HERD BASED SCAN AVOIDANCE SYSTEM IN A NETWORK ENVIRONMENT
First Claim
1. A method comprising:
- generating a signature for an object in a compute node in a network;
searching a memory element for the signature;
responsive to determining the memory element does not contain the signature, scanning the object;
updating the memory element with a scan result; and
synchronizing the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one example embodiment includes generating a signature for an object in a compute node in a network, searching a memory element for the signature, and responsive to determining the memory element does not contain the signature, scanning the object. The method also includes updating the memory element with a scan result, and synchronizing the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. In specific embodiments, the scan result includes the signature of the object and a threat level of the object. In further embodiments, the synchronizing includes sending the scan result to one or more other compute nodes in the network. In more specific embodiments, the scan result is sent with one or more other scan results after a predetermined interval of time from a previous synchronization.
-
Citations
29 Claims
-
1. A method comprising:
-
generating a signature for an object in a compute node in a network; searching a memory element for the signature; responsive to determining the memory element does not contain the signature, scanning the object; updating the memory element with a scan result; and synchronizing the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one machine readable storage medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
-
generate a signature for an object in a compute node in a network; search a memory element for the signature; responsive to determining the memory element does not contain the signature, scan the object; update the memory element with a scan result; and synchronize the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a processor; a scan module executing on the processor, the scan module configured to; generate a signature for an object in a compute node in a network; search a memory element for the signature; responsive to determining the memory element does not contain the signature, scan the object; and update the memory element with a scan result; and a synchronization module executing on the processor, the synchronization module configured to synchronize the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. At least one machine readable storage medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
-
generate a signature for an object in a compute node in a network; search a local memory element for the signature; responsive to determining the local memory element does not contain the signature, send a request to a central server for a threat level associated with the signature; responsive to receiving a response indicating that the signature is not found, scan the object; update the local memory element with a scan result; and send information associated with the scan result to the central server. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification