Emergent network defense
First Claim
Patent Images
1. A node for use in a network having a plurality of nodes, said node comprising:
- a processing device configured to sense neighboring node(s) and determine if the sensed neighboring node(s) is within a predetermined closeness of said node, said processing device further configured to determine a level of nervousness of said node based on the determination and to send and/or receive communication as to the level of nervousness to the neighboring node(s),wherein the predetermined closeness of said node is measured by a logical closeness and the logical closeness comprises network hops, network link, or vertices analysis, andwherein the level of nervousness is based on one or more of the following information security hygiene configurations;
time since the node received and applied an update patch for an application;
time since the node ensured policy has current confirmations from a configuration management server;
time since an administrator checked the node'"'"'s current local policy configuration;
performing an activity that triggers an alert for suspicious events;
performing a signature or heuristic activity that triggers local malware or suspicious behavior alerts; and
time since updated with malware or threat signatures.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are provided of a node for use in a network having a plurality of nodes. The node is configured to identify neighboring node(s) within a predetermined closeness of said node, measured by any of physical, logical, network hops, network link, or vertices analysis closeness. The node determines a level of nervousness of itself and sends and/or receives communication as to the level of nervousness to the neighboring node(s).
13 Citations
30 Claims
-
1. A node for use in a network having a plurality of nodes, said node comprising:
-
a processing device configured to sense neighboring node(s) and determine if the sensed neighboring node(s) is within a predetermined closeness of said node, said processing device further configured to determine a level of nervousness of said node based on the determination and to send and/or receive communication as to the level of nervousness to the neighboring node(s), wherein the predetermined closeness of said node is measured by a logical closeness and the logical closeness comprises network hops, network link, or vertices analysis, and wherein the level of nervousness is based on one or more of the following information security hygiene configurations;
time since the node received and applied an update patch for an application;
time since the node ensured policy has current confirmations from a configuration management server;
time since an administrator checked the node'"'"'s current local policy configuration;
performing an activity that triggers an alert for suspicious events;
performing a signature or heuristic activity that triggers local malware or suspicious behavior alerts; and
time since updated with malware or threat signatures. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A network comprising:
-
a plurality of nodes, each node having a processing device configured to sense at least one neighboring node and determine if the sensed neighboring node is within a predetermined logical closeness, said processing device further configured to determine a level of nervousness of the node based on the termination and to communicate the level of nervousness of the node to the at least one neighboring node, wherein the logical closeness comprises network hops, network link, or vertices analysis, and wherein the level of nervousness is based on multiple factors dependent on the node, and may include one or more of the following;
time since the node received and applied an update patch for an critical application;
time since the node checked in ensured policy has current confirmations from a configuration management server;
time since an administrator checked the node'"'"'s current local policy configuration;
performing an activity that triggers an alert for suspicious events;
performing a signature or heuristic activity that triggers local IDS or anti-virus malware or suspicious behavior alerts; and
time since updated with malware and or threat signatures. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer-implemented method for use in a network having a plurality of nodes, the method comprising:
-
determining at one of the plurality of nodes, if at least one neighboring node is within a predetermined logical closeness of the one of the plurality of nodes; determining at the one of the plurality of nodes, a level of nervousness for the one of the plurality of nodes determined to be within the predetermined logical closeness; and communicating at the one of the plurality of nodes, the level of nervousness to the at least one neighboring node wherein the logical closeness comprises network hops, network link, or vertices analysis, and wherein the level of nervousness is based on one or more of the following information security hygiene configurations;
time since the node received and applied an update patch for an application;
time since the node ensured policy has current confirmations from a configuration management server;
time since an administrator checked the node'"'"'s current local policy configuration;
performing an activity that triggers an alert for suspicious events;
performing a signature or heuristic activity that triggers local malware or suspicious behavior alerts; and
time since updated with malware or threat signatures.
-
-
29. A node for use in a network having a plurality of nodes, said node comprising:
-
a processing device configured to determine if at least one neighboring node is within a predetermined closeness of said node, measured by a logical closeness, said processing device further configured to receive a level of nervousness from at least one neighboring node determined to be within the predetermined closeness, and to determine a level of nervousness of said node based at least in part on the received level of nervousness from the at least one neighboring node determined to be within the predetermined closeness, wherein the logical closeness comprises network hops, network link, or vertices analysis, and wherein the level of nervousness is based on one or more of the following information security hygiene configurations;
time since the node received and applied an update patch for an application;
time since the node ensured policy has current confirmations from a configuration management server;
time since an administrator checked the node'"'"'s current local policy configuration;
performing an activity that triggers an alert for suspicious events;
performing a signature or heuristic activity that triggers local malware or suspicious behavior alerts; and
time since updated with malware or threat signatures. - View Dependent Claims (30)
-
Specification