Network security page

US 8,239,943 B2
Filed: 08/18/2006
Issued: 08/07/2012
Est. Priority Date: 08/18/2006
Status: Active Grant

First Claim

Patent Images

1. Computer-readable storage device having computer-executable instructions that, when executed by a computing device, cause the computing device to perform a method comprising:

obtaining security status information from a plurality of security components of an IT infrastructure, wherein the plurality of security components includes security components of a network and security components of a plurality of clients on the network, wherein one of the security components is configured for aggregating security settings of the plurality of clients, and wherein the security settings of the plurality of clients include operating system security settings;

consolidating the security status information into a single page of a visible representation configured to provide simultaneous evaluation of and interaction with the security status of the plurality of security components;

determining, by network security page logic configured for operating on the computer and based on default rules that are overrideable by administrator preference data, how to display on the single page the consolidated security status information that comprises a global security status of the IT infrastructure, a list of the plurality of security components, a security status from each of the listed plurality of security components, and security status details of a selected one of the listed plurality of security components, context-sensitive task links, and system-wide task links;

displaying, in the single page based on the determining, the global security status of the IT infrastructure;

displaying, in the single page based on the determining, the list of the plurality of security components;

displaying, in the single page based on the determining, the security status from each of the listed plurality of security components;

displaying, in the single page based on the determining, the security status details of a selected one of the listed plurality of security components, wherein the security status details are related to the security status corresponding to the selected one of the listed plurality of security components;

displaying, in the single page based on the determining, the context-sensitive task links, wherein each of the context-sensitive task links is configured to launch a security-related task that applies to the selected one of the listed plurality of security components; and

displaying, in the single page based on the determining, the system-wide task links, wherein each of the system-wide task links is configured to launch a security-related task that applies to the IT infrastructure as a whole.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a technology by which a user interface page outputs security status information obtained from network-wide and/or network client security components. This allows for simultaneous evaluation of the state of various network-wide and client security components, such as antimalware state, anti-spam state, firewall state, client program update state, and state data from a remote security service. Network security page logic couples to network-wide security components and client security components to obtain security state data for each. A user interface associated with the network security page logic lists the security components and the current security status for each, such as via an icon that changes its appearance to reflect the current state. Interactive mechanisms for launching system-wide security tasks and/or context-sensitive security tasks related to a selected security component may be provided on the user interface page, as may an interactive mechanism for resolving a security-related issue.

Citations

17 Claims

1. Computer-readable storage device having computer-executable instructions that, when executed by a computing device, cause the computing device to perform a method comprising:
- obtaining security status information from a plurality of security components of an IT infrastructure, wherein the plurality of security components includes security components of a network and security components of a plurality of clients on the network, wherein one of the security components is configured for aggregating security settings of the plurality of clients, and wherein the security settings of the plurality of clients include operating system security settings;
  
  consolidating the security status information into a single page of a visible representation configured to provide simultaneous evaluation of and interaction with the security status of the plurality of security components;
  
  determining, by network security page logic configured for operating on the computer and based on default rules that are overrideable by administrator preference data, how to display on the single page the consolidated security status information that comprises a global security status of the IT infrastructure, a list of the plurality of security components, a security status from each of the listed plurality of security components, and security status details of a selected one of the listed plurality of security components, context-sensitive task links, and system-wide task links;
  
  displaying, in the single page based on the determining, the global security status of the IT infrastructure;
  
  displaying, in the single page based on the determining, the list of the plurality of security components;
  
  displaying, in the single page based on the determining, the security status from each of the listed plurality of security components;
  
  displaying, in the single page based on the determining, the security status details of a selected one of the listed plurality of security components, wherein the security status details are related to the security status corresponding to the selected one of the listed plurality of security components;
  
  displaying, in the single page based on the determining, the context-sensitive task links, wherein each of the context-sensitive task links is configured to launch a security-related task that applies to the selected one of the listed plurality of security components; and
  
  displaying, in the single page based on the determining, the system-wide task links, wherein each of the system-wide task links is configured to launch a security-related task that applies to the IT infrastructure as a whole.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-readable storage device of claim 1 wherein obtaining the security status information from a plurality of security components includes obtaining email antimalware or email anti-spam state data, or both.
  - 3. The computer-readable storage device of claim 1 wherein obtaining the security status information from a plurality of security components includes obtaining wireless local area network access point state data.
  - 4. The computer-readable storage device of claim 1 wherein obtaining the security status information from a plurality of security components includes obtaining network firewall state data.
  - 5. The computer-readable storage device of claim 1 wherein obtaining the security status information from a plurality of security components includes obtaining security status corresponding to client computing devices of the network.
  - 6. The computer-readable storage device of claim 5 wherein obtaining the security status corresponding to client computing devices of the network includes obtaining client email security state data, obtaining client firewall security data, or obtaining network quarantine state data, or obtaining any combination of client email security state data, client firewall security data, or network quarantine state data.
  - 7. The computer-readable storage device of claim 5 wherein obtaining the security status corresponding to client computing devices of the network includes obtaining client program update state data, obtaining security signature update state or obtaining general security configuration and alerts on the client, or obtaining any combination thereof.
  - 8. The computer-readable storage device of claim 1, the method further comprising, generating alerts based on one or more system-wide security states, or taking action based on changes in one or more system-wide security states, or both.
  - 9. The computer-readable storage device of claim 1 wherein obtaining the security status information from a plurality of security components includes obtaining state data from a remote security service.

10. In a network, a system comprising:
- network security page logic configured for consolidating status information from security components that include security components of the network and from security components of a plurality of clients on the network, and further configured for determining how to display the consolidated status information on a user interface, wherein the determining is based on default rules that are overrideable by administrator preference data, wherein one of the security components is configured for aggregating security settings of the plurality of clients, and wherein the security settings of the plurality of clients include operating system security settings;
  
  a computer device configured to couple the network security page logic to security components comprising network-wide security components and client security components, wherein the network security page logic is configured to obtain security state data from each security component, and wherein the network comprises the security components; and
  
  a single page of the user interface configured to;
  
  display a global security status of the network;
  
  display a list of the security components;
  
  display a security status for each of the listed security components based on the corresponding security state data;
  
  display security status details of a selected one of the listed security components, wherein the security status details are related to the security status corresponding to the selected one of the listed security components;
  
  display context-sensitive task links, wherein each of the context-sensitive task links is configured to launch a security-related task that applies to the selected one of the listed security components; and
  
  display system-wide task links, wherein each of the system-wide task links is configured to launch a security-related task that applies to the network as a whole.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10 wherein a user selection of one of the system-wide task links launches a corresponding task.
  - 12. The system of claim 10 wherein a user selection of one of the context-sensitive task links launches a corresponding task.
  - 13. The system of claim 10 wherein the security components that are listed include at least one component of a set, the set containing, a network firewall component, a wireless local area network access point, an email anti-malware component, a client anti-malware component, a server anti-malware component, a threat assessment component including for client or server security policy compliance or both client or server security policy compliance, and an automatic updates compliance component.
  - 14. The system of claim 10 wherein the displayed security status for each listed security component comprises at least one icon that changes its appearance based on a change in the corresponding security status.
  - 15. The system of claim 10 wherein the user interface is further configured to display a representation of a mechanism for resolving a security-related issue, such that interaction with the representation resolves the security-related issue.

16. In an information technology infrastructure, a method comprising:
- providing a user interface that consolidates security state data of the information technology infrastructure into a single page, wherein the information technology infrastructure comprises security components that include security components of a network and security components of a plurality of clients on the network, wherein one of the security components is configured for aggregating security settings of the plurality of clients, and wherein the security settings of the plurality of clients include operating system security settings;
  
  updating the user interface in response to a change in the security state data;
  
  determining, in response to the updating, how to display the consolidated security state data on the single page, wherein the determining is based on default rules that are overrideable by administrator preference data;
  
  displaying, in the single page in response to the determining and based on the security state data, a global security status of the information technology infrastructure, a list of security components of the information technology infrastructure, a security status from each of the listed security components, security status details of a selected one of the listed security components, wherein the security status details are related to the security status corresponding to the selected one of the listed plurality of security components, context-sensitive task links, wherein each of the context-sensitive task links is configured to launch a security-related task that applies to the selected one of the listed security components, and system-wide task links, wherein each of the system-wide task links is configured to launch a security-related task that applies to the information technology infrastructure as a whole; and
  
  wherein the method is performed by a computing device.
- View Dependent Claims (17)
- - 17. The method of claim 16, the method further comprising displaying in the single page troubleshooting information for the selected one of the listed security components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Satkunanathan, Lingan, Sunkammurali, Krishna, Watson, Eric B.
Primary Examiner(s)
PEARSON, DAVID J

Application Number

US11/506,609
Publication Number

US 20080047007A1
Time in Patent Office

2,181 Days
Field of Search

None
US Class Current

726/23
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Network security page

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Network security page

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links