Dynamic provisioning of protection software in a host instrusion prevention system
First Claim
1. A server for protecting a plurality of computers from intrusion, the server comprising at least one processor configured to:
- maintain a plurality of filters, each filter for combating at least one intrusion pattern from a set of known intrusion patterns;
maintain a plurality of descriptors, each descriptor relevant to a respective computer characteristic;
select a specific descriptor as a current descriptor;
recursively;
send said current descriptor to a selected computer of said plurality of computers;
receive a current data element from said selected computer indicating a value of said current descriptor;
determine a subsequent descriptor according to said current data element;
replace said current descriptor with said subsequent descriptor; and
determine requisite filters of said plurality of filters for said selected computer upon determining reception of respective requisite data elements;
andtransmit said requisite filters to said selected computer.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for optimizing security configurations of a set of computers are disclosed. A set of local servers, each functioning as a deep-security manager supporting a respective subset of the computers, maintains protection software containing filters and rules for deploying each filter. A local server receives updated protection software from a central server. Each local server interrogates each computer of its subset of computers to acquire computer-characterizing data and applies relevant rules to determine an optimal set of filters for each computer. Each rule adaptively determines required characterizing data elements from each computer for determining an optimal security configuration. A local server updates the security configuration of a computer to suit changes in the operational environment of the computer.
31 Citations
22 Claims
-
1. A server for protecting a plurality of computers from intrusion, the server comprising at least one processor configured to:
-
maintain a plurality of filters, each filter for combating at least one intrusion pattern from a set of known intrusion patterns; maintain a plurality of descriptors, each descriptor relevant to a respective computer characteristic; select a specific descriptor as a current descriptor; recursively; send said current descriptor to a selected computer of said plurality of computers; receive a current data element from said selected computer indicating a value of said current descriptor; determine a subsequent descriptor according to said current data element; replace said current descriptor with said subsequent descriptor; and determine requisite filters of said plurality of filters for said selected computer upon determining reception of respective requisite data elements; and transmit said requisite filters to said selected computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 17)
-
-
12. A method implemented in a server comprising at least one processor for protecting a plurality of computers from intrusion, the method comprising:
-
maintaining in a memory device a plurality of filters, each filter for combating at least one intrusion pattern from a set of known intrusion patterns; acquiring a plurality of descriptors, each descriptor relevant to a respective computer characteristic; selecting a specific descriptor as a current descriptor; executing a recursive process comprising; sending said current descriptor to a selected computer of said plurality of computers; receiving a current data element from said selected computer indicating a value of said current descriptor; determining a subsequent descriptor according to said current data element; replacing said current descriptor with said subsequent descriptor; and determining requisite filters of said plurality of filters for said selected computer upon determining reception of respective requisite data elements; and transmitting said requisite filters to said selected computer. - View Dependent Claims (13, 14, 15, 16, 18, 19, 20, 21, 22)
-
Specification