Centralized timed analysis in a network security system
First Claim
Patent Images
1. A method for use with a server and a group of associated hosts, comprising:
- storing in the server meta-information file states relating to files seen on the hosts, the meta-information including a signature of the content of the files;
storing in the server for each signature, an initial time that the file is first seen on the host, including for at least some files, a time when the file is first received, and further storing a file state indicating whether or not certain file operations can be performed, and if file operations are allowed to be performed, with what conditions certain file operations can be performed by hosts on the file, wherein the states include banned, allowed, and pending, wherein a pending state allows file operations subject to security restrictions and further monitoring;
at defined periods related to the initial time, performing at least one security analysis of the file, or of the signature of the file contents; and
altering the file state based on the security analysis and providing updated information related to the altered file state to the hosts.
3 Assignments
0 Petitions
Accused Products
Abstract
A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and social engineering attacks. The system can implement centralized policies that allow an administrator to approve, block, quarantine, or log file activities. The system stores meta-information for files relating to security and at defined times after a file or a file hash is first received, performs security related analyses from a central server. Analysis results are stored on the server, and the server can automatically change file meta-information. Changes in file meta-information are provided to hosts.
650 Citations
47 Claims
-
1. A method for use with a server and a group of associated hosts, comprising:
-
storing in the server meta-information file states relating to files seen on the hosts, the meta-information including a signature of the content of the files; storing in the server for each signature, an initial time that the file is first seen on the host, including for at least some files, a time when the file is first received, and further storing a file state indicating whether or not certain file operations can be performed, and if file operations are allowed to be performed, with what conditions certain file operations can be performed by hosts on the file, wherein the states include banned, allowed, and pending, wherein a pending state allows file operations subject to security restrictions and further monitoring; at defined periods related to the initial time, performing at least one security analysis of the file, or of the signature of the file contents; and altering the file state based on the security analysis and providing updated information related to the altered file state to the hosts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computer system comprising:
a server including a memory for storing security-related meta-information relating to files seen on hosts associated with the server, including for each file, a state indicating whether file operations can be performed, and if file operations can be performed with what conditions certain file operations can be performed on the file by the hosts, wherein the states include banning, pending, and allowing, such that a pending state allows file operations subject to security restrictions and further monitoring; the server, at defined periods, causing at least one security analysis to be performed of the files, the defined periods based on the initial times when the files or signatures of the files have been received by the hosts and/or the server; and in response to at least some analyses, altering the file state and providing updated information related to the altered state to the hosts. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
Specification