Network isolation by policy compliance evaluation
First Claim
1. A method comprising:
- calculating, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action;
responsive to determining that the network vulnerability score is below a vulnerability threshold, isolating the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and
after isolating the internal network;
reconfiguring the first node of the internal network;
simulating network traffic on the isolated internal network including the reconfigured first node; and
responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reversing the isolation of the internal network from the outside network.
1 Assignment
0 Petitions
Accused Products
Abstract
An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.
-
Citations
20 Claims
-
1. A method comprising:
-
calculating, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action; responsive to determining that the network vulnerability score is below a vulnerability threshold, isolating the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and after isolating the internal network; reconfiguring the first node of the internal network; simulating network traffic on the isolated internal network including the reconfigured first node; and responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reversing the isolation of the internal network from the outside network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium comprising instructions which when executed by a processor cause the processor to perform the steps of:
-
calculating, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action; responsive to determining that the network vulnerability score is below a vulnerability threshold, isolating the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and after isolating the internal network; reconfiguring the first node of the internal network; simulating network traffic on the isolated internal network including the reconfigured first node; and responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reversing the isolation of the internal network from the outside network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a plurality of internal nodes, each node of the plurality of internal nodes comprising a corresponding node configuration, the plurality of internal nodes connected in an internal network configured to receive network traffic from an outside network; an operator node of the internal network, the operator node configured to; calculate, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action; responsive to determining that the network vulnerability score is below a vulnerability threshold, isolate the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and after isolating the internal network; reconfigure the first node of the internal network; simulate network traffic on the isolated internal network including the reconfigured first node; and responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reverse the isolation of the internal network from the outside network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification