Policy-based selection of remediation
First Claim
1. A method comprising:
- collecting, by a light weigh sensor (LWS) running on a host asset of a plurality of monitored host assets within an enterprise network, information regarding a program-code-based operational state of the host asset via a survey tool installed on the host asset;
transmitting, by the LWS, the information to a remote server that is in a client-server relationship with the LWS via an external network coupling the enterprise network and the remote server in communication; and
enforcing, by the remote server, a plurality of security policies with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies of the plurality of security policies, by evaluating, the received information with respect to the plurality of security policies, wherein each security policy of the plurality of security policies define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.
-
Citations
20 Claims
-
1. A method comprising:
-
collecting, by a light weigh sensor (LWS) running on a host asset of a plurality of monitored host assets within an enterprise network, information regarding a program-code-based operational state of the host asset via a survey tool installed on the host asset; transmitting, by the LWS, the information to a remote server that is in a client-server relationship with the LWS via an external network coupling the enterprise network and the remote server in communication; and enforcing, by the remote server, a plurality of security policies with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies of the plurality of security policies, by evaluating, the received information with respect to the plurality of security policies, wherein each security policy of the plurality of security policies define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification