Enterprise security assessment sharing for consumers using globally distributed infrastructure
First Claim
1. An enterprise security assessment sharing (“
- ESAS”
) architecture arranged to support an Secure Content Management (“
SCM”
) service to a user at a local client, comprising;
a plurality of points of presence (“
POPs”
), each POP in the plurality including at least a forward proxy server for forwarding traffic from the user to resource servers that are accessible over an Internet connection;
a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers, and further providing identity management to authenticate and authorize the user for the SCM service;
a security assessment channel configured to transport security assessments within a POP or among the POPs, wherein each of the security assessments comprises a plurality of fields, at least one of which is a fidelity field that is arranged to express a degree of confidence a security endpoint has in the security assessment and at least one of which is a time-to-live field; and
one or more security endpoints, each of the security endpoints having a capability to publish and receive security assessments respectively into and from the security assessment channel, a security assessment being usable for describing a security incident pertaining to the user or an IT device associated with the user, the security assessment including a semantic abstraction of security-related information that is available to a security endpoint,wherein each of the security endpoints is configured for receiving security assessments published by other security endpoints and each of the security endpoints is further configured for generating a new security assessment, in response to a security assessment received from another security endpoint, using information that is locally-available to the security endpoint performing the generating in addition to the received security assessments published by other security endpoints.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
-
Citations
20 Claims
-
1. An enterprise security assessment sharing (“
- ESAS”
) architecture arranged to support an Secure Content Management (“
SCM”
) service to a user at a local client, comprising;a plurality of points of presence (“
POPs”
), each POP in the plurality including at least a forward proxy server for forwarding traffic from the user to resource servers that are accessible over an Internet connection;a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers, and further providing identity management to authenticate and authorize the user for the SCM service; a security assessment channel configured to transport security assessments within a POP or among the POPs, wherein each of the security assessments comprises a plurality of fields, at least one of which is a fidelity field that is arranged to express a degree of confidence a security endpoint has in the security assessment and at least one of which is a time-to-live field; and one or more security endpoints, each of the security endpoints having a capability to publish and receive security assessments respectively into and from the security assessment channel, a security assessment being usable for describing a security incident pertaining to the user or an IT device associated with the user, the security assessment including a semantic abstraction of security-related information that is available to a security endpoint, wherein each of the security endpoints is configured for receiving security assessments published by other security endpoints and each of the security endpoints is further configured for generating a new security assessment, in response to a security assessment received from another security endpoint, using information that is locally-available to the security endpoint performing the generating in addition to the received security assessments published by other security endpoints. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- ESAS”
-
11. A method for providing an SCM service to a user, the method comprising the steps of:
-
generating a security assessment at a security endpoint to describe a security incident relating to the user or an IT device that is associated with the user, the generating being based at least in part on locally-available information at the security endpoint, the security assessment being arranged to provide contextual meaning to the security incident, including a plurality of fields, at least one of which is a fidelity field, and being defined with a time interval over which the security assessment is valid; receiving, at the security endpoint, a security assessment in accordance with a subscription to a subset of available security assessments generated by other security endpoints that are configured for monitoring one or more groups of IT devices or users, each user or IT device in a group accessing resources through an SCM service supported by an infrastructure including a hub and a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic to the resource servers over an Internet connection, the hub providing configuration management for forward proxy servers and identity management for the users, wherein the security endpoint is configured to generate a new security assessment, in response to a security assessment received from another security endpoint, using information that is locally-available to the security endpoint performing the generating in addition to the received security assessments published by other security endpoints; and performing a local action in accordance with one or more policies in response to the received security assessment. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method for distributing security incident detection using a plurality of IT objects, the method comprising the steps of:
-
utilizing an infrastructure that is accessible by the IT objects over an Internet connection, the infrastructure including a plurality of POPs coupled to a hub, each POP in the plurality including i) a forward proxy server for forwarding traffic from an IT object to resource servers that are accessible from the Internet, and ii) one or more security endpoints, each security endpoint comprising a security product or security service that is arranged to monitor one or more of the IT objects; at the one or more security endpoints, detecting security incidents affecting the IT objects; and providing a security assessment sharing channel in the infrastructure, the security assessment channel being configured for communicating a security assessment using a publish and subscribe model by which a publishing endpoint publishes the security assessment to which a subscribing endpoint subscribes according to a subscription, the security assessment using a pre-defined taxonomy to provide contextual meaning to a detected security incident, in which the security assessment is defined by at least a fidelity field that is arranged to express a degree of confidence a security endpoint has in the security assessment and a time-to-live field, wherein each security endpoint is configured to receive security assessments published by other security endpoints and each security endpoint is further configured to generate a new security assessment, in response to a security assessment received from another security endpoint, using information that is locally-available to the security endpoint performing the generating in addition to the received security assessments published by other security endpoints. - View Dependent Claims (18, 19, 20)
-
Specification