Distributed traffic scanning through data stream security tagging
First Claim
Patent Images
1. A method for data security scanning in a network, comprising:
- acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic; and
determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic.
7 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for providing data security scanning in a network. A network device ascertains, based on a network'"'"'s security policy, security technologies that are should or must be applied to the network traffic. The network device applies the not yet applied security technologies, based on a determination that the not yet applied security technologies are available to the network device. Next, the network device tags the network traffic with a security marker indicating the not yet applied security technologies as applied to reflect the security technologies applied to the network traffic.
28 Citations
84 Claims
-
1. A method for data security scanning in a network, comprising:
-
acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic; and
determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for data security scanning in a network, comprising:
-
means for acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
means for ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic; and
means for determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for data security scanning in a network, comprising:
-
a first network device for acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
a second network device for ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic; and
a third network device for determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A system for data security scanning in a network, comprising:
-
a processor; and
a memory, wherein the processor and the memory are configured to perform a method comprising;
acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic; and
determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A computer-readable medium containing instructions for performing a method for data security scanning in a network, the method comprising:
-
acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic; and
determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39)
-
-
40. A method for data security scanning in a network, comprising:
-
acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic;
determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic; and
determining whether the mandatory security technologies that have not been applied to the network traffic are available to the destination network device. - View Dependent Claims (41, 42)
-
-
43. A system for data security scanning in a network, comprising:
-
means for acquiring a security policy of a network for network traffic being transmitted from outside the network to a destination network device;
means for ascertaining, based on the security policy, mandatory security technologies required to be applied to the network traffic;
means for determining, based on a security marker associated with the network traffic, mandatory security technologies that are not yet applied to the network traffic; and
means for determining whether the mandatory security technologies that have not been applied to the network traffic are available to the destination network device. - View Dependent Claims (44, 45)
-
-
46. A method for data security scanning in a network, comprising:
-
receiving a request from a destination network device for network traffic from outside a network;
acquiring a security policy of the network for network traffic being transmitted from outside the network to the destination network device;
ascertaining, based on the security policy, mandatory security technologies that are required to be applied to the network traffic; and
sending a query to at least one network device located on an intended path of the network traffic to the destination network device, the query soliciting an assistance offer from the at least one network device for assistance in applying the mandatory security technologies. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A system for data security scanning in a network, comprising:
-
means for receiving a request from a destination network device for network traffic from outside a network;
means for acquiring a security policy of the network for network traffic being transmitted from outside the network to the destination network device;
means for ascertaining, based on the security policy, mandatory security technologies that are required to be applied to the network traffic; and
means for sending a query to at least one network device located on an intended path of the network traffic to the destination network device, the query soliciting an assistance offer from the at least one network device for assistance in applying the mandatory security technologies. - View Dependent Claims (57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A system for data security scanning in a network, comprising:
-
a processor; and
a memory, wherein the processor and the memory are configured to perform a method comprising;
receiving a request from a destination network device for network traffic from outside a network;
acquiring a security policy of the network for network traffic being transmitted from outside the network to the destination network device;
ascertaining, based on the security policy, mandatory security technologies that are required to be applied to the network traffic; and
sending a query to at least one network device located on an intended path of the network traffic to the destination network device, the query soliciting an assistance offer from the at least one network device for assistance in applying the mandatory security technologies. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73, 74)
-
-
75. A computer-readable medium containing instructions for performing a method for data security scanning in a network, the method comprising:
-
receiving a request from a destination network device for network traffic from outside a network;
acquiring a security policy of the network for network traffic being transmitted from outside the network to the destination network device;
ascertaining, based on the security policy, mandatory security technologies that are required to be applied to the network traffic; and
sending a query to at least one network device located on an intended path of the network traffic to the destination network device, the query soliciting an assistance offer from the at least one network device for assistance in applying the mandatory security technologies. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83, 84)
-
Specification