Method and system for dynamically protecting a computer system from attack
First Claim
1. A computer-implemented method for dynamically protecting a computer system comprising the steps of:
- generating a policy for defending the system from an attack;
receiving a data packet at the system;
comparing information in the data packet to the policy to determine if an intrusion event has been detected;
determining if the data packet should be blocked from entering the system based on the policy for defending the system;
determining a method of blocking the data packet based on a positive determination to block the data packet from entering the system; and
blocking the packet from entering the system using the determined method.
5 Assignments
0 Petitions
Accused Products
Abstract
A dynamic protection system can analyze a computer system to determine its vulnerabilities to attack and generate a policy for protecting the computer system based on the identified vulnerabilities. Data received by the computer system can be analyzed to determine if it poses a threat to the system. This can prevent the data from entering the system or host based on a determination that the data poses a threat. Also, the dynamic protection system can receive policy updates to allow it to protect the system more efficiently and effectively. In other words, the dynamic protection system can protect an evolving computer system operating in an environment that is characterized by constantly changing methods of attack. Furthermore, by minimizing a need for manual intervention, attacks can be rapidly and accurately detected with a minimization of false positives, thereby lowering the cost of operation.
425 Citations
58 Claims
-
1. A computer-implemented method for dynamically protecting a computer system comprising the steps of:
-
generating a policy for defending the system from an attack; receiving a data packet at the system; comparing information in the data packet to the policy to determine if an intrusion event has been detected; determining if the data packet should be blocked from entering the system based on the policy for defending the system; determining a method of blocking the data packet based on a positive determination to block the data packet from entering the system; and blocking the packet from entering the system using the determined method. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer-implemented method for dynamically protecting a host from attacks comprising the steps of:
-
receiving a policy for defending the host from attack; sending the policy to at least one of a plurality of host sensors associated with the host; receiving a data packet at one of the host sensors; scanning the data packet to determine if the data packet contains at least one suspicious event; determining if the data packet should be blocked from passage to the host based on the received policy in response to detection of at least one suspicious event; selecting a method of blocking the data packet from a set of block criteria based on a positive determination to block the data packet from entering the host; blocking the packet from entering the host using the selected method; determining if a block percentage has been met on the system, whereby the block percentage is a numerical value corresponding to the number of data packets blocked as compared to the total number of data packets received by the system; and inserting an instruction into the block criteria blocking the data packet meeting the block percentage based on a positive determination that the block percentage has been met. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A computer-implemented method for dynamically protecting a computer network from attacks comprising the steps of:
-
generating a policy for defending the network from attack; sending the generated policy to at least one of a plurality of network sensors; receiving a data packet by at least one network sensor; comparing information in the data packet to the policy to determine if an intrusion event has been detected; processing the data packet by at least one network sensor to determining if the data packet should be blocked from entering the network based on the policy; selecting a method of blocking the data packet based on a positive determination to block the data packet from entering the network; and blocking the packet from entering the network using the selected method. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. A computer-implemented method for updating a protection policy for a computer system comprising the steps of:
-
receiving from a central source a new policy to update protection of the computer system from attacks; parsing the new policy to retrieve at least one new protection program for protecting the computer system against a previously unknown attack; sending the new protection program to at least one of a plurality of sensors for the computer system; and installing the new protection program to operate in addition to each existing protection program.
-
Specification