Dynamic provisioning of protection software in a host intrusion prevention system
First Claim
1. A method of intrusion protection of a plurality of computers, the method comprising:
- at a central server comprising a memory device having processor executable instructions stored thereon for execution by at least one hardware processor, forming a software library comprising;
a set of data filters each corresponding to at least one intrusion pattern; and
a set of rules, each rule for identifying a number of requisite data filters according to a respective subset of descriptors of a set of descriptors characterizing said plurality of computers;
at a local server of a set of local servers coupled to said central server, employing a hardware processor for;
determining descriptors of each computer coupled to said local server;
acquiring from said central server;
a respective subset of said set of data filters; and
a respective subset of rules of said set of rules;
executing said respective subset of rules to identify for said each computer corresponding data filters; and
where a number of said corresponding data filters is not zero, installing each said corresponding data filter in said each computer.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for optimizing security configurations of a set of computers are disclosed. A set of local servers, each functioning as a deep-security manager supporting a respective subset of the computers, maintains protection software containing filters and rules for deploying each filter. A local server receives updated protection software from a central server. Each local server interrogates each computer of its subset of computers to acquire computer-characterizing data and applies relevant rules to determine an optimal set of filters for each computer. Each rule adaptively determines required characterizing data elements from each computer for determining an optimal security configuration. A local server updates the security configuration of a computer to suit changes in the operational environment of the computer.
37 Citations
20 Claims
-
1. A method of intrusion protection of a plurality of computers, the method comprising:
-
at a central server comprising a memory device having processor executable instructions stored thereon for execution by at least one hardware processor, forming a software library comprising; a set of data filters each corresponding to at least one intrusion pattern; and a set of rules, each rule for identifying a number of requisite data filters according to a respective subset of descriptors of a set of descriptors characterizing said plurality of computers; at a local server of a set of local servers coupled to said central server, employing a hardware processor for; determining descriptors of each computer coupled to said local server; acquiring from said central server; a respective subset of said set of data filters; and a respective subset of rules of said set of rules; executing said respective subset of rules to identify for said each computer corresponding data filters; and where a number of said corresponding data filters is not zero, installing each said corresponding data filter in said each computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for intrusion protection of a plurality of computers, the system comprising:
-
a central server, comprising a memory device having processor executable instructions stored thereon for execution by at least one hardware processor, maintaining a software library comprising; a set of data filters each corresponding to at least one intrusion pattern; and a set of rules, each rule for identifying a requisite data filter according to a respective subset of descriptors of a set of descriptors characterizing said plurality of computers; a set of local servers coupled to said central server, at least one local server comprising a hardware processor and a computer readable storage medium having computer readable instructions stored thereon causing said hardware processor to; determine descriptors of each computer coupled to said at least one local server; acquire from said central server; a respective subset of said set of data filters; and a respective subset of rules of said set of rules; execute said respective subset of rules to identify for said each computer a respective subset of data filters; and install said respective subset of data filters in said each computer. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification