Enforcing good network hygiene using reputation-based automatic remediation
First Claim
1. A computer-implemented method of applying automatic remediation for enforcing network hygiene of a client, the method comprising:
- responsive to an attempt by the client to connect to a secure network, scanning the client to detect a plurality of files on the client;
retrieving onto the client a reputation score for each of the files detected;
calculating on the client a hygiene score for the client based on the reputation scores for the plurality of files detected on the client, the hygiene score indicating a likelihood of the client to engage in risky behavior, wherein the files on the client include files with reputation scores indicating negative security behavior and files with reputation scores indicating positive security behavior, the files with reputation scores indicating negative security behavior affecting the hygiene score to indicate increased likelihood of the client to engage in risky behavior, and the files with reputation scores indicating positive security behavior affecting the hygiene score to indicate decreased likelihood of the client to engage in risky behavior;
determining whether the hygiene score exceeds a threshold for bad client hygiene; and
responsive to the hygiene score for the client exceeding the threshold, applying a policy to the client that restricts access to the secure network.
2 Assignments
0 Petitions
Accused Products
Abstract
Reputation-based automatic remediation is applied for enforcing good network hygiene of a client. A scanning module scans the client to detect files on the client in response to an attempt by the client to connect to a secure network. A reputation score module retrieves onto the client a reputation score for each of the files detected. The reputation scores can be retrieved from a reputation database of a reputation server storing reputation data for files. A hygiene score module calculates on the client a hygiene score for the client based on the reputation scores for the files on the client. The hygiene score indicates a likelihood of the client to engage in risky behavior. The threshold determination module determines whether the hygiene score exceeds a threshold for bad client hygiene. The policy module applies a policy to the client that restricts network access in response to the hygiene score for the client exceeding the threshold.
-
Citations
20 Claims
-
1. A computer-implemented method of applying automatic remediation for enforcing network hygiene of a client, the method comprising:
-
responsive to an attempt by the client to connect to a secure network, scanning the client to detect a plurality of files on the client; retrieving onto the client a reputation score for each of the files detected; calculating on the client a hygiene score for the client based on the reputation scores for the plurality of files detected on the client, the hygiene score indicating a likelihood of the client to engage in risky behavior, wherein the files on the client include files with reputation scores indicating negative security behavior and files with reputation scores indicating positive security behavior, the files with reputation scores indicating negative security behavior affecting the hygiene score to indicate increased likelihood of the client to engage in risky behavior, and the files with reputation scores indicating positive security behavior affecting the hygiene score to indicate decreased likelihood of the client to engage in risky behavior; determining whether the hygiene score exceeds a threshold for bad client hygiene; and responsive to the hygiene score for the client exceeding the threshold, applying a policy to the client that restricts access to the secure network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium storing executable computer program instructions for applying automatic remediation for enforcing network hygiene of a client, the computer program instructions comprising instructions for performing steps comprising:
-
responsive to an attempt by the client to connect to a secure network, scanning the client to detect a plurality of files on the client; retrieving onto the client a reputation score for each of the files detected; calculating on the client a hygiene score for the client based on the reputation scores for the plurality of files detected on the client, the hygiene score indicating a likelihood of the client to engage in risky behavior, wherein the files on the client include files with reputation scores indicating negative security behavior and files with reputation scores indicating positive security behavior, the files with reputation scores indicating negative security behavior affecting the hygiene score to indicate increased likelihood of the client to engage in risky behavior, and the files with reputation scores indicating positive security behavior affecting the hygiene score to indicate decreased likelihood of the client to engage in risky behavior; determining whether the hygiene score exceeds a threshold for bad client hygiene; and responsive to the hygiene score for the client exceeding the threshold, applying a policy to the client that restricts access to the secure network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system for applying automatic remediation for enforcing network hygiene of a client, the system comprising:
-
a non-transitory computer-readable storage medium storing executable software modules, comprising; a scanning module for scanning the client to detect a plurality of files on the client in response to an attempt by the client to connect to a secure network; a reputation score module for retrieving onto the client a reputation score for each of the files detected; a hygiene score module for calculating on the client a hygiene score for the client based on the reputation scores for the plurality of files detected on the client, the hygiene score indicating a likelihood of the client to engage in risky behavior, wherein the files on the client include files with reputation scores indicating negative security behavior and files with reputation scores indicating positive security behavior, the files with reputation scores indicating negative security behavior affecting the hygiene score to indicate increased likelihood of the client to engage in risky behavior, and the files with reputation scores indicating positive security behavior affecting the hygiene score to indicate decreased likelihood of the client to engage in risky behavior; a threshold determination module for determining whether the hygiene score exceeds a threshold for bad client hygiene; a policy module for applying a policy to the client that restricts access to the secure network in response to the hygiene score for the client exceeding the threshold; and a processor configured to execute the software modules stored by the computer readable storage medium. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification