ENTERPRISE SECURITY ASSESSMENT SHARING FOR OFF-PREMISE USERS USING GLOBALLY DISTRIBUTED INFRASTRUCTURE
First Claim
1. An ESAS architecture arranged to support sharing of security assessments pertaining to an off-premise security object, comprising:
- an SCM security assessment channel that is implemented in a POP that is utilized with an SCM service, the SCM security assessment channel being arranged to extend an enterprise network security assessment channel from an IT device network into the POP, the POP including at least a forward proxy server for forwarding traffic from the off-premise security object to a resource server over an Internet connection; and
a plurality of endpoints disposed in the POP, each of the endpoints having a capability to publish and receive security assessments respectively into and from the extended security assessment channel, the security assessment being usable for describing a security incident pertaining to the off-premise security object using a semantic abstraction of security-related information that is available to an endpoint, the semantic abstraction i) being categorized by type, and ii) being utilizable by one or more of the endpoints to trigger a response to the security incident.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and off-premise or roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
-
Citations
20 Claims
-
1. An ESAS architecture arranged to support sharing of security assessments pertaining to an off-premise security object, comprising:
-
an SCM security assessment channel that is implemented in a POP that is utilized with an SCM service, the SCM security assessment channel being arranged to extend an enterprise network security assessment channel from an IT device network into the POP, the POP including at least a forward proxy server for forwarding traffic from the off-premise security object to a resource server over an Internet connection; and a plurality of endpoints disposed in the POP, each of the endpoints having a capability to publish and receive security assessments respectively into and from the extended security assessment channel, the security assessment being usable for describing a security incident pertaining to the off-premise security object using a semantic abstraction of security-related information that is available to an endpoint, the semantic abstraction i) being categorized by type, and ii) being utilizable by one or more of the endpoints to trigger a response to the security incident. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for sharing security-related data about an off-premise object, the method comprising the steps of:
-
generating a security assessment to describe a security incident relating to the off-premise object, the generating being based at least in part on locally-available information at an endpoint, the security assessment being arranged to provide contextual meaning to the security incident and being defined with a time interval over which the security assessment is valid; receiving a current security assessment in accordance with a subscription to a subset of available security assessments generated by other endpoints that are configured to monitor either one or more objects within a premise of an enterprise network or one or more off-premise objects that access resources through an SCM service supported by an infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic to the resource servers over an Internet connection; and performing an action in accordance with a response policy in response to the received security assessment. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method for providing an ESAS service for an off-premise user or IT device, the method comprising the steps of:
-
utilizing an infrastructure that is accessible by the off-premise user over an Internet connection, the infrastructure including a plurality of POPs, each POP in the plurality including i) a forward proxy server for forwarding traffic from the off-premise user or IT device to resource servers that are accessible from the Internet, and ii) one or more endpoints, each endpoint being arranged to provide a security product or security service having applicability to the off-premise user or IT device; providing a security assessment sharing channel in the infrastructure, the security assessment channel being configured for communicating a security assessment using a publish and subscribe model by which a publishing endpoint publishes the security assessment to which a subscribing endpoint subscribes according to a subscription, the security assessment using a pre-defined taxonomy to provide contextual meaning to a security incident involving the off-premise user or IT device; and directing the off-premise user or IT device to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience may be implemented. - View Dependent Claims (19, 20)
-
Specification