AUTOMATICALLY DISTRIBUTED NETWORK PROTECTION
First Claim
1. A method performed at a network security gateway for providing automatically distributed network protection for a client, the method comprising the steps of:
- receiving an enumeration of security capabilities of the client and status of the client'"'"'s compliance with one or more policies relating to client health or governance,adjusting an allocation of security-related processing between the network security gateway and the client responsively to the enumeration of security capabilities compliance at the client; and
logging a level of resources consumed by the network security gateway when performing security-related processes on behalf of the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A network protection solution is provided by which security capabilities of a client machine are communicated to a network security gateway so that a variety of processes can be automatically and dynamically distributed between the gateway and the client machine in a way that achieves a target level of security for the client while consuming the least possible amount of resources on the gateway. For example, for a client that is compliant with specified health and/or corporate governance policies and which is known to have A/V capabilities that are deployed and operational, the network security gateway will not need to perform additional A/V scanning on incoming network traffic to the client which can thus save resources at the gateway and lower operating costs.
-
Citations
20 Claims
-
1. A method performed at a network security gateway for providing automatically distributed network protection for a client, the method comprising the steps of:
-
receiving an enumeration of security capabilities of the client and status of the client'"'"'s compliance with one or more policies relating to client health or governance, adjusting an allocation of security-related processing between the network security gateway and the client responsively to the enumeration of security capabilities compliance at the client; and logging a level of resources consumed by the network security gateway when performing security-related processes on behalf of the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable medium containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for implementing network protection at a client, the method comprising the steps of:
-
sending to a gateway information pertaining to compliance of the client with one or more policies pertaining to client health or corporate governance and a list of security capabilities that may be rendered locally by the client; receiving instructions from the gateway in response to the information or the list, the instructions being arranged to automatically distribute security-related processing of network traffic between the client and the gateway; and performing security-related processing locally at the client in response to the received instructions. - View Dependent Claims (13, 14)
-
-
15. An automated method for providing a network protection service to a remote client from a cloud-based gateway, the method comprising the steps of:
-
receiving information from the client, the information comprising status of compliance with applicable health or governance policies and capabilities of the client to perform security-related processing; distributing security-related processing of traffic on a network between the client and the gateway responsively to the received information from the client; and imposing a penalty for consumption of resources attendant to security-related processing performed at the gateway on behalf of the client. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification