SUSPENDING COMMUNICATION TO/FROM NON-COMPLIANT SERVERS THROUGH A FIREWALL

US 20200137114A1
Filed: 10/30/2018
Published: 04/30/2020
Est. Priority Date: 10/30/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

establishing a secure collection of compliance rules for security compliance, the establishing comprising;

accessing electronic security risk information identifying and describing security risks of software packages;

assigning a respective risk level to each of the identified security risks; and

building and storing the secure collection of compliance rules, wherein at least some of the compliance rules indicate the software packages and assigned risk levels of the identified security risks;

ascertaining, for each server of one or more servers of an environment, a respective one or more software packages installed on the server;

building a secure server and acceptable risk listing, the secure server and acceptable risk listing indicating each of the one or more servers of the environment and the respective one or more software packages installed on each server of the one or more servers;

assigning, based on a comparison of the compliance rules against the secure server and acceptable risk listing, risk ratings for the one or more servers;

securely storing the assigned risk ratings;

comparing, for a first server in communication with a second server, the second server being a server of the one or more servers, the assigned risk rating for the second server to an acceptable risk level indicated for the first server, the acceptable risk level being a level of risk the first server is configured to accept in communicating with the second server through a firewall; and

based on determining that the assigned risk rating for the second server exceeds the acceptable risk level, performing a rules modification to the firewall to enforce the compliance rules, the rules modification disabling communication between the first server and the second server through the firewall.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Suspending communication to/from non-compliant servers through a firewall includes establishing a secure collection of compliance rules for security compliance, ascertaining, for each server of server(s) of an environment, respective software package(s) installed on the server, building a secure server and acceptable risk listing that indicates each of the server(s) and the software package(s) installed on each server, assigning and securely storing risk ratings for the server(s), comparing the assigned risk rating for a second server to an acceptable risk level indicated for a first server, and based on determining that the assigned risk rating for the second server exceeds the acceptable risk level, performing a rules modification to the firewall to enforce the compliance rules. The rules modification disables communication between the first server and the second server through the firewall.

Citations

20 Claims

1. A computer-implemented method comprising:
- establishing a secure collection of compliance rules for security compliance, the establishing comprising;
  
  accessing electronic security risk information identifying and describing security risks of software packages;
  
  assigning a respective risk level to each of the identified security risks; and
  
  building and storing the secure collection of compliance rules, wherein at least some of the compliance rules indicate the software packages and assigned risk levels of the identified security risks;
  
  ascertaining, for each server of one or more servers of an environment, a respective one or more software packages installed on the server;
  
  building a secure server and acceptable risk listing, the secure server and acceptable risk listing indicating each of the one or more servers of the environment and the respective one or more software packages installed on each server of the one or more servers;
  
  assigning, based on a comparison of the compliance rules against the secure server and acceptable risk listing, risk ratings for the one or more servers;
  
  securely storing the assigned risk ratings;
  
  comparing, for a first server in communication with a second server, the second server being a server of the one or more servers, the assigned risk rating for the second server to an acceptable risk level indicated for the first server, the acceptable risk level being a level of risk the first server is configured to accept in communicating with the second server through a firewall; and
  
  based on determining that the assigned risk rating for the second server exceeds the acceptable risk level, performing a rules modification to the firewall to enforce the compliance rules, the rules modification disabling communication between the first server and the second server through the firewall.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the secure server and acceptable risk listing comprises a distributed blockchain.
  - 3. The method of claim 2, wherein the assigned risk ratings are stored as part of the distributed blockchain.
  - 4. The method of claim 1, wherein the rules modification comprises suspending one or more firewall rules of the firewall.
  - 5. The method of claim 4, further comprising reinstating the one or more firewall rules based on a change to the assigned risk rating for the second server.
  - 6. The method of claim 1, wherein the assigning a risk level to an identified security risk comprises applying a trained classifier model to extracted natural language features from the accessed electronic security risk information, the applying classifying the identified security risk and assigning the risk level based on the classification.
  - 7. The method of claim 6, wherein the risk level is quantified based at least in part on frequency of reports of the security risk and sources of those reports.
  - 8. The method of claim 1, wherein the accessed electronic security risk information comprises security risk information from product vendor websites and security-related weblogs.
  - 9. The method of claim 1, wherein one or more of the compliance rules of the secure collection of compliance rules includes enterprise standards for the environment set by an enterprise in control of the environment, and wherein an assigned risk rating of a server of the one or more servers is further based on whether the server is in compliance with the enterprise standards for the environment.
  - 10. The method of claim 1, wherein the rules modification disables communication, between the first server and the second sever, that is associated with a software package, installed on the second server, for which an identified security risk is identified, wherein other communication, between the first server and the second server, not associated with the software package remains enabled.

11. A computer system comprising:
- a memory; and
  
  a processor in communication with the memory, wherein the computer system is configured to perform a method comprising;
  
  establishing a secure collection of compliance rules for security compliance, the establishing comprising;
  
  accessing electronic security risk information identifying and describing security risks of software packages;
  
  assigning a respective risk level to each of the identified security risks; and
  
  building and storing the secure collection of compliance rules, wherein at least some of the compliance rules indicate the software packages and assigned risk levels of the identified security risks;
  
  ascertaining, for each server of one or more servers of an environment, a respective one or more software packages installed on the server;
  
  building a secure server and acceptable risk listing, the secure server and acceptable risk listing indicating each of the one or more servers of the environment and the respective one or more software packages installed on each server of the one or more servers;
  
  assigning, based on a comparison of the compliance rules against the secure server and acceptable risk listing, risk ratings for the one or more servers;
  
  securely storing the assigned risk ratings;
  
  comparing, for a first server in communication with a second server, the second server being a server of the one or more servers, the assigned risk rating for the second server to an acceptable risk level indicated for the first server, the acceptable risk level being a level of risk the first server is configured to accept in communicating with the second server through a firewall; and
  
  based on determining that the assigned risk rating for the second server exceeds the acceptable risk level, performing a rules modification to the firewall to enforce the compliance rules, the rules modification disabling communication between the first server and the second server through the firewall.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer system of claim 11, wherein the secure server and acceptable risk listing comprises a distributed blockchain.
  - 13. The computer system of claim 11, wherein the rules modification comprises suspending one or more firewall rules of the firewall.
  - 14. The computer system of claim 11, wherein the assigning a risk level to an identified security risk comprises applying a trained classifier model to extracted natural language features from the accessed electronic security risk information, the applying classifying the identified security risk and assigning the risk level based on the classification.
  - 15. The computer system of claim 11, wherein one or more of the compliance rules of the secure collection of compliance rules includes enterprise standards for the environment set by an enterprise in control of the environment, and wherein an assigned risk rating of a server of the one or more servers is further based on whether the server is in compliance with the enterprise standards for the environment.
  - 16. The computer system of claim 11, wherein the rules modification disables communication, between the first server and the second sever, that is associated with a software package, installed on the second server, for which an identified security risk is identified, wherein other communication, between the first server and the second server, not associated with the software package remains enabled.

17. A computer program product comprising:
- a computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method comprising;
  
  establishing a secure collection of compliance rules for security compliance, the establishing comprising;
  
  accessing electronic security risk information identifying and describing security risks of software packages;
  
  assigning a respective risk level to each of the identified security risks; and
  
  building and storing the secure collection of compliance rules, wherein at least some of the compliance rules indicate the software packages and assigned risk levels of the identified security risks;
  
  ascertaining, for each server of one or more servers of an environment, a respective one or more software packages installed on the server;
  
  building a secure server and acceptable risk listing, the secure server and acceptable risk listing indicating each of the one or more servers of the environment and the respective one or more software packages installed on each server of the one or more servers;
  
  assigning, based on a comparison of the compliance rules against the secure server and acceptable risk listing, risk ratings for the one or more servers;
  
  securely storing the assigned risk ratings;
  
  comparing, for a first server in communication with a second server, the second server being a server of the one or more servers, the assigned risk rating for the second server to an acceptable risk level indicated for the first server, the acceptable risk level being a level of risk the first server is configured to accept in communicating with the second server through a firewall; and
  
  based on determining that the assigned risk rating for the second server exceeds the acceptable risk level, performing a rules modification to the firewall to enforce the compliance rules, the rules modification disabling communication between the first server and the second server through the firewall.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein the secure server and acceptable risk listing comprises a distributed blockchain.
  - 19. The computer program product of claim 17, wherein the rules modification comprises suspending one or more firewall rules of the firewall.
  - 20. The computer program product of claim 17, wherein the rules modification disables communication, between the first server and the second sever, that is associated with a software package, installed on the second server, for which an identified security risk is identified, wherein other communication, between the first server and the second server, not associated with the software package remains enabled.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
BENDER, Michael, CHILDRESS, Rhonda L., PALMER, Todd R., PINHEIRO E MOTA, Helio L.

Granted Patent

US 11,165,827 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 63/0263   Rule management

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/50   using hash chains, e.g. blo...

SUSPENDING COMMUNICATION TO/FROM NON-COMPLIANT SERVERS THROUGH A FIREWALL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SUSPENDING COMMUNICATION TO/FROM NON-COMPLIANT SERVERS THROUGH A FIREWALL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links