Distributed network security service
First Claim
Patent Images
1. A method of providing a distributed network security service comprising:
- splitting a security application into at least two parts;
distributing each one of the at least two parts of the security application to at least two nodes on a network;
executing the at least two parts of the security application on the at least two nodes on the network so that the security application is operated in a distributed manner on the network;
using all of the at least two parts of the security application to identify a security threat to the nodes on the network by monitoring for virus-like traffic and malformed packets;
if one of the at least two parts of the security application executed on a particular network node identifies a security threat, then creating a response to the identified security threat by (a) replicating executable programs, policy, signature or profile updates implemented on an originating network subnet on other networks subnets, (b) reducing the privilege for any similar traffic from the originating subnet of the identified security threat, (c) reducing privilege for any similar traffic with their own subnet, or (c) blocking transmissions from a source of malicious messages;
if one of the at least two parts of the security application executed on a particular network node identifies a security threat, then updating other nodes on the network of the response to the identified security threat;
using a separate security hardware device with a first communication channel and a second communication channel, wherein the security hardware device receives network communications on the first channel before determining whether to forward the network communications to an intended recipient for the network communications;
using the separate security hardware device to intercept suspect incoming network communications from a suspect node, to spoof a response to the suspect node, and, based on the suspect node'"'"'s reply to the response, to determine the response to the identified security threat;
using the second communication channel to adjust the behavior of the separate hardware device;
wherein the second communication channel is a secure communication channel;
creating a plurality of security levels and adjusting the level of security based on an analysis of the suspect nodes and suspect messages;
allowing network computers to opt in to execute part of the distributed security application; and
not permitting the user of the computer to access the distributed security application;
communicating the response to the identified security threat to other networks; and
allowing the other nodes of the network to receive an update to the security application.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus to distribute a network security service is disclosed. The security software may be distributed across nodes on a network and may use a separate security device that has two channels, one to review network traffic and a second to send updates to other security devices.
52 Citations
6 Claims
-
1. A method of providing a distributed network security service comprising:
-
splitting a security application into at least two parts; distributing each one of the at least two parts of the security application to at least two nodes on a network; executing the at least two parts of the security application on the at least two nodes on the network so that the security application is operated in a distributed manner on the network; using all of the at least two parts of the security application to identify a security threat to the nodes on the network by monitoring for virus-like traffic and malformed packets; if one of the at least two parts of the security application executed on a particular network node identifies a security threat, then creating a response to the identified security threat by (a) replicating executable programs, policy, signature or profile updates implemented on an originating network subnet on other networks subnets, (b) reducing the privilege for any similar traffic from the originating subnet of the identified security threat, (c) reducing privilege for any similar traffic with their own subnet, or (c) blocking transmissions from a source of malicious messages; if one of the at least two parts of the security application executed on a particular network node identifies a security threat, then updating other nodes on the network of the response to the identified security threat; using a separate security hardware device with a first communication channel and a second communication channel, wherein the security hardware device receives network communications on the first channel before determining whether to forward the network communications to an intended recipient for the network communications; using the separate security hardware device to intercept suspect incoming network communications from a suspect node, to spoof a response to the suspect node, and, based on the suspect node'"'"'s reply to the response, to determine the response to the identified security threat; using the second communication channel to adjust the behavior of the separate hardware device; wherein the second communication channel is a secure communication channel; creating a plurality of security levels and adjusting the level of security based on an analysis of the suspect nodes and suspect messages; allowing network computers to opt in to execute part of the distributed security application; and
not permitting the user of the computer to access the distributed security application;communicating the response to the identified security threat to other networks; and allowing the other nodes of the network to receive an update to the security application.
-
-
2. A method of providing a distributed network security service comprising:
-
splitting a security application into at least two parts; distributing each one of the at least two parts of the security application to at least two nodes on a network; executing the at least two parts of the security application on the at least two nodes on the network so that the security application is operated in a distributed manner on the network; using all of the at least two parts of the security application to identify a security threat to the nodes on the network by monitoring for virus-like traffic and malformed packets; if one of the at least two parts of the security application executed on a particular network node identifies a security threat, then updating other nodes on the network of the response to the identified security threat; using a separate security hardware device with a first communication channel and a second communication channel, wherein the security hardware device receives network communications on the first channel before determining whether to forward the network communications to an intended recipient for the network communications; using the separate security hardware device to intercept suspect incoming network communications from a suspect node, to spoof a response to the suspect node, and, based on the suspect node'"'"'s reply to the response, to determine the response to the identified security threat; using the second communication channel to adjust the behavior of the separate hardware device; wherein the second communication channel is a secure communication channel; creating a plurality of security levels and adjusting the level of security based on an analysis of the suspect nodes and suspect messages; allowing network computers to opt in to execute part of the distributed security application; and
not permitting the user of the computer to access the distributed security application;communicating the response to the identified security threat to other networks; and allowing the other nodes of the network to receive an update to the security application. - View Dependent Claims (3, 4, 5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsFrank, Alexander, Duffus, James S., Phillips, Thomas G.
-
Primary Examiner(s)Colin; Carl
-
Assistant Examiner(s)Lewis; Lisa
-
Application NumberUS11/224,605Publication NumberTime in Patent Office1,492 DaysField of Search726 22- 25US Class Current726/25CPC Class CodesH04L 63/105 Multiple levels of securityH04L 63/145 the attack involving the pr...H04L 63/20 for managing network securi...H04L 67/10 in which an application is ...
