Dynamic provisioning of protection software in a host intrusion prevention system
First Claim
1. A server for intrusion protection of a plurality of computers, the server comprising:
- a processor and a memory device storing processor executable instructions causing the processor to;
acquire a superset of descriptors characterizing said plurality of computers;
acquire a superset of filters;
acquire a set of rules, each rule for determining a respective rule-specific set of filters corresponding to a respective rule-specific set of descriptors;
classify said plurality of computers according to predefined computer types;
associate each computer type with a respective type-specific set of descriptors;
associate a target computer of said plurality of computer with a respective computer type;
determine a rule domain as an intersection of a type-specific set of descriptors corresponding to said respective computer type and a rule-specific set of descriptors corresponding to a selected rule;
communicate with said target computer to acquire a value of each of at least one descriptor of said rule domain; and
execute said selected rule to determine a set of requisite filters.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus for optimizing security configurations of a set of computers are disclosed. A set of local servers, each functioning as a deep-security manager supporting a respective subset of the computers, maintains protection software containing filters and rules for deploying each filter. A local server receives updated protection software from a central server. Each local server interrogates each computer of its subset of computers to acquire computer-characterizing data and applies relevant rules to determine an optimal set of filters for each computer. Each rule adaptively determines required characterizing data elements from each computer for determining an optimal security configuration. A local server updates the security configuration of a computer to suit changes in the operational environment of the computer.
37 Citations
19 Claims
-
1. A server for intrusion protection of a plurality of computers, the server comprising:
a processor and a memory device storing processor executable instructions causing the processor to; acquire a superset of descriptors characterizing said plurality of computers; acquire a superset of filters; acquire a set of rules, each rule for determining a respective rule-specific set of filters corresponding to a respective rule-specific set of descriptors; classify said plurality of computers according to predefined computer types; associate each computer type with a respective type-specific set of descriptors; associate a target computer of said plurality of computer with a respective computer type; determine a rule domain as an intersection of a type-specific set of descriptors corresponding to said respective computer type and a rule-specific set of descriptors corresponding to a selected rule; communicate with said target computer to acquire a value of each of at least one descriptor of said rule domain; and execute said selected rule to determine a set of requisite filters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
15. A method of intrusion protection of a plurality of computers, the method comprising:
configuring a processor to perform processes of; acquiring a superset of descriptors characterizing said plurality of computers; acquiring a superset of filters; acquiring a set of rules, each rule for determining a respective rule-specific set of filters corresponding to a respective rule-specific set of descriptors; classifying said plurality of computers according to predefined computer types; associating each computer type with a respective type-specific set of descriptors; associating a target computer of said plurality of computer with a respective computer type; identifying common descriptors of a type-specific set of descriptors corresponding to said respective computer type and a rule-specific set of descriptors corresponding to a selected rule; and communicating with said target computer to acquire a value of each of at least one common descriptor; determining a set of requisite filters for said target computer according to said selected rule. - View Dependent Claims (16, 17, 18, 19)
Specification