Real-time network malware protection

US 20080282347A1
Filed: 05/10/2007
Published: 11/13/2008
Est. Priority Date: 05/10/2007
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable media comprising computer-executable instructions for managing risk in a network, the computer-executable instructions directed to steps comprising:

obtaining, from a first computing device associated with a first aspect of a target computing device, a first set of information regarding the first aspect of the target computing device and relevant to the target computing device'"'"'s health;

obtaining, from a second computing device associated with a second aspect of the target computing device, a second set of information regarding the second aspect of the target computing device and relevant to the target computing device'"'"'s health;

notifying a first set of subscriber computing devices of the first set of information, wherein at least some of the first set of subscriber computing devices reference a network policy to determine a first response to the first set of information; and

notifying a second set of subscriber computing devices of the second set of information, wherein at least some of the second set of subscriber computing devices reference the network policy to determine a second response to the first set of information, the second response being consistent with the first response.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Network State Database (NSD) can comprise information regarding the network-centric state of one or more computing devices connected to a network. The information contained in the NSD can be passively received by the NSD, or it can be actively obtained by the NSD. Additionally the NSD can comprise either a centralized collection of information, or a distributed collection of information independently maintained and conceptualized as a single entity. The information of the NSD can be used by a Network Risk Management Service (NRMS) to appropriately respond and protect the network. The NRMS can provide relevant information from the NSD to subscribers, which can independently act to protect the network. The NRMS can likewise itself instruct computing devices regarding an appropriate action, or it can itself instruct the performance of such action.

Citations

20 Claims

1. One or more computer-readable media comprising computer-executable instructions for managing risk in a network, the computer-executable instructions directed to steps comprising:
- obtaining, from a first computing device associated with a first aspect of a target computing device, a first set of information regarding the first aspect of the target computing device and relevant to the target computing device'"'"'s health;
  
  obtaining, from a second computing device associated with a second aspect of the target computing device, a second set of information regarding the second aspect of the target computing device and relevant to the target computing device'"'"'s health;
  
  notifying a first set of subscriber computing devices of the first set of information, wherein at least some of the first set of subscriber computing devices reference a network policy to determine a first response to the first set of information; and
  
  notifying a second set of subscriber computing devices of the second set of information, wherein at least some of the second set of subscriber computing devices reference the network policy to determine a second response to the first set of information, the second response being consistent with the first response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-readable media of claim 1, wherein the first response is consistent with removing the target computing device from the network.
  - 3. The computer-readable media of claim 1 comprising further computer-executable instructions for storing into a network state database, and associating with the target computing device, the first set of information and the second set of information.
  - 4. The computer-readable media of claim 1, wherein the obtaining from the first computing device comprises polling the first computing device to determine if the first computing device comprises any new information associated with the first aspect of the target computing device.
  - 5. The computer-readable media of claim 1, wherein the obtaining from the first computing device comprises receiving an asynchronous notification of the first set of information from the first computing device, the asynchronous notification having been triggered by an occurrence of an event associated with the first aspect of the target computing device.
  - 6. The computer-readable media of claim 1 comprising further computer-executable instructions for determining a responsive action with respect to the target computing device based on the first set of information and a double-check of the first set of information with the second set of information.
  - 7. The computer-readable media of claim 6, wherein the responsive action is consistent with removing the target computing device from the network.
  - 8. The computer-readable media of claim 6 comprising further computer-executable instructions for notifying a computing device having mechanisms for implementing the responsive action, of the determined responsive action.
  - 9. The computer-readable media of claim 1, wherein the first computing device is the target computing device.

10. A method for managing risk in a network comprising the steps of:
- obtaining, from a first computing device associated with a first aspect of a target computing device, a first set of information regarding the first aspect of the target computing device and relevant to the target computing device'"'"'s health;
  
  obtaining, from a second computing device associated with a second aspect of the target computing device, a second set of information regarding the second aspect of the target computing device and relevant to the target computing device'"'"'s health; and
  
  determining a responsive action with respect to the target computing device based on at least some of the first set of information and the second set of information.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10 further comprising the steps of notifying a computing device having mechanisms for implementing the responsive action, of the determined responsive action.
  - 12. The method of claim 10 further comprising the steps of storing into a network state database, and associating with the target computing device, the first set of information and the second set of information.
  - 13. The method of claim 10, wherein the obtaining from the first computing device comprises polling the first computing device to determine if the first computing device comprises any new information associated with the first aspect of the target computing device.
  - 14. The method of claim 10 wherein the obtaining from the first computing device comprises receiving an asynchronous notification of the first set of information from the first computing device, the asynchronous notification having been triggered by an occurrence of an event associated with the first aspect of the target computing device.

15. A system comprising a network state database and a network risk management service, the network state database comprising information regarding an aspect of a target computing device, the information being relevant to the target computing device'"'"'s health, and the network risk management service comprising a communication module for receiving and transmitting the information and an analysis module for analyzing the information to determine a responsive action.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the information of the network state database is stored on multiple computing devices connected to the system, with each element of the information being stored on a computing device which initially obtained the element.
  - 17. The system of claim 15, wherein the communication module of the network risk management service notifies a computing device having mechanisms for implementing the responsive action, of the determined responsive action.
  - 18. The system of claim 15, wherein the receiving the information comprises receiving an asynchronous notification from a computing device, the asynchronous notification having been triggered by an occurrence of an event associated with the aspect of the target computing device.
  - 19. The system of claim 15, wherein the transmitting the information comprises notifying a set of subscriber computing devices of the information, wherein at least some of the set of subscriber computing devices reference a network policy associated with the system to determine a response to the information.
  - 20. The system of claim 15, wherein the receiving the information comprises polling a computing device to determine if the computing device comprises any new information associated with the aspect of the target computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bahl, Pradeep, Dadhia, Rajesh

Granted Patent

US 8,256,003 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/101 Access control lists [ACL]

H04L 63/1416 Event detection, e.g. attac...

Real-time network malware protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time network malware protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links