Centralized timed analysis in a network security system
First Claim
1. A method for use with a server and a group of associated hosts, comprising:
- storing in the server meta-information states relating to files seen on the hosts, the meta-information including a signature of the content of the files;
storing for each signature, an initial time;
at defined periods related to the initial time, performing at least one security analysis of the file, or analysis of the signature of the file contents; and
altering the file state and providing information related to the altered state to the hosts
3 Assignments
0 Petitions
Accused Products
Abstract
A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and social engineering attacks. The system can implement centralized policies that allow an administrator to approve, block, quarantine, or log file activities. The system stores meta-information for files relating to security and at defined times after a file or a file hash is first received, performs security related analyses from a central server. Analysis results are stored on the server, and the server can automatically change file meta-information. Changes in file meta-information are provided to hosts.
-
Citations
48 Claims
-
1. A method for use with a server and a group of associated hosts, comprising:
-
storing in the server meta-information states relating to files seen on the hosts, the meta-information including a signature of the content of the files;
storing for each signature, an initial time;
at defined periods related to the initial time, performing at least one security analysis of the file, or analysis of the signature of the file contents; and
altering the file state and providing information related to the altered state to the hosts - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A computer system comprising:
-
a server including a memory for storing security-related meta-information relating to files seen on hosts associated with the server, including for each file, a state indicating whether and with what conditions certain file operations can be performed on the file by the hosts;
the server, at defined periods, causing at least one security analysis of the files, the defined periods based on the initial times when the files or signatures of the files have been received by the hosts and/or the server; and
in response to at least some analyses, altering the state and providing information related to the altered state to the hosts. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification