US 12,206,712 B2
Method for characterizing security technology deployment telemetry across a computer network
Jeffrey J. Guy, Austin, TX (US); Dean Mekkawy, Austin, TX (US); Jeremiah Clark, Austin, TX (US); Nevins Bartolomeo, Austin, TX (US); and Luis Diego Cabezas, Austin, TX (US)
Assigned to Sevco Security, Inc., Austin, TX (US)
Filed by Sevco Security, Inc., Austin, TX (US)
Filed on Apr. 12, 2023, as Appl. No. 18/133,992.
Application 18/133,992 is a continuation of application No. 17/861,007, filed on Jul. 8, 2022, granted, now 11,659,008.
Application 17/861,007 is a continuation in part of application No. 17/720,163, filed on Apr. 13, 2022, granted, now 11,647,027.
Claims priority of provisional application 63/281,980, filed on Nov. 22, 2021.
Claims priority of provisional application 63/219,530, filed on Jul. 8, 2021.
Claims priority of provisional application 63/174,485, filed on Apr. 13, 2021.
Prior Publication US 2023/0328108 A1, Oct. 12, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/0876 (2013.01); H04L 63/104 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
populating a device record with a first set of characteristics representing a first endpoint device in a set of endpoint devices, the first set of characteristics:
generated by a set of security technologies during a first time interval; and
representing:
detection of the first endpoint device by a first security technology in a set of security technologies during the first time interval; and
detection of the first endpoint device by a second security technology in the set of security technologies during the first time interval;
populating the device record with a second set of characteristics representing the first endpoint device, the second set of characteristics:
generated by the set of security technologies; and
representing detection of the first endpoint device by the first security technology during a second time interval;
in response to absence of detection of the first endpoint device by the second security technology during the second time interval, generating a first source remove event specifying removal of the second security technology from the first endpoint device; and
in response to a third set of characteristics identifying the first endpoint device, labeling the first endpoint device as active in an endpoint device inventory list associated with a computer network during a third time interval.