| CPC G06F 21/55 (2013.01) [G06F 8/65 (2013.01); G06F 21/62 (2013.01); H04L 63/101 (2013.01); H04L 63/104 (2013.01); H04L 63/14 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01); H04L 63/20 (2013.01); H04W 12/12 (2013.01); H04W 12/126 (2021.01); H04W 12/128 (2021.01); G06F 2221/034 (2013.01); G06F 2221/2141 (2013.01)] | 16 Claims |
|
1. A method of context-based privilege mitigation, the method comprising:
detecting a login event of a user of a computing device;
receiving, by the computing device from a management server, a risk assessment rule that includes risk criteria and a plurality of privilege mitigation measures associated with the risk criteria, the risk assessment rule being communicated from the management server in response to the detection of the login event at the computing device, and the risk assessment rule indicates that a software application is vulnerable to an exploit;
evaluating, by an agent on the computing device, information on the computing device that is relevant to the risk criteria;
determining that the user has elevated privileges on the computing device;
detecting, by the computing device, a vulnerable software application to which the user has access, the vulnerable software application being flagged by the risk assessment rule;
identifying, by the computing device, a particular privilege mitigation measure of the plurality of privilege mitigation measures, wherein the particular privilege mitigation measure is mapped to the detected vulnerable software application; and
applying, by the computing device, the particular privilege mitigation measure on the computing device, the particular privilege mitigation measure including an action that reduces a user privilege level of the user and prevents software from being used on the computing device by the user until a desired update to the vulnerable software application has been installed.
|