Systems and methods for preventing internal network attacks
First Claim
1. A computer-implemented method for preventing internal network attacks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a subnet of a network, the subnet comprising at least an endpoint host system and an additional endpoint host system;
detecting an intrusion on the endpoint host system, the intrusion on the endpoint host system having bypassed a security feature implemented on a gateway for obstructing attacks across the gateway on systems within the subnet from outside the subnet and thus having breached the network into the subnet and thus being capable of facilitating an internal network attack via the endpoint host system on another endpoint system within the subnet;
implementing a security measure on the additional endpoint host system to prevent the internal network attack based at least in part on detecting the intrusion that breached the network into the subnet and at least in part on the endpoint host system and additional endpoint host system being within the subnet,wherein the security measure comprises a firewall restriction that is implemented on the additional endpoint host system and that regulates network traffic within the subnet between the endpoint host system and the additional endpoint host system, the firewall restriction is implemented by an agent on the additional endpoint host system, thereby employing resources of the additional endpoint host system to prevent the internal network attack beyond resources provided by the endpoint host system and the gateway, andwherein implementing the security measure comprises increasing an aggressiveness of a malware detection policy on the additional endpoint host system and performing a scan for malware on the additional endpoint host system based on the malware detection policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for preventing internal network attacks may include 1) identifying a host system that is within a subnet of a network, 2) detecting an intrusion on the host system, the intrusion on the host system being capable of facilitating an attack via the host system on at least one additional system of the network, 3) identifying at least one additional host system within the subnet of the network, and 4) implementing a security measure on the additional host system to prevent the attack based at least in part on detecting the intrusion and at least in part on the host system and additional host system being within the subnet. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for preventing internal network attacks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a subnet of a network, the subnet comprising at least an endpoint host system and an additional endpoint host system; detecting an intrusion on the endpoint host system, the intrusion on the endpoint host system having bypassed a security feature implemented on a gateway for obstructing attacks across the gateway on systems within the subnet from outside the subnet and thus having breached the network into the subnet and thus being capable of facilitating an internal network attack via the endpoint host system on another endpoint system within the subnet; implementing a security measure on the additional endpoint host system to prevent the internal network attack based at least in part on detecting the intrusion that breached the network into the subnet and at least in part on the endpoint host system and additional endpoint host system being within the subnet, wherein the security measure comprises a firewall restriction that is implemented on the additional endpoint host system and that regulates network traffic within the subnet between the endpoint host system and the additional endpoint host system, the firewall restriction is implemented by an agent on the additional endpoint host system, thereby employing resources of the additional endpoint host system to prevent the internal network attack beyond resources provided by the endpoint host system and the gateway, and wherein implementing the security measure comprises increasing an aggressiveness of a malware detection policy on the additional endpoint host system and performing a scan for malware on the additional endpoint host system based on the malware detection policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for preventing internal network attacks, the system comprising:
-
an identification module programmed to identify a subnet of a network, the subnet comprising at least an endpoint host system and an additional endpoint host system; a detection module programmed to detect an intrusion on the endpoint host system, the intrusion on the endpoint host system having bypassed a security feature implemented on a gateway for obstructing attacks across the gateway on systems within the subnet from outside the subnet and thus having breached the network into the subnet and thus being capable of facilitating an internal network attack via the endpoint host system on another endpoint system within the subnet; an implementation module programmed to implement a security measure on the additional endpoint host system to prevent the internal network attack based at least in part on detecting the intrusion that breached the network into the subnet and at least in part on the endpoint host system and additional endpoint host system being within the subnet, wherein the security measure comprises a firewall restriction that is implemented on the additional endpoint host system and that regulates network traffic within the subnet between the endpoint host system and the additional endpoint host system, the firewall restriction is implemented by an agent on the additional endpoint host system, thereby employing resources of the additional endpoint host system to prevent the internal network attack beyond resources provided by the endpoint host system and the gateway, and implementing the security measure comprises increasing an aggressiveness of a malware detection policy on the additional endpoint host system and performing a scan for malware on the additional endpoint host system based on the malware detection policy; at least one processor configured to execute the identification module, the detection module, and the implementation module. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a subnet of a network, the subnet comprising at least an endpoint host system and an additional endpoint host system; detect an intrusion on the endpoint host system, the intrusion on the endpoint host system having bypassed a security feature implemented on a gateway for obstructing attacks across the gateway on systems within the subnet from outside the subnet and thus having breached the network into the subnet and thus being capable of facilitating an internal network attack via the endpoint host system on another endpoint system within the subnet; implement a security measure on the additional endpoint host system to prevent the internal network attack based at least in part on detecting the intrusion that breached the network into the subnet and at least in part on the endpoint host system and additional endpoint host system being within the subnet, wherein the security measure comprises a firewall restriction that regulates network traffic within the subnet between the endpoint host system and the additional endpoint host system, the firewall restriction is implemented by an agent on the additional endpoint host system, thereby employing resources of the additional endpoint host system to prevent the internal network attack beyond resources provided by the endpoint host system and the gateway, and wherein implementing the security measure comprises increasing an aggressiveness of a malware detection policy on the additional endpoint host system and performing a scan for malware on the additional endpoint host system based on the malware detection policy. - View Dependent Claims (19, 20)
-
Specification