Autonomic self-healing network
First Claim
Patent Images
1. A method comprising:
- obtaining information dynamically of assets residing on a network by discovering the assets connected to the network, populating an assets database, and performing ongoing monitoring of the network to determine and reconcile previously unknown assets;
comparing a device identifier to the dynamically obtained information of assets at a time of a request to access the network;
determining that the device identifier matches the dynamically obtained information of assets;
determining that the assets comply with one or more rules at the time of the request to access the network, wherein access to the network is permitted only after the determining steps; and
quarantining a device from the network or a portion thereof based upon one or more of the determining steps.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method capable of obtaining information dynamically of assets residing on a network. The system and method further capable of comparing a device identifier to the dynamically obtained information of assets and policies at a time of a request to access the network and determining whether the device identifier matches at least one of the dynamically obtained information of assets and policies. The system and method further capable of quarantining the device from the network or a portion thereof based upon the determining.
-
Citations
37 Claims
-
1. A method comprising:
-
obtaining information dynamically of assets residing on a network by discovering the assets connected to the network, populating an assets database, and performing ongoing monitoring of the network to determine and reconcile previously unknown assets; comparing a device identifier to the dynamically obtained information of assets at a time of a request to access the network; determining that the device identifier matches the dynamically obtained information of assets; determining that the assets comply with one or more rules at the time of the request to access the network, wherein access to the network is permitted only after the determining steps; and quarantining a device from the network or a portion thereof based upon one or more of the determining steps. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
receiving a request for access to a network from a device; verifying whether the device is known by querying an assets database; verifying whether the request complies with a rule set by querying a policy database; granting access to the network or portions thereof only when the device is known and complies with the rule set; quarantining the device to a virtual network or segment thereof based upon the denied access; and obtaining information dynamically of assets residing on the network by ongoing monitoring of the network to determine and reconcile previously unknown assets, wherein the ongoing monitoring is configured to detect existing servers, clients, and one of stolen or borrowed Internet Protocol (IP) addresses. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for quarantining devices on a network comprising:
-
means for obtaining information dynamically of assets residing on the network by discovering the assets connected to the network, populating an assets database, and performing ongoing monitoring of the network to determine and reconcile previously unknown assets; means for comparing a device identifier to the dynamically obtained information of assets at a time of a request to access the network; means for determining that the device identifier matches the dynamically obtained information of assets; means for determining that the assets comply with one or more rules at the time of the request to access the network, wherein access to the network is permitted only after the device identifier is matched and the assets comply with the one or more rules; and means for quarantining the device from the network or a portion thereof based upon one or more of the determinations; wherein the means for obtaining, comparing, determining, and quarantining is embodied in one of a hardware environment and a combination of a software environment and a hardware environment. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. A computer program product comprising a computer useable storage medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
obtain information dynamically of assets residing on a network by discovering the assets connected to the network, populating an assets database, and performing ongoing monitoring of the network to determine and reconcile previously unknown assets; compare a device identifier to the dynamically obtained information of assets at a time of a request to access the network; determine that the device identifier matches the dynamically obtained information of assets; determine that the assets comply with one or more rules at the time of the request to access the network, wherein access to the network is permitted only after the device identifier is matched and the assets comply with the one or more rules; and quarantine the device from the network or a portion thereof based upon one or more of the determining steps.
-
Specification