DISTRIBUTED SECURITY PROVISIONING
First Claim
Patent Images
1. A network security system, comprising:
- a plurality of processing nodes external to network edges of a plurality of external systems, each processing node comprising;
a processing node data store storing security policy data defining security policies for each of the external systems;
a plurality of data inspection engines, each data inspection engine configured to perform a threat detection process to classify content items according to a threat classification for a corresponding threat; and
a processing node manager in data communication with the data inspection engines and configured to access the security policy data stored in the processing node data store and manage the classified content item in accordance with the security policy data so that security policies for a plurality of external systems in data communication with the processing node are implemented external to the network edges for each of the external systems; and
an authority node in data communication with the processing nodes, the authority node including a authority node data store storing security policy data for each of the plurality of external systems, and including an authority node manager configured to provide the security policy data to each of the processing nodes.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for a distributed security that provides security processing external to a network edge. The system can include many distributed processing nodes and one or more authority nodes that provide security policy data, threat data, and other security data to the processing nodes. The processing nodes detect and stop the distribution of malware, spyware and other undesirable content before such content reaches the destination network and computing systems.
88 Citations
29 Claims
-
1. A network security system, comprising:
-
a plurality of processing nodes external to network edges of a plurality of external systems, each processing node comprising; a processing node data store storing security policy data defining security policies for each of the external systems; a plurality of data inspection engines, each data inspection engine configured to perform a threat detection process to classify content items according to a threat classification for a corresponding threat; and a processing node manager in data communication with the data inspection engines and configured to access the security policy data stored in the processing node data store and manage the classified content item in accordance with the security policy data so that security policies for a plurality of external systems in data communication with the processing node are implemented external to the network edges for each of the external systems; and an authority node in data communication with the processing nodes, the authority node including a authority node data store storing security policy data for each of the plurality of external systems, and including an authority node manager configured to provide the security policy data to each of the processing nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer implemented method of security provisioning, comprising:
-
providing data communication from a plurality of processing nodes to a plurality of external systems, the processing nodes external to network edges of the plurality of external systems, and in each processing node; storing security policies received from an authority node; monitoring content items requested by or sent from the external systems; threat detecting content items to classify the content items according to threat classifications; and enforcing, external to the network edges of the external systems, the security policies for the plurality of external systems in accordance with the security policies and the classifications of the content items. - View Dependent Claims (24, 25, 26, 27)
-
-
28. Software stored in a computer readable medium and comprising instructions executable by a processing node system, and in response to such execution causes the processing node system to perform operations comprising:
-
receiving and storing security policy data defining security policies for each of a plurality of the external systems, threat classification data defining threat classifications for a plurality of content items, and detection processing filtering data defining whether content items have been threat detection processed; identifying a content item requested by or sent from a external system; detection process filtering the content item to determine whether the content item has been threat detection processed; performing a threat detection exception process to classify content items according to a threat classification for a corresponding threat if the detection processing filtering determines that the content item has not been threat detection processed; and generating threat update data for updating the threat classification data and the detection processing filter; and transmitting the threat update data to an authority node for distribution to other processing node systems.
-
-
29. Software stored in a computer readable medium and comprising instructions executable by an authority node system, and in response to such execution causes the authority node system to perform operations comprising:
-
receiving and storing security policy data defining security policies for each of a plurality of the external systems, threat classification data defining threat classifications for a plurality of content items, and detection processing filtering data defining whether content items have been threat detection processed; distributing the security policy data, the threat classification data, and the detection processing filtering data to a plurality of processing node systems; receiving threat update data from a processing node system, the threat update data for updating the threat classification data and the detection processing filter; updating the threat classification data and the detection processing filtering data based on the threat update data; and distributing the updated threat classification data and the updated detection processing filtering data to the plurality of processing nodes.
-
Specification