Critical period protection
First Claim
Patent Images
1. A method, comprising:
- monitoring a computing device having a first security state for one or more events indicating a time period of increased vulnerability, the one or more events comprising receiving an update file from a remote server for installation on the computing device;
adjusting one or more security policies in response to the one or more events to initiate a second security state comprising restricting network access from network sources other than the remote server;
identifying an end of the time period of increased vulnerability comprising identifying a message from the computing device to the remote server that the update file has been installed; and
initiating a third security state.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for protecting a computer during a period of increased vulnerability. In one implementation, a method for protecting a computer is provided. The method includes monitoring a computing device having an first security state for one or more events indicating a time period of increased vulnerability. The method includes adjusting one or more security policies in response to the one or more events to generate a second security state. The method also includes identifying an end of the time of increased vulnerability, and restoring the computing to the first security state. In one implementation, the computer is an embedded device.
-
Citations
18 Claims
-
1. A method, comprising:
-
monitoring a computing device having a first security state for one or more events indicating a time period of increased vulnerability, the one or more events comprising receiving an update file from a remote server for installation on the computing device; adjusting one or more security policies in response to the one or more events to initiate a second security state comprising restricting network access from network sources other than the remote server; identifying an end of the time period of increased vulnerability comprising identifying a message from the computing device to the remote server that the update file has been installed; and initiating a third security state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A security device, comprising:
-
a processor; a memory coupled to the processor; a monitoring engine operable to monitor a computing device for events indicating a time period of increased vulnerability, the events comprising receiving an update file from a remote server for installation on the computing device; a security engine operable to execute one or more security policies including different security policies for different states of the computing device, wherein one of the states comprises restricting network access from network sources other than the remote server; the monitoring engine further operable to identify an end of the time period of increased vulnerability comprising identifying a message from the computing device to the remote server that the update file has been installed; and a policy module operable to store the one or more security policies. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. An embedded device, comprising:
-
a security device, comprising; a processor; a memory coupled to the processor; a monitoring engine operable to monitor the embedded device for events indicating a time period of increased system vulnerability, the events comprising receiving an update file from a remote server for installation on the computing device; a security engine operable to execute one or more security policies including different security policies for different states of the computing device, wherein one of the states comprises restricting network access from network sources other than the remote server; the monitoring engine further operable to identify an end of the time period of increased vulnerability comprising identifying a message from the computing device to the remote server that the update file has been installed; and an enhanced write filter operable to write data to an overlay, the events further comprising disabling the enhanced write filter.
-
-
18. A computer program product, tangibly stored on a computer-readable storage medium, comprising instructions operable to cause a programmable processor to:
-
monitor a computing device having a first security state for one or more events indicating a time period of increased vulnerability, the one or more events comprising receiving an update file from a remote server for installation on the computing device; adjust one or more security policies in response to the one or more events to initiate a second security state comprising restricting network access from network sources other than the remote server; identify an end of the time period of increased vulnerability comprising identifying a message from the computing device to the remote server that the update file has been installed; and initiate a third security state.
-
Specification