Abstract: There is disclosed in one example a server apparatus, including: a hardware platform including a processor and a memory; a network interface; and a vulnerability assessment server engine including instructions encoded within the memory to instruct the processor to: receive via the network interface an endpoint payload including a platform identification string, including an identifier for an application and an identifier for an action to be taken by the application; query a vulnerability database and platform identification string database to procure an application-specific reputation for the action; and send via the network interface the application-specific reputation for the action.

Abstract: In an example, a vulnerability assessment engine is disclosed. The vulnerability assessment engine may include a shim application and a shim agent. The shim application sits at a relatively low level in an operational stack, such as just above the operating system itself. It may intercept system calls through operating system hooks or other means, so as to determine whether an action taken by an executable object should be allowed. The vulnerability assessment engine sends an identifier, such as a common platform enumeration (CPE)-like string to a server, which queries a database to determine a response code for the action. The response code may indicate that the action should be allowed, blocked, allowed with a warning, or other useful action. A shim agent may also be installed to receive notifications from the server or to query the server for available updates or patches for the executable object.

Abstract: Usage patterns of an authentic user of a mobile device are generated from data collected representing usage by the authentic user. These usage patterns may then be compared to monitored usage of the mobile device. If usage of the mobile device exceeds a threshold based on one or more of the usage patterns, access to data on the mobile device can be prevented.

Abstract: A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system.

Abstract: Usage patterns of an authentic user of a mobile device are generated from data collected representing usage by the authentic user. These usage patterns may then be compared to monitored usage of the mobile device. If usage of the mobile device exceeds a threshold based on one or more of the usage patterns, access to data on the mobile device can be prevented.

Abstract: In an example, a vulnerability assessment engine is disclosed. The vulnerability assessment engine may include a shim application and a shim agent. The shim application sits at a relatively low level in an operational stack, such as just above the operating system itself. It may intercept system calls through operating system hooks or other means, so as to determine whether an action taken by an executable object should be allowed. The vulnerability assessment engine sends an identifier, such as a common platform enumeration (CPE)-like string to a server, which queries a database to determine a response code for the action. The response code may indicate that the action should be allowed, blocked, allowed with a warning, or other useful action. A shim agent may also be installed to receive notifications from the server or to query the server for available updates or patches for the executable object.

Abstract: A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system.

Abstract: A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system.

Abstract: A first Internet protocol version 6 (IPv6) address of a particular computing device within a network is identified using a first passive discovery sensor performing a first discovery task. A second discovery task is caused to be performed using the first IPv6 address and an attribute of the particular computing device is identified from results of the second discovery task. The first IPv6 address and attribute of the particular device is added to a repository maintaining a record of detected IPv6 addresses within the network. In some instances, a first passive discovery sensor can be one of an event-based discovery sensor, a latent-type discovery sensor, and an indirect-type discovery sensor.

Abstract: A plurality of system entities described in an asset repository are identified, the asset repository defining a particular hierarchical organization of the plurality of system entities within a computing environment. A particular system entity in the plurality of system entities is tagged with a particular tag. The particular system entity is associated with a particular security policy based on the particular system entity being tagged with the particular tag. The particular security policy is applied to system entities in the asset repository tagged with one or more tags in a particular set of tags including the particular tag.

Abstract: A plurality of system entities described in an asset repository are identified, the asset repository defining a particular hierarchical organization of the plurality of system entities within a computing environment. A particular system entity in the plurality of system entities is tagged with a particular tag. The particular system entity is associated with a particular security policy based on the particular system entity being tagged with the particular tag. The particular security policy is applied to system entities in the asset repository tagged with one or more tags in a particular set of tags including the particular tag.

Abstract: A pluggable asset detection engine is used to identify devices within a network. The pluggable asset detection engine includes a set of pluggable discovery sensors and is adapted to identify particular address information of a particular computing device within a network, using a first pluggable discovery sensor in the set of discovery sensors, and send an identification of the particular address information of the particular computing device to an asset management system for inclusion of the particular address information in an asset repository managed by the asset management system.

Abstract: A first Internet protocol version 6 (IPv6) address of a particular computing device within a network is identified using a first passive discovery sensor performing a first discovery task. A second discovery task is caused to be performed using the first IPv6 address and an attribute of the particular computing device is identified from results of the second discovery task. The first IPv6 address and attribute of the particular device is added to a repository maintaining a record of detected IPv6 addresses within the network. In some instances, a first passive discovery sensor can be one of an event-based discovery sensor, a latent-type discovery sensor, and an indirect-type discovery sensor.