Abstract: A management unit comprising a processor, the management unit is configured to be in communication with at least one management system, the at least one management system configured to be in communication with at least one endpoint machine in an environment of multiple endpoint machines, the processor is configured to: assign for the at least one management system a dynamic group of endpoint machines; execute a relevant adaptor on the management system according to the assigned dynamic group; and apply to the dynamic group of endpoint machines, by the executed adaptor, policy rules relevant to the dynamic group of endpoint machines.

Abstract: A management unit comprising a processor, the management unit is configured to be in communication with at least one management system, the at least one management system configured to be in communication with at least one endpoint machine in an environment of multiple endpoint machines, the processor is configured to: assign for the at least one management system a dynamic group of endpoint machines; execute a relevant adaptor on the management system according to the assigned dynamic group; and apply to the dynamic group of endpoint machines, by the executed adaptor, policy rules relevant to the dynamic group of endpoint machines.

Abstract: A method of executing an original agent application as a virtual agent, the method comprising encapsulating an original agent in a container file to produce a virtual agent; providing the virtual agent to an endpoint machine; and executing the virtual agent, within the container, on the endpoint machine.

Abstract: A system and method for providing a service may include creating a management tool backend server. A management unit may be installed on a management tool backend server. A request to provide a management service may be received and the management unit and a plurality of management agents installed in a plurality of endpoint servers may be caused to provide the management service.

Abstract: A network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. Policy definition includes a template of rules, definition of rule severity, and a compliance threshold specifying a number of rules of a severity that render the policy non-compliant. The compliance application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a series of views indicative of a plurality of policies in the set of policies, each of the views indicative of violations attributable to each of the policies. From the displayed view, the application receives a detail selection corresponding to a subset of the displayed violations for detailed report display.

Abstract: A management unit comprising a processor, the management unit is configured to be in communication with at least one management system, the at least one management system configured to be in communication with at least one endpoint machine in an environment of multiple endpoint machines, the processor is configured to: assign for the at least one management system a dynamic group of endpoint machines; execute a relevant adaptor on the management system according to the assigned dynamic group; and apply to the dynamic group of endpoint machines, by the executed adaptor, policy rules relevant to the dynamic group of endpoint machines.

Abstract: A method of executing an original agent application as a virtual agent, the method comprising encapsulating an original agent in a container file to produce a virtual agent; providing the virtual agent to an endpoint machine; and executing the virtual agent, within the container, on the endpoint machine.

Abstract: A compliance manager presents a set of selectable compliance tests (e.g., templates) in a graphical user interface. For example, each compliance test has a unique configuration operable for evaluating data associated with Information Technology “IT” resources. In particular, the compliance tests can include policy and/or rule templates for use in creating targeted compliance testing of IT resources. During operation, the compliance manager receives a selection of a compliance test (e.g., from a network administrator). The compliance manager additionally enables modification of a configuration associated with the compliance test. In turn, the compliance manager applies the compliance test (along with any modifications) to the data associated with the IT resources.

Abstract: A network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. Policy definition includes a template of rules, definition of rule severity, and a compliance threshold specifying a number of rules of a severity that render the policy non-compliant. The compliance application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a series of views indicative of a plurality of policies in the set of policies, each of the views indicative of violations attributable to each of the policies. From the displayed view, the application receives a detail selection corresponding to a subset of the displayed violations for detailed report display.

Abstract: In a large network, it can be difficult to pinpoint and track down the causes of rule violations deviating from established policies. Conventional environment monitoring mechanisms do not categorize notifications according to those triggering rule violations, and do not identify related network entities and rules. A rule violation processor allows traversal of notifications according to rule violations, organizing the violation according to severity and recurrence, and identifies related rules and network entities which may be related to the rule violation. The resulting graphical user interface provides efficient, timely traversal and analysis of rule violations across the network to allow quick, efficient identification of the underlying cause or condition of the rule violation.

Abstract: A method for authentication includes, in a first computer (14), receiving from a second computer (16) over a net-work (18) a communication containing an identification token. At the first computer, the identification token is stored only in a memory (30) of an information protection device (20), which is connected to the first computer by a local interface (34).

Abstract: Novel methods for expressing paths contained in queries are provided. The path expressions are composed from tokens selected from the group consisting of object identifiers, attribute identifiers, a relationship operator, and path qualifiers. Path expressions can be more easily created than by creating the path expressions directly in SQL. The path expressions can easily be incorporated into queries for querying data structured according to an object model. Examples of such queries include queries for implementing rules for checking data corresponding to IT infrastructures to see if the IT infrastructure is compliant with policies created for the IT infrastructure.

Abstract: A network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. The application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a summary view indicative of a plurality of policies in the set of policies, the summary view indicative of violations attributable to each of the policies. From the displayed summary view, the application receives a detail selection corresponding to a subset of the displayed violations in the summary view; displays, for the received detail selection, a violation view having a sequence of ranked violation entries corresponding to the detail selection.

Abstract: Compliance rules are created that can be used to help detect violations of compliance policies imposed on an IT infrastructure. Each of one or more compliance rules associated with a respective IT-infrastructure compliance policy is defined by specifying three items: 1) the type of configuration items to which the rule is to be applied, 2) the rule scope that determines which configuration items of the configuration type are to be checked for compliance, and 3) a desired state that each configuration item checked must satisfy in order to be considered in compliance.

Abstract: A compliance manager enables creation of policies and corresponding rules to test compliancy of network resources via evaluation of collected data associated with the network resources. For example, each of one or more rules associated with a respective network compliance policy has a corresponding rule scope definition indicating which portion of collected network resource data to use for verification purposes. Each rule also has a corresponding set of selected compliance conditions. The compliance conditions specify what values the portions of collected resource data as specified by the rule scope definition should be in order to be compliant. During a compliancy check, the compliance manager applies the rule scope definition to the collected data to produce a set of network resource data to be verified. Thereafter, the compliance manager determines compliancy by checking whether the produced set of network resource data matches the corresponding compliance conditions as specified for the rule.