System, method and computer program product for controlling network communications based on policy compliance

US 9,166,984 B2
Filed: 10/09/2012
Issued: 10/20/2015
Est. Priority Date: 12/21/2005
Status: Active Grant

First Claim

Patent Images

1. A computer program product embodied on a non-transitory computer readable storage medium with instructions to:

receive information over a communication network relating to potential compliancy of at least one subset of computers with one or more policies, wherein the potential compliancy of each of the at least one subset of computers is determined by an instance of a scanner associated with each computer;

wherein the information identifies at least one potentially out of compliance computer of the at least one subset of computers, the information including a network address associated with the potentially out of compliance computer, a description of a behavior associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy; and

compile a whitelist utilizing the information; and

send the whitelist to the at least one subset of computers;

wherein a network communication involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, wherein the network communication involving the at least one subset of computers is capable of being controlled utilizing the whitelist; and

wherein when a computer of the at least one subset of computers is determined to be compliant with the policy, information relating to the computer'"'"'s policy compliance is conditionally reported to a server depending on whether the computer was out of compliance prior to the determination, to preserve at least one of bandwidth and processing resources associated with the server.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A policy management system, method and computer program product are provided. In use, information is received over a network relating to at least one subset of computers that are at least potentially out of compliance with a policy. Further, such information is sent to a plurality of the computers, utilizing the network. To this end, network communication involving the at least one subset of computers is capable of being controlled utilizing the information.

63 Citations

View as Search Results

21 Claims

1. A computer program product embodied on a non-transitory computer readable storage medium with instructions to:
- receive information over a communication network relating to potential compliancy of at least one subset of computers with one or more policies, wherein the potential compliancy of each of the at least one subset of computers is determined by an instance of a scanner associated with each computer;
  
  wherein the information identifies at least one potentially out of compliance computer of the at least one subset of computers, the information including a network address associated with the potentially out of compliance computer, a description of a behavior associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy; and
  
  compile a whitelist utilizing the information; and
  
  send the whitelist to the at least one subset of computers;
  
  wherein a network communication involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, wherein the network communication involving the at least one subset of computers is capable of being controlled utilizing the whitelist; and
  
  wherein when a computer of the at least one subset of computers is determined to be compliant with the policy, information relating to the computer'"'"'s policy compliance is conditionally reported to a server depending on whether the computer was out of compliance prior to the determination, to preserve at least one of bandwidth and processing resources associated with the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The computer program product of claim 1, wherein the instructions are further to:
    - compile a blacklist utilizing the information, wherein the blacklist identifies the at least one subset of computers; and
      
      send the blacklist to a plurality of other computers via the communications network;
      
      wherein the network communication involving the at least one subset of computers is controlled at the plurality of other computers utilizing the blacklist.
  - 3. The computer program product of claim 2, wherein the instructions are further to reset the blacklist by allowing communication with all computers by the plurality of the computers, and send an updated blacklist to the plurality of computers.
  - 4. The computer program product of claim 2, wherein a plurality of different subsets of computers is quarantined as a function of the computers themselves, thereby creating multiple quarantine zones.
  - 5. The computer program product of claim 4, wherein each of the quarantine zones is defined by domain name and implemented such that one of the computers on the blacklist and included in one of the quarantine zones defined by a first domain is denied from communicating with other computers in the first domain and is allowed to communicate with other computers in a second domain that is different from the first domain.
  - 6. The computer program product of claim 1, wherein the white list includes a remediation server.
  - 7. The computer program product of claim 6, wherein the remediation server is adapted for providing updates to the computers which are necessary for staying in compliance.
  - 8. The computer program product of claim 1, wherein the white list is configurable by an administrator.
  - 9. The computer program product of claim 1, wherein the white list is provided and includes violation information relating to a severity of a policy violation and a description of activities that prompted the policy violation, and is updated as a function of the violation information, such that a more serious policy violation prompts a more stringent white list.
  - 10. The computer program product of claim 1, wherein the at least one other subset of the computers identified by the white list thwart network communications with each out of compliance computer to avoid communications with out of compliance computers that are capable of circumventing a firewall.
  - 11. The computer program product of claim 1, wherein the information is received periodically.
  - 12. The computer program product of claim 1, wherein the information is sent to the plurality of the computers periodically.
  - 13. The computer program product of claim 1, wherein the information is received upon it being determined that a compliance status of at least one of the computers has changed.
  - 14. The computer program product of claim 1, wherein the information is sent to the plurality of the computers upon it being determined that a compliance status of at least one of the computers has changed.
  - 15. The computer program product of claim 1, wherein the subset of computers is updated based on the information.
  - 16. The computer program product of claim 1, wherein the information is received at a server in communication via the communications network.
  - 17. The computer program product of claim 1, wherein the compliancy is assessed upon identification of an event that at least potentially impacts the compliancy of the at least one subset of computers.
  - 18. The computer program product of claim 1, wherein a determination of the compliancy is based on whether a particular behavior has been recognized utilizing heuristics.
  - 19. The computer program product of claim 1, wherein the information identifying the at least one at least potentially out of compliance computer further includes a user name.

20. A method, comprising:
- receiving information over a communication network relating to potential compliancy of at least one subset of computers with one or more policies, wherein the potential compliancy of each of the at least one subset of computers is determined by an instance of a scanner associated with each computer;
  
  wherein the information identifies at least one potentially out of compliance computer of the at least one subset of computers, the information including a network address associated with the potentially out of compliance computer, a description of a behavior associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy; and
  
  compiling a whitelist utilizing the information; and
  
  sending the whitelist to the at least one subset of computers;
  
  wherein a network communication involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, wherein the network communication involving the at least one subset of computers is capable of being controlled utilizing the whitelist; and
  
  wherein when a computer of the at least one subset of computers is determined to be compliant with the policy, information relating to the computer'"'"'s policy compliance is conditionally reported to a server depending on whether the computer was out of compliance prior to the determination to preserve at least one of bandwidth and processing resources associated with the server.

21. An apparatus, comprising:
- at least one processor, the at least one processor being configured to perform operations comprising;
  
  receiving information over a communication network relating to the potential compliancy of at least one subset of computers with one or more policies, wherein the potential compliancy of each of the at least one subset of computers is determined by an instance of a scanner associated with each computer;
  
  wherein the information identifies at least one potentially out of compliance computer of the at least one subset of computers, the information including a network address associated with the potentially out of compliance computer, a description of a behavior associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy, and a severity associated with a violation of the policy that resulted in the at least one subset of computers being potentially out of compliance with the policy; and
  
  compiling a whitelist utilizing the information; and
  
  sending the whitelist to the at least one subset of computers;
  
  wherein a network communication involving the at least one subset of computers is controlled utilizing a respective firewall of the at least one subset of computers such that a two-way quarantining is established in order to isolate out of compliance computers, wherein the network communication involving the at least one subset of computers is capable of being controlled utilizing the whitelist; and
  
  wherein when a computer of the at least one subset of computers is determined to be compliant with the policy, information relating to the computer'"'"'s policy compliance is conditionally reported to a server depending on whether the computer was out of compliance prior to the determination to preserve at least one of bandwidth and processing resources associated with the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Davis, Michael Anthony, Lowe, Joe C., Zeigler, Arthur S.
Primary Examiner(s)
Yohannes, Tesfay

Application Number

US13/647,987
Publication Number

US 20130060943A1
Time in Patent Office

1,106 Days
Field of Search

709/201, 709/215, 709/225, 726/4
US Class Current

1/1
CPC Class Codes

H04L 63/0272 Virtual private networks

H04L 63/102 Entity profiles

System, method and computer program product for controlling network communications based on policy compliance

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for controlling network communications based on policy compliance

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links