Stateful distributed event processing and adaptive security
First Claim
1. A method of maintaining a networked computer System including first and second nodes and an event processing server, comprising:
- the first and second nodes detecting changes in state;
the event processing server receiving notification of the changes in state from the first and second nodes;
the event processing server correlating the changes in state detected by the first and second nodes;
the event processing server executing a maintenance decision that affects the first and second nodes, where the maintenance decision is based on the correlating of the changes in state detected by the first and second nodes, where the changes in state are a result of an absence of an event;
wherein the absence of an event comprises;
an absence of a request for system resources; and
an absence of an event message received within a predetermined time frame; and
where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system,at the interceptor, detecting an access request in the communications path;
generating an event message for the access request;
transmitting the event message to the event processing server;
in response, receiving a policy message from the event processing server comprising at least one of;
allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications,where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of;
placing the at least one of the first and second nodes under quarantine; and
defining system operations that may not be performed on the at least one of the first and second nodes while under attack,where the detecting, receiving, correlating, and executing occurs without human intervention.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention provides method and apparatus for maintaining a networked computer system including first and second nodes and an event processing server, the method comprising the first and second nodes detecting changes in state, the event processing server receiving notification of the changes in state from the first and second nodes, the event processing server correlating changes in state detected in the first and second nodes, and the event processing server executing a maintenance decision which affects the first and second nodes. The detecting, transmitting, correlating, and executing occurs without human intervention.
-
Citations
41 Claims
-
1. A method of maintaining a networked computer System including first and second nodes and an event processing server, comprising:
-
the first and second nodes detecting changes in state; the event processing server receiving notification of the changes in state from the first and second nodes; the event processing server correlating the changes in state detected by the first and second nodes; the event processing server executing a maintenance decision that affects the first and second nodes, where the maintenance decision is based on the correlating of the changes in state detected by the first and second nodes, where the changes in state are a result of an absence of an event; wherein the absence of an event comprises; an absence of a request for system resources; and an absence of an event message received within a predetermined time frame; and where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system, at the interceptor, detecting an access request in the communications path; generating an event message for the access request; transmitting the event message to the event processing server; in response, receiving a policy message from the event processing server comprising at least one of;
allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications, where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of; placing the at least one of the first and second nodes under quarantine; and
defining system operations that may not be performed on the at least one of the first and second nodes while under attack,where the detecting, receiving, correlating, and executing occurs without human intervention. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for maintaining a networked computer system including:
-
at least one node detecting at least one change in state; an event processing server associated with the networked computing system receiving notification of the at least one change in state from the at least one node; and the event processing server responding to the notification by executing a maintenance decision, where the maintenance decision is based on the at least one change in state from the at least one node, the at least one change in state being a result of an absence of an event; where the absence of an event comprises; an absence of a request for system resources; and an absence of an event message received within a predetermined time frame; and where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system, at the interceptor, detecting an access request in the communications path; generating an event message for the access request; transmitting the event message to the event processing server; in response, receiving a policy message from the event processing server comprising at least one of;
allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications, where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of; placing the at least one of the first and second nodes under quarantine; and defining system operations that may not be performed on the at least one of the first and second nodes while under attack, where the detecting, receiving, and responding occurs without human intervention. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for maintaining a node on a networked computer system including:
-
at least one node detecting a change in state; an event processing server associated with the networked computing system receiving notification of the at least one change in state from the at least one node; and the event processing server responding to the notification by executing a maintenance decision, where the maintenance decision is based on the at least one change in state from the at least one node, at least one node reacting to the change in state, where the change in state is a result of an absence of an event; where, the absence of an event comprises; an absence of a request for system resources; and an absence of an event message received within a predetermined time frame; where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system, at the interceptor, detecting an access request in the communications path;
generating an event message for the access request;transmitting the event message to the event processing server; in response, receiving a policy message from the event processing server comprising at least one of;
allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications, where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of; placing the at least one of the first and second nodes under quarantine; and defining system operations that may not be performed on the at least one of the first and second nodes while under attack, where the at least one node detecting and reacting to the change in state occurs without human intervention. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 35)
-
-
33. A computer-readable medium storing computer executable instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
detecting a change in state of a node, an event processing server associated with the networked computing system receiving notification of the at least one change in state from the at least one node; and the event processing server responding to the notification by executing a maintenance decision, where the maintenance decision is based on the at least one change in state from the at least one node, where the change in state is a result of an absence of an event; wherein the absence of an event comprises; an absence of a request for system resources; and an absence of an event message received within a predetermined time frame; and reacting to the detected change in state, where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system, at the interceptor, detecting an access request in the communications path; generating an event message for the access request; transmitting the event message to the event processing server; in response, receiving a policy message from the event processing server comprising at least one of;
allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications, where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of; placing the at least one of the first and second nodes under quarantine; and defining system operations that may not be performed on the at least one of the first and second nodes while under attack, where the at least one node detecting and reacting to the change in state occurs without human intervention. - View Dependent Claims (34, 36, 37)
-
-
38. A method for maintaining a networked computer system including:
-
at least one node detecting at least one change in state; an event processing server associated with the networked computing system receiving notification of the at least one change in state from the at least one node; the event processing server responding to the notification by dispensing a maintenance decision, where the maintenance decision is based on the at least one change in state from the at least one node, the at least one change in state being a result of an absence of an event; and where the absence of an event comprises; an absence of a request for system resources; and an absence of an event message received within a predetermined time frame where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system, at the interceptor, detecting an access request in the communications path; generating an event message for the access request; transmitting the event message to the event processing server; in response;
receiving a policy message from the event processing server comprising at least one of;
allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications, where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of; placing the at least one of the first and second nodes under quarantine; and defining system operations that may not be performed on the at least one of the first and second nodes while under attack, where the at least one node detecting and reacting to the change in state occurs without human intervention. - View Dependent Claims (39, 40, 41)
-
Specification