Policy-based selection of remediation
First Claim
1. A computer-implemented method comprising:
- receiving, by a first computer system, information regarding a program-code-based operational state of a second computer system at a particular time;
determining whether the program-code-based operational state of the second computer system represents a violation of one or more security policies that have been applied to or are active in regard to the second computer system by evaluating, by the first computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; and
when a result of the determining is affirmative, then;
identifying, by the first computer system, a remediation that can be applied to the second computer system to address the violation; and
causing, by the first computer system, the remediation to be deployed to the second computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information is received by one computer system regarding a program-code-based operational state of another computer system at a particular time. It is determined whether the program-code-based operational state represents a violation of security policies that have been applied to or are active in regard to the computer system at issue by evaluating the received information with respect to the security policies. Each security policy defines at least one parameter condition violation of which is potentially indicative of unauthorized activity or manipulation to make the computer system at issue vulnerable to attack. When a security policy violation is detected, then a remediation is identified that can address the violation; and the remediation is caused to be deployed to the computer system at issue.
56 Citations
23 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a first computer system, information regarding a program-code-based operational state of a second computer system at a particular time; determining whether the program-code-based operational state of the second computer system represents a violation of one or more security policies that have been applied to or are active in regard to the second computer system by evaluating, by the first computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; and when a result of the determining is affirmative, then; identifying, by the first computer system, a remediation that can be applied to the second computer system to address the violation; and causing, by the first computer system, the remediation to be deployed to the second computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification