HOST INTRUSION PREVENTION SERVER
First Claim
1. A method of intrusion protection of a plurality of hosts, the method implemented by a deep-security device communicatively coupled to a central server, said deep security device having at least one processor and at least one memory device, the method comprising:
- storing a set of intrusion patterns;
storing a set of data filters, each data filter developed to combat at least one of said intrusion patterns;
encoding a set of descriptors for characterizing said plurality of hosts;
devising a set of encoded rules for selectively assigning said data filters to said plurality of hosts according to said descriptors;
identifying a subset of said encoded rules applicable to a selected host according to characterizing information received from said selected host; and
determining a time table for applying said subset of said encoded rules to said selected host.
3 Assignments
0 Petitions
Accused Products
Abstract
An intrusion-prevention server supporting a set of hosts comprises data filters and an engine which uses a set of encoded rules for assigning data filters to hosts according to metadata characterizing the hosts. Each data filter corresponds to at least one intrusion pattern from among a set of intrusion patterns and the data filters are continuously updated as intrusion patterns change. Metadata acquired from a host varies with a changing state of the host. Acquisition of metadata from each host is streamlined to reduce communications between the server and the hosts and to minimize processing effort for both the server and the hosts.
40 Citations
5 Claims
-
1. A method of intrusion protection of a plurality of hosts, the method implemented by a deep-security device communicatively coupled to a central server, said deep security device having at least one processor and at least one memory device, the method comprising:
-
storing a set of intrusion patterns; storing a set of data filters, each data filter developed to combat at least one of said intrusion patterns; encoding a set of descriptors for characterizing said plurality of hosts; devising a set of encoded rules for selectively assigning said data filters to said plurality of hosts according to said descriptors; identifying a subset of said encoded rules applicable to a selected host according to characterizing information received from said selected host; and determining a time table for applying said subset of said encoded rules to said selected host. - View Dependent Claims (2, 3, 4, 5)
-
Specification