Systems and methods to protect against a vulnerability event

US 9,313,211 B1
Filed: 04/18/2012
Issued: 04/12/2016
Est. Priority Date: 04/18/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method to protect against a vulnerability event, comprising:

enforcing, by a processor, a first set of security policies on a client device, wherein the processor is a hardware processor;

subscribing, by the processor, to an update notification service to obtain notifications regarding update events, the update events relating to operating system updates and host protection software updates;

monitoring, by the processor, the updated events, wherein monitoring the update events comprises monitoring the update events relating to the operating system and host protection software in relation to termination of a malware detection service;

detecting, by the processor, an update event in conjunction with subscribing to the update notification service;

determining, by the processor, whether the update event is known to cause temporary disruption to the malware detection service;

upon determining the update event is known to not cause temporary disruption to the malware detection service, maintaining, by the processor, the first set of security policies; and

upon determining the update event is known to cause temporary disruption to the malware detection service;

determining, by the processor, a vulnerability level corresponding to a first type of network connection or a second type of network connection, wherein the vulnerability level is at a first level when a current network connection is of the first type and the vulnerability level is at a second level when the current network connection is of the second type;

selecting, by the processor, a second set of security policies based on the vulnerability level; and

enforcing, by the processor, the second set of security policies.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method to protect against a vulnerability event is described. A first set of security policies is enforced. A client device is monitored for a vulnerability event. Upon detecting a vulnerability event, a vulnerability level corresponding to a current environment is determined. A second set of security policies is selected based on the vulnerability level. The second set of security policies is enforced.

Citations

11 Claims

1. A computer-implemented method to protect against a vulnerability event, comprising:
- enforcing, by a processor, a first set of security policies on a client device, wherein the processor is a hardware processor;
  
  subscribing, by the processor, to an update notification service to obtain notifications regarding update events, the update events relating to operating system updates and host protection software updates;
  
  monitoring, by the processor, the updated events, wherein monitoring the update events comprises monitoring the update events relating to the operating system and host protection software in relation to termination of a malware detection service;
  
  detecting, by the processor, an update event in conjunction with subscribing to the update notification service;
  
  determining, by the processor, whether the update event is known to cause temporary disruption to the malware detection service;
  
  upon determining the update event is known to not cause temporary disruption to the malware detection service, maintaining, by the processor, the first set of security policies; and
  
  upon determining the update event is known to cause temporary disruption to the malware detection service;
  
  determining, by the processor, a vulnerability level corresponding to a first type of network connection or a second type of network connection, wherein the vulnerability level is at a first level when a current network connection is of the first type and the vulnerability level is at a second level when the current network connection is of the second type;
  
  selecting, by the processor, a second set of security policies based on the vulnerability level; and
  
  enforcing, by the processor, the second set of security policies.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the second set of security policies is enforced upon the occurrence of the vulnerability event.
  - 3. The method of claim 1, wherein enforcing the second set of security policies comprises switching from enforcing the first set of security policies to enforcing the second set of security policies.
  - 4. The method of claim 1, further comprising:
    - monitoring the client device for an end of the vulnerability event; and
      
      upon detecting the end of the vulnerability event, enforcing the first set of security policies.
  - 5. The method of claim 4, wherein enforcing the first set of security policies comprises switching from enforcing the second set of security policies to enforcing the first set of security policies.

6. A computing device configured to protect against a vulnerability event, comprising:
- a processor;
  
  memory in electronic communication with the processor, wherein the memory stores computer executable instructions that, when executed by the processor, cause the processor to;
  
  enforce a first set of security policies on a client device;
  
  subscribe to an update notification service to obtain notifications regarding update events, the update events relating to operating system updates and host protection software updates;
  
  monitoring, by the processor, the updated events, wherein monitoring the update events comprises monitoring the date events relating to the operating system and host protection software in relation to termination of malware detection service;
  
  detect an update event in conjunction with subscribing to the update notification service;
  
  determine whether the update event is known to cause temporary disruption to the malware detection service;
  
  upon determining the update event is known to not cause temporary disruption to the malware detection service, maintain the first set of security policies; and
  
  upon determining the update event is known to cause temporary disruption to the malware detection service;
  
  determine a vulnerability level corresponding to a first type of network connection or a second type of network connection, wherein the vulnerability level is at a first level when a current network connection is of the first type and the vulnerability level is at a second level when the current network connection is of the second type;
  
  select a second set of security policies based on the vulnerability level; and
  
  enforce the second set of security policies.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computing device of claim 6, wherein the second set of security policies is enforced upon the occurrence of the vulnerability event.
  - 8. The computing device of claim 6, wherein enforcing the second set of security policies comprises switching from enforcing the first set of security policies to enforcing the second set of security policies.
  - 9. The computing device of claim 6, wherein the processor is further configured to:
    - monitor the client device for an end of the vulnerability event; and
      
      upon detecting the end of the vulnerability event, enforce the first set of security policies.
  - 10. The computing device of claim 9, wherein enforcing the first set of security policies comprises switching from enforcing the second set of security policies to enforcing the first set of security policies.

11. A computer-program product to protect against a vulnerability event, the computer-program product comprising a non-transitory computer-readable storage medium that stores computer executable instructions that, when executed by a processor, cause the processor to:
- enforce a first set of security policies on a client device;
  
  subscribe to an update notification service to obtain notifications regarding update events, the update events relating to operating system updates and host protection software updates;
  
  monitoring, by the processor, the updated events, wherein monitoring the update events comprises monitoring the update events relating to the operating system and host protection software in relation to termination of a malware detection service;
  
  detect an update event in conjunction with subscribing to the update notification service;
  
  determine whether the update event is known to cause temporary disruption to the malware detection service;
  
  upon determining the update event is known to not cause temporary disruption to the malware detection service, maintain the first set of security policies; and
  
  upon determining the update event is known to cause temporary disruption to the malware detection service;
  
  determine a vulnerability level corresponding to a first type of network connection or a second type of network connection, wherein the vulnerability level is at a first level when a current network connection is of the first type and the vulnerability level is at a second level when the current network connection is of the second type;
  
  select a second set of security policies based on the vulnerability level; and
  
  enforce the second set of security policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Lototskiy, Alexander
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
Gracia, Gary

Application Number

US13/449,508
Time in Patent Office

1,455 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/568   eliminating virus, restorin...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/107   wherein the security polici...

H04L 63/20   for managing network securi...

Systems and methods to protect against a vulnerability event

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to protect against a vulnerability event

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links