Method and system for regulating host security configuration
First Claim
1. A method, performed at a server having at least one processor, for determining current protection-software configurations for a plurality of hosts comprising:
- determining a current time indicator;
determining for a target host a respective host type of a predefined set of host types;
identifying a set of host descriptors corresponding to said respective host type from a predefined superset of host descriptors;
sending a set of queries corresponding to said set of host descriptors to said target host to acquire current characterizing data elements from said target host;
comparing said current characterizing data elements with prior characterizing data elements of said target host;
where at least one current characterizing data element differs from a corresponding prior characterizing data element, updating a current protection-software configuration for said target host;
where said current protection-software configuration differs from a prior protection-software configuration, setting a host-reconfiguration time indicator to equal said current time indicator and transmitting said current protection-software configuration to said target host;
retaining said current characterizing data elements for subsequent use as prior characterizing data elements; and
retaining said current protection-software configuration for subsequent use as prior protection-software configuration.
3 Assignments
0 Petitions
Accused Products
Abstract
A recommendation engine coupled to a server computer in communication with a plurality of hosts is described. The recommendation engine includes computer readable intrusion-protection instructions stored in a memory device, which cause a processor of said server computer to determine a current host-protection configuration for a target host; detect discrepancy between said current host-protection configuration and a prior host-protection configuration; install said current host-protection configuration in said target host upon detecting said discrepancy; record successive host-reconfiguration periods, a host reconfiguration period being a difference between successive instants of time at which a current host-protection configuration differs from a prior host-protection configuration; determine a monitoring period according to a value of at least one of said successive host-reconfiguration periods; and a scheduler for activating said intrusion-protection instructions according to said monitoring period.
34 Citations
20 Claims
-
1. A method, performed at a server having at least one processor, for determining current protection-software configurations for a plurality of hosts comprising:
-
determining a current time indicator; determining for a target host a respective host type of a predefined set of host types; identifying a set of host descriptors corresponding to said respective host type from a predefined superset of host descriptors; sending a set of queries corresponding to said set of host descriptors to said target host to acquire current characterizing data elements from said target host; comparing said current characterizing data elements with prior characterizing data elements of said target host; where at least one current characterizing data element differs from a corresponding prior characterizing data element, updating a current protection-software configuration for said target host; where said current protection-software configuration differs from a prior protection-software configuration, setting a host-reconfiguration time indicator to equal said current time indicator and transmitting said current protection-software configuration to said target host; retaining said current characterizing data elements for subsequent use as prior characterizing data elements; and retaining said current protection-software configuration for subsequent use as prior protection-software configuration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for determining current protection-software configurations for a set of hosts comprising a central server distributing encoded protection software to a plurality of servers through a network, each server having at least one processor and communicatively coupled to a respective subset of hosts, said each server configured to:
-
determine a current time indicator; determine for a target host of said respective subset of hosts a respective host type of a predefined set of host types; identify a set of host descriptors corresponding to said respective host type from a predefined superset of host descriptors; send a set of queries corresponding to said set of host descriptors to said target host to acquire current characterizing data elements from said target host; compare said current characterizing data elements with prior characterizing data elements of said target host; update a current protection-software configuration for said target host, subject to an indication that at least one current characterizing data element differs from a corresponding prior characterizing data element; transmit said current protection-software configuration to said target host and set a host-reconfiguration time indicator to equal said current time indicator subject to an indication that said current protection-software configuration differs from a prior protection-software configuration; retain said current characterizing data elements for subsequent use as prior characterizing data elements; and retain said current protection-software configuration for subsequent use as prior protection-software configuration. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification