Hardware interface for enabling direct access and security assessment sharing
First Claim
1. A network interface card arranged for enabling Direct Access when installed in a host endpoint in an enterprise network, comprising:
- An IPv4 to IPv6 translation component for providing IPv4 to IPv6 translation for data traffic that is incoming to the network interface card;
an IPsec component arranged for terminating an IPsec connection; and
an enterprise security assessment sharing component (ESASC) arranged for implementing a security assessment publish and subscribe model in hardware for sharing security assessments among security endpoints that subscribe to the (ESASC) so that they are available to other security endpoints, wherein each security assessment for each security endpoint is published onto a security assessment channel, a security assessment being a semantic abstraction of security related information that provides contextual meaning to a security incident that occurs within an enterprise network environment such that the security assessments received by any one of the security endpoints from any other security endpoints can be combined or correlated with evidence generated by the one security endpoint itself to determine and initiate a local response.
2 Assignments
0 Petitions
Accused Products
Abstract
Native IPv6 capabilities are provided to an IPv4 network node, device, or endpoint using a hardware interface that supports network communication under a Direct Access model. The Direct Access model supports IPv6 communication with IPsec and enforces Network Access Protection (“NAP”) health requirement policies for endpoints that are network clients. A Direct Access-ready server is enabled using a hardware interface that implements IPv4 to IPv6 translation and optionally IPsec termination capability. A Direct Access-ready client is enabled using a hardware interface that implements IPv4 to IPv6 translation, IPsec termination capability, and which optionally provides NAP (Network Access Protection) capabilities for Direct Access-ready clients that are configured as mobile information appliances. The hardware interface may be implemented as a network interface card (“NIC”) or as a chipset.
26 Citations
19 Claims
-
1. A network interface card arranged for enabling Direct Access when installed in a host endpoint in an enterprise network, comprising:
-
An IPv4 to IPv6 translation component for providing IPv4 to IPv6 translation for data traffic that is incoming to the network interface card; an IPsec component arranged for terminating an IPsec connection; and an enterprise security assessment sharing component (ESASC) arranged for implementing a security assessment publish and subscribe model in hardware for sharing security assessments among security endpoints that subscribe to the (ESASC) so that they are available to other security endpoints, wherein each security assessment for each security endpoint is published onto a security assessment channel, a security assessment being a semantic abstraction of security related information that provides contextual meaning to a security incident that occurs within an enterprise network environment such that the security assessments received by any one of the security endpoints from any other security endpoints can be combined or correlated with evidence generated by the one security endpoint itself to determine and initiate a local response. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A chipset arranged for enabling Direct Access when installed in a host device, comprising:
-
An IPv4 to IPv6 translation component for providing IPv4 to IPv6 translation for data traffic that is incoming to the host device; and an enterprise security assessment sharing component arranged for implementing an enterprise security assessment sharing system in hardware, the system being arranged for implementing a security-related information sharing model by which security-related information is shareable among a plurality of endpoints in an enterprise security environment, the model facilitating use of a method comprising the steps of describing an object in the environment using a semantic abstraction of security-related information that is available to an endpoint, the semantic abstraction i) being categorized by type, and ii) being commonly utilizable by the endpoints to initiate a response to a security incident, and using a publish and subscribe model by which a publishing endpoint publishes the semantic abstraction to which a subscribing endpoint subscribes according to a subscription, the subscription being based on the semantic abstraction type, wherein each semantic abstraction for each endpoint is published onto a security assessment channel. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A network interface card for implementing an enterprise security assessment sharing functionality in hardware that is installable on a host endpoint in an enterprise network, the functionality performing a method comprising the steps of:
-
generating a security assessment to describe a detected security incident, in which the generating is based at least in part on locally-available information about a system being monitored by the endpoint, the security assessment being a semantic abstraction of security related information that provides contextual meaning to the security incident and specifying a severity of the event and a level of confidence in accuracy of the detection of the security incident; receiving a current security assessment in accordance with a subscription to a subset of available security assessments generated by other endpoints in the enterprise security environment; and taking a response in accordance with a response policy on a per security assessment basis based on the received current security assessment and the locally-available information. - View Dependent Claims (16, 17, 18, 19)
-
Specification