System, method and computer program product for applying prioritized security policies with predetermined limitations
First Claim
Patent Images
1. A method executed utilizing a computer including a tangible computer readable medium for prioritized network security, comprising:
- identifying a set of policies, each policy having a condition associated therewith;
determining whether the conditions are met;
determining whether a user confirms activation of the policies; and
activating the policies whose associated conditions are determined to be met if the user confirms the activation;
wherein the conditions are based on a priority of the policy;
wherein a first policy with a higher priority has a first condition associated therewith that is different from a second condition associated with a second policy with a lower priority such that the first policy and second policy are activated under different priority-related conditions;
wherein the activation of the policies includes;
adding the policies to a set of a plurality of active policies, and executing securing actions associated with the active policies if associated limits are met; and
identifying currently executed security actions, determining whether a conflict exists between the currently executed security actions, and resolving any conflicts between the currently executed security actions;
wherein the conditions are based on a time factor, the time factor including at least one of a timeframe, a predetermined time period, and a time limit;
wherein the conditions are based on a source of the policies;
wherein the conditions are based on a severity of security actions associated with the policies.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for prioritized network security. Initially, a set of policies is identified, where each policy has a condition associated therewith. It is then determined whether the conditions are met. Next, the policies are activated whose associated conditions are determined to be met. Such conditions represent a priority of the policy.
-
Citations
21 Claims
-
1. A method executed utilizing a computer including a tangible computer readable medium for prioritized network security, comprising:
-
identifying a set of policies, each policy having a condition associated therewith; determining whether the conditions are met; determining whether a user confirms activation of the policies; and activating the policies whose associated conditions are determined to be met if the user confirms the activation; wherein the conditions are based on a priority of the policy; wherein a first policy with a higher priority has a first condition associated therewith that is different from a second condition associated with a second policy with a lower priority such that the first policy and second policy are activated under different priority-related conditions; wherein the activation of the policies includes; adding the policies to a set of a plurality of active policies, and executing securing actions associated with the active policies if associated limits are met; and identifying currently executed security actions, determining whether a conflict exists between the currently executed security actions, and resolving any conflicts between the currently executed security actions; wherein the conditions are based on a time factor, the time factor including at least one of a timeframe, a predetermined time period, and a time limit; wherein the conditions are based on a source of the policies; wherein the conditions are based on a severity of security actions associated with the policies. - View Dependent Claims (2, 3)
-
-
4. The method as recited in claim 1, and further comprising determining whether the conditions associated with the active policies are still met, and de-activating the active policies if the associated conditions are not met.
-
5. The method as recited in claim 1, wherein the policies include low priority policies that are default policies which do not expire.
-
6. The method as recited in claim 1, wherein the policies include medium priority policies that are valid for the predetermined time period.
-
7. The method as recited in claim 6, wherein the policies include high priority policies that are valid for another predetermined time period that is less than the predetermined time period associated with the medium priority policies.
-
8. The method as recited in claim 1, wherein the identifying the set of policies, the determining whether the conditions are met, and the activating the policies are controlled locally.
-
9. The method as recited in claim 1, wherein the associated conditions of the policies dictate the manner in which the active policies are to be deactivated.
-
10. The method as recited in claim 1, and further comprising determining whether one of the active policies is still active including determining whether the condition associated with the active policy is still met.
-
11. The method as recited in claim 10, and further comprising de-activating the active policy if the associated condition is not met and determining whether the de-activated policy is to be reused or discarded.
-
12. The method as recited in claim 11, wherein an indication of the determination whether the de-activated policy is to be reused or discarded is stored with the associated condition.
-
13. The method as recited in claim 1, wherein the condition are based on the detection of a predetermined amount of files of a certain type.
-
14. The method as recited in claim 1, wherein the conditions are based on whether a virus signature update is current.
-
15. A computer program product embodied on a tangible computer readable medium for prioritized network security, comprising:
-
computer code for identifying a set of policies, each policy having a condition associated therewith; computer code for determining whether the conditions are met; computer code for determining whether a user confirms activation of the policies; and computer code for activating the policies whose associated conditions are determined to be met if the user confirms the activation; wherein the conditions are based on a priority of the policy; wherein a first policy with a higher priority has a first condition associated therewith that is different from a second condition associated with a second policy with a lower priority such that the first policy and second policy are activated under different priority-related conditions; wherein the activation of the policies involves; computer code for adding the policies to a set of a plurality of active policies, and executing security actions associated with the active policies if associated limits are met; and computer code for identifying currently executed security actions, determining whether a conflict exists between the currently executed security actions, and resolving any conflicts between the currently executed security actions; wherein the conditions are based on a time factor, the time factor including at least one of a timeframe, a predetermined time period, and a time limit; wherein the conditions are based on a source of the policies; wherein the conditions are based on a severity of security actions associated with the policies.
-
-
16. The computer program product as recited in claim 15, and further comprising computer code for updating the set of policies.
-
17. The computer program product as recited in claim 16, wherein the updating includes receiving another inactive policy, determining whether the user accepts the inactive policy, and adding the inactive policy to the set if the user accepts the inactive policy.
-
18. The computer program product as recited in claim 15, and further comprising computer code for determining whether the conditions associated with the active policies are still met, and de-activating the active policies if the associated conditions are not met.
-
19. A system including a computer with a tangible computer readable medium for prioritized network security, the medium comprising:
-
logic for identifying a set of policies, each policy having a condition associated therewith; logic for determining whether a user confirms activation of the policies; logic for determining whether the conditions are met if the user confirms the activation; and logic for activating the policies whose associated conditions are determined to be met; wherein the conditions are based on a priority of the policy; wherein a first policy with a higher priority has a first condition associated therewith that is different from a second condition associated with a second policy with a lower priority such that the first policy and second policy are activated under different priority-related conditions; wherein the activation of the policies involves; logic for adding the policies to a set of a plurality of active policies, and executing security actions associated with the active policies if associated limits are met; and logic for identifying currently executed security actions, determining whether a conflict exists between the currently executed security actions, and resolving any conflicts between the currently executed security actions; wherein the conditions are based on a time factor, the time factor including at least one of a timeframe, a predetermined time period, and a time limit; wherein the conditions are based on a source of the policies; wherein the conditions are based on a severity of security actions associated with the policies.
-
-
20. A method executed utilizing a computer including a tangible computer readable medium for prioritized network security, comprising:
-
identifying a set of policies, each policy having a condition associated therewith; determining whether a user confirms activation of the policies; determining whether the conditions are met; and activating the policies whose associated conditions are determined to be met if the user confirms the activation; wherein the conditions are based on an urgency associated with an issue causing the policy to be activated; wherein a first policy with a higher associated urgency has a first condition associated therewith that is different from a second condition associated with a second policy with a lower associated urgency such that the first policy and the second policy are activated under different urgency-related conditions; wherein the activation of the policies includes; adding the policies to a set of a plurality of active policies, and executing security actions associated with the active policies if associated limits are met; and identifying currently executed security actions, determining whether a conflict exists between the currently executed security actions, and resolving any conflicts between the currently executed security actions; wherein the conditions are based on a time factor, the time factor including at least one of a timeframe, a predetermined time period, and a time limit; wherein the conditions are based on a source of the policies; wherein the conditions are based on a severity of security actions associated with the policies.
-
-
21. A method executed utilizing a computer including a tangible computer readable medium for providing network security, comprising:
-
identifying a set of a plurality of inactive policies each including a security action, a condition for activating the policy, and a limit for triggering the security action if the policy is active; updating the set of inactive policies including; receiving another inactive policy, determining whether a user accepts the inactive policy, and adding the inactive policy to the set if the user accepts the inactive policy; determining whether the conditions are met for the inactive policies; determining whether the user confirms the activation of the inactive policies if the associated conditions are met; and activating the inactive policies if the user confirms, the activation including; adding the inactive policies to a set of a plurality of active policies, determining whether the conditions associated with the active policies are still met, de-activating the active policies if the associated conditions are not met, and executing the securing actions associated with the active policies if the associated conditions are met and the limits are met, the execution of the securing actions including; identifying currently executed security actions, determining whether a conflict exists between the currently executed security actions, and resolving any conflicts between the currently executed security actions; wherein the conditions are based on a time factor, the time factor including at least one of a timeframe, a predetermined time period, and a time limit; wherein the conditions are based on a source of the policies; wherein the conditions are based on a severity of security actions associated with the policies.
-
Specification