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between at least one R_ID field, the contents of which denote an identification (ID) of a remediation (R_ID); and at least one POL_ID field, the contents of which denotes an ID of at least one policy (POL_ID), the at-least-one policy respectively defining a condition satisfaction of which is potentially indicative of unauthorized activity or manipulation of the device.

Abstract: A machine-actionable memory may include: one or more machine-actionable records arranged according to a data structure, the data structure including links that respectively map between at least one R_ID field, the contents of which denote an identification (ID) of a remediation (R_ID); and at least one POL_ID field, the contents of which denotes an ID of at least one policy (POL_ID), the at-least-one policy respectively defining a condition satisfaction of which is potentially indicative of unauthorized activity or manipulation of the device.

Abstract: A method, of automatically determining one or more remediations for a device that includes a processor, may include: receiving values of a plurality of parameters which collectively characterize an operational state of the device, there being at least one policy associated with at least a given one of the plurality of parameters, policy defining as a condition thereof one or more potential values of, or based upon, the given parameter, satisfaction of the condition potentially being indicative of unauthorized activity or manipulation of the device; automatically determining, from the received parameter values, whether the conditions for any policies are satisfied, respectively; and automatically selecting one or more remediations for the device according to the satisfied policies, respectively.

Abstract: A method, of automatically determining one or more remediations for a device that includes a processor, may include: receiving values of a plurality of parameters which collectively characterize an operational state of the device, there being at least one policy associated with at least a given one of the plurality of parameters, policy defining as a condition thereof one or more potential values of, or based upon, the given parameter, satisfaction of the condition potentially being indicative of unauthorized activity or manipulation of the device; automatically determining, from the received parameter values, whether the conditions for any policies are satisfied, respectively; and automatically selecting one or more remediations for the device according to the satisfied policies, respectively.