Policy-based selection of remediation
First Claim
1. A computer-implemented method comprising:
- periodically sampling, by a first computer system, information regarding a program-code-based operational state of a second computer system;
determining whether the program-code-based operational state of the second computer system represents a violation of one or more security policies of a network to which the second computer system is connected by causing to be evaluated, by the first computer system, the information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack;
when a result of the determining is affirmative, then;
causing, by the first computer system, a remediation to be identified that can be applied to the second computer system to address the violation; and
causing, by the first computer system, the identified remediation to be deployed to the second computer system; and
wherein the violation is based at least in part on one or more of;
whether a particular process is running on the second computer system;
existence or non-existence of a particular application on the second computer system;
a version of the particular application installed on the second computer system;
a status of the particular application with respect to whether a patch associated with the particular application has been installed on the second computer system;
a version of an operating system installed on the second computer system;
a type of the operating system; and
a configuration of the operating system.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a computer system is periodically sampled. A determination is made regarding whether the program-code-based operational state represents a violation of a security policy by evaluating the information with respect to multiple security policies each of with defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the computer system or manipulation of the computer system to make the computer system vulnerable to attack. When a violation exists then a remediation is identified and deployed to the computer system. The violation is based at least in part on one or more of: whether a particular process is running; the existence, version or status of a particular application; and a version, type or configuration of an operating system installed.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
periodically sampling, by a first computer system, information regarding a program-code-based operational state of a second computer system; determining whether the program-code-based operational state of the second computer system represents a violation of one or more security policies of a network to which the second computer system is connected by causing to be evaluated, by the first computer system, the information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; when a result of the determining is affirmative, then; causing, by the first computer system, a remediation to be identified that can be applied to the second computer system to address the violation; and causing, by the first computer system, the identified remediation to be deployed to the second computer system; and wherein the violation is based at least in part on one or more of; whether a particular process is running on the second computer system; existence or non-existence of a particular application on the second computer system; a version of the particular application installed on the second computer system; a status of the particular application with respect to whether a patch associated with the particular application has been installed on the second computer system; a version of an operating system installed on the second computer system; a type of the operating system; and a configuration of the operating system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium tangibly embodying a set of instructions, which when executed by one or more processors of a first computer system, cause the one or more processors to perform a method comprising:
-
periodically sampling information regarding a program-code-based operational state of a second computer system; determining whether the program-code-based operational state of the second computer system represents a violation of one or more security policies of a network to which the second computer system is connected by causing to be evaluated the information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; when a result of the determining is affirmative, then; causing a remediation to be identified that can be applied to the second computer system to address the violation; and causing the identified remediation to be deployed to the second computer system; and wherein the violation is based at least in part on one or more of; whether a particular process is running on the second computer system; existence or non-existence of a particular application on the second computer system; a version of the particular application installed on the second computer system; a status of the particular application with respect to whether a patch associated with the particular application has been installed on the second computer system; a version of an operating system installed on the second computer system; a type of the operating system; and a configuration of the operating system. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification