Policy-based selection of remediation
First Claim
1. A method comprising:
- collecting, by a light weigh sensor (LWS) running on a host asset of a plurality of monitored, networked host assets of an enterprise network, survey data, which collectively characterize a program-code-based operational state of the host asset, from a survey tool installed on the host asset;
transmitting, by the LWS, the survey data to a remote server that is in a client-server relationship with the LWS via an external network coupling the enterprise network and the remote server in communication; and
enforcing, by the remote server, a plurality of security policies with respect to the host asset based on the survey data including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies of the plurality of security policies, by evaluating, the survey data with reference to the plurality of security policies, wherein each security policy of the plurality of security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.
135 Citations
19 Claims
-
1. A method comprising:
-
collecting, by a light weigh sensor (LWS) running on a host asset of a plurality of monitored, networked host assets of an enterprise network, survey data, which collectively characterize a program-code-based operational state of the host asset, from a survey tool installed on the host asset; transmitting, by the LWS, the survey data to a remote server that is in a client-server relationship with the LWS via an external network coupling the enterprise network and the remote server in communication; and enforcing, by the remote server, a plurality of security policies with respect to the host asset based on the survey data including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies of the plurality of security policies, by evaluating, the survey data with reference to the plurality of security policies, wherein each security policy of the plurality of security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a survey data collection and reporting means of a host asset of a plurality of monitored, networked host assets of an enterprise network, for collecting survey data, which collectively characterize a program-code-based operational state of the host asset, from a survey tool installed on the host asset and for reporting the survey data to a remote server that is in a client-server relationship with the survey data collection and reporting means via an external network coupling the enterprise network and the remote server in communication; and a policy enforcement means within the remote server for enforcing a plurality of security policies with respect to the host asset based on the survey data including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies of the plurality of security policies, by evaluating, the survey data with reference to the plurality of security policies, wherein each security policy of the plurality of security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack.
-
Specification