Endpoint enabled for enterprise security assessment sharing

摘要

An enterprise-wide sharing arrangement uses a semantic abstraction, called a security assessment, to share security-related information between security products, called endpoints. A security assessment is defined as a tentative assignment by an endpoint of broader contextual meaning to information that is collected about an object of interest. Endpoints utilize an architecture that comprises a common assessment sharing agent and a common assessment generating agent. The common assessment sharing agent is arranged for subscribing to security assessments, publishing security assessments onto a channel, maintaining an awareness of configuration changes on the channel (e.g., when a new endpoint is added or removed), and implementing security features like authorization, authentication and encryption. A common assessment generating engine handles endpoint behavior associated with a security assessment including assessment generation, cancellation, tracking, and rolling-back actions based on assessments that have expired. The common assessment generating engine generates and transmits messages that indicate which local actions are taken.