Policy-based selection of remediation
First Claim
1. A computer-implemented method comprising:
- receiving, by a first computer system, information regarding an operational state of a second computer system at a particular time;
determining whether the operational state of the second computer system represents a violation of one or more security policies that have been applied to or are active in regard to the second computer system by evaluating, by the first computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; and
when a result of the determining is affirmative, then;
identifying, by the first computer system, a remediation that can be applied to the second computer system to address the violation; and
causing, by the first computer system, the remediation to be deployed to the second computer system.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies. Each security policy defines a parameter condition violation of which is potentially indicative of unauthorized activity on or manipulation of the second computer system to make it vulnerable to attack. When a result of the determination is affirmative, then a remediation is identified by the first computer system that can be applied to the second computer system to address the violation; and the remediation is deployed to the second computer system.
146 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a first computer system, information regarding an operational state of a second computer system at a particular time; determining whether the operational state of the second computer system represents a violation of one or more security policies that have been applied to or are active in regard to the second computer system by evaluating, by the first computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; and when a result of the determining is affirmative, then; identifying, by the first computer system, a remediation that can be applied to the second computer system to address the violation; and causing, by the first computer system, the remediation to be deployed to the second computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of one or more remote server systems, cause the one or more processors to perform a method of policy-based remediation, the method comprising:
-
receiving, by a first computer system, information regarding an operational state of a second computer system at a particular time; determining whether the operational state of the second computer system represents a violation of one or more security policies that have been applied to or are active in regard to the second computer system by evaluating, by the first computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; and when a result of the determining is affirmative, then; identifying, by the first computer system, a remediation that can be applied to the second computer system to address the violation; and causing, by the first computer system, the remediation to be deployed to the second computer system. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification