×

Stateful distributed event processing and adaptive security

  • US 7,594,267 B2
  • Filed: 06/14/2002
  • Issued: 09/22/2009
  • Est. Priority Date: 06/14/2001
  • Status: Active Grant
First Claim
Patent Images

1. A method of maintaining a networked computer System including first and second nodes and an event processing server, comprising:

  • the first and second nodes detecting changes in state;

    the event processing server receiving notification of the changes in state from the first and second nodes;

    the event processing server correlating the changes in state detected by the first and second nodes;

    the event processing server executing a maintenance decision that affects the first and second nodes, where the maintenance decision is based on the correlating of the changes in state detected by the first and second nodes, where the changes in state are a result of an absence of an event;

    wherein the absence of an event comprises;

    an absence of a request for system resources; and

    an absence of an event message received within a predetermined time frame; and

    where the event processing server is in communication with an interceptor that is inserted in a communication path of the networked computer system,at the interceptor, detecting an access request in the communications path;

    generating an event message for the access request;

    transmitting the event message to the event processing server;

    in response, receiving a policy message from the event processing server comprising at least one of;

    allowing the access request to continue along the communications path, anddisallowing the access request to continue along the communications,where the event processing server executing a maintenance decision that affects the first and second nodes includes determining that at least one of the first and second nodes are subject to a network-borne attack and, in response, performing at least one of;

    placing the at least one of the first and second nodes under quarantine; and

    defining system operations that may not be performed on the at least one of the first and second nodes while under attack,where the detecting, receiving, correlating, and executing occurs without human intervention.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×