AUTOMATICALLY DISTRIBUTED NETWORK PROTECTION

US 20100011432A1
Filed: 11/24/2008
Published: 01/14/2010
Est. Priority Date: 07/08/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method performed at a network security gateway for providing automatically distributed network protection for a client, the method comprising the steps of:

receiving an enumeration of security capabilities of the client and status of the client'"'"'s compliance with one or more policies relating to client health or governance,adjusting an allocation of security-related processing between the network security gateway and the client responsively to the enumeration of security capabilities compliance at the client; and

logging a level of resources consumed by the network security gateway when performing security-related processes on behalf of the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs.

Citations

20 Claims

1. A method performed at a network security gateway for providing automatically distributed network protection for a client, the method comprising the steps of:
- receiving an enumeration of security capabilities of the client and status of the client'"'"'s compliance with one or more policies relating to client health or governance,adjusting an allocation of security-related processing between the network security gateway and the client responsively to the enumeration of security capabilities compliance at the client; and
  
  logging a level of resources consumed by the network security gateway when performing security-related processes on behalf of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 including a further step of generating billing applicable to the client using the logged level of resources.
  - 3. The method of claim 1 in which the client is a computing device in an enterprise network, the computing device being one of PC, workstation, or server.
  - 4. The method of claim 1 in which the network security gateway is configured to provide at least one of content inspection, anti-virus scanning, malware blocking, information leakage prevention, firewall services, or security policy enforcement.
  - 5. The method of claim 1 in which the allocating comprises offloading security-related processes from the network security gateway to the client.
  - 6. The method of claim 1 including a further step of periodically rechecking the client'"'"'s compliance status.
  - 7. The method of claim 5 including a further step of terminating the offloading when the client becomes non-compliant.
  - 8. The method of claim 1 in which the enumeration of security capabilities and compliance status is received over one of NAP interface, network channel, or ESAS security assessment.
  - 9. The method of claim 1 including a further step of performing AAA services.
  - 10. The method of claim 1 including a further step of performing load-balancing of the security-related processing to one or more additional gateways.
  - 11. The method of claim 1 as performed by a network security gateway that is configured to support a cloud service.

12. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for implementing network protection at a client, the method comprising the steps of:
- sending to a gateway information pertaining to compliance of the client with one or more policies pertaining to client health or corporate governance and a list of security capabilities that may be rendered locally by the client;
  
  receiving instructions from the gateway in response to the information or the list, the instructions being arranged to automatically distribute security-related processing of network traffic between the client and the gateway; and
  
  performing security-related processing locally at the client in response to the received instructions.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12 including a further step of periodically sending compliance status updates to the gateway.
  - 14. The method of claim 12 in which the local security-related processing includes at least one of URL filtering or A/V inspection.

15. An automated method for providing a network protection service to a remote client from a cloud-based gateway, the method comprising the steps of:
- receiving information from the client, the information comprising status of compliance with applicable health or governance policies and capabilities of the client to perform security-related processing;
  
  distributing security-related processing of traffic on a network between the client and the gateway responsively to the received information from the client; and
  
  imposing a penalty for consumption of resources attendant to security-related processing performed at the gateway on behalf of the client.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The automated method of claim 15 in which the penalty is financial so as to motivate a higher level of security-related processing at the client.
  - 17. The automated method of claim 15 in which at least a portion of the network comprises the Internet.
  - 18. The automated method of claim 15 in which the client comprises a PC or workstation.
  - 19. The automated method of claim 15 in which the client comprises a downstream gateway.
  - 20. The automated method of claim 15 in which the security-related processing comprises at least one of content inspection, anti-virus scanning, malware blocking, information leakage prevention, firewall services, or security policy enforcement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Nice, Nir, Cross, David B., Edery, Yigal

Application Number

US12/277,089
Publication Number

US 20100011432A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06Q 10/06375   Prediction of business proc...

G06Q 30/04   Billing or invoicing

H04L 63/102   Entity profiles

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/1475   Passive attacks, e.g. eaves...

H04L 63/205   involving negotiation or de...

AUTOMATICALLY DISTRIBUTED NETWORK PROTECTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATICALLY DISTRIBUTED NETWORK PROTECTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links