Network isolation by policy compliance evaluation

US 10,440,045 B2
Filed: 10/02/2018
Issued: 10/08/2019
Est. Priority Date: 09/21/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

calculating, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action;

responsive to determining that the network vulnerability score is below a vulnerability threshold, isolating the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and

after isolating the internal network;

reconfiguring the first node of the internal network;

simulating network traffic on the isolated internal network including the reconfigured first node; and

responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reversing the isolation of the internal network from the outside network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Citations

20 Claims

1. A method comprising:
- calculating, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action;
  
  responsive to determining that the network vulnerability score is below a vulnerability threshold, isolating the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and
  
  after isolating the internal network;
  
  reconfiguring the first node of the internal network;
  
  simulating network traffic on the isolated internal network including the reconfigured first node; and
  
  responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reversing the isolation of the internal network from the outside network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein simulating the network traffic comprises simulating network traffic previously received by the internal network.
  - 3. The method of claim 2, wherein the previously received network traffic comprises network traffic received in a time interval immediately preceding the isolation of the internal network.
  - 4. The method of claim 3, wherein the network vulnerability score is further computed based on the previously received network traffic.
  - 5. The method of claim 1, wherein the first node is reconfigured based on the network vulnerability score.
  - 6. The method of claim 5, wherein reconfiguring the first node comprises implementing one or more reconfiguration policies on the first node.
  - 7. The method of claim 1, further comprising logging network traffic associated with the first node.

8. A non-transitory computer readable storage medium comprising instructions which when executed by a processor cause the processor to perform the steps of:
- calculating, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action;
  
  responsive to determining that the network vulnerability score is below a vulnerability threshold, isolating the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and
  
  after isolating the internal network;
  
  reconfiguring the first node of the internal network;
  
  simulating network traffic on the isolated internal network including the reconfigured first node; and
  
  responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reversing the isolation of the internal network from the outside network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable storage medium of claim 8, wherein simulating the network traffic comprises simulating network traffic previously received by the internal network.
  - 10. The non-transitory computer readable storage medium of claim 9, wherein the previously received network traffic comprises network traffic received in a time interval immediately preceding the isolation of the internal network.
  - 11. The non-transitory computer readable storage medium of claim 10, wherein the network vulnerability score is further computed based on the previously received network traffic.
  - 12. The non-transitory computer readable storage medium of claim 8, wherein the first node is reconfigured based on the network vulnerability score.
  - 13. The non-transitory computer readable storage medium of claim 12, wherein reconfiguring the first node comprises implementing one or more reconfiguration policies on the first node.
  - 14. The non-transitory computer readable storage medium of claim 8, further comprising logging network traffic associated with the first node.

15. A system comprising:
- a plurality of internal nodes, each node of the plurality of internal nodes comprising a corresponding node configuration, the plurality of internal nodes connected in an internal network configured to receive network traffic from an outside network;
  
  an operator node of the internal network, the operator node configured to;
  
  calculate, in real-time and based on received network traffic and an analysis of a node configuration of a node within an internal network, a network vulnerability score, the network vulnerability score measuring a vulnerability of the internal network to malicious action;
  
  responsive to determining that the network vulnerability score is below a vulnerability threshold, isolate the internal network from an outside network by instructing a DNS server of the internal network to prevent resolution of DNS requests from the outside network; and
  
  after isolating the internal network;
  
  reconfigure the first node of the internal network;
  
  simulate network traffic on the isolated internal network including the reconfigured first node; and
  
  responsive to the simulated network traffic producing a simulated network vulnerability score greater than the vulnerability threshold, reverse the isolation of the internal network from the outside network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein simulating the network traffic comprises simulating network traffic previously received by the internal network.
  - 17. The system of claim 16, wherein the previously received network traffic comprises network traffic received in a time interval immediately preceding the isolation of the internal network.
  - 18. The system of claim 17, wherein the network vulnerability score is further computed based on the previously received network traffic.
  - 19. The system of claim 15, wherein the first node is reconfigured based on the network vulnerability score.
  - 20. The system of claim 19, wherein reconfiguring the first node comprises implementing one or more reconfiguration policies on the first node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
UpGuard Inc.
Original Assignee
UpGuard Inc.
Inventors
Baukes, Michael Franz, Sharp-Paul, Alan James
Primary Examiner(s)
Turchen, James R

Application Number

US16/149,144
Publication Number

US 20190044970A1
Time in Patent Office

371 Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Network isolation by policy compliance evaluation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network isolation by policy compliance evaluation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links