System, method, and computer program for preventing infections from spreading in a network environment using dynamic application of a firewall policy
First Claim
Patent Images
1. A method, comprising:
- detecting, at a first node having a security-as-a-service (SaaS) agent, a threat originating from a source node having a source address in a network, wherein the network includes at least the first node and a plurality of nodes each having a respective SaaS agent;
applying a local firewall policy on the first node to block incoming connections associated with the source address;
broadcasting, from the first node, an alert to the respective SaaS agents of the plurality of nodes in the network, wherein the broadcast alert comprises the source address of the source node from which the threat originated, wherein broadcasting the alert comprises broadcasting the local firewall policy;
identifying, by the first node, a presence of an SaaS firewall module of the source node; and
responsive to identifying the presence of the SaaS firewall module on the source node, communicating to the source node to apply a remote firewall policy to block outgoing connections from the source node to the plurality of nodes in the network.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.
161 Citations
14 Claims
-
1. A method, comprising:
-
detecting, at a first node having a security-as-a-service (SaaS) agent, a threat originating from a source node having a source address in a network, wherein the network includes at least the first node and a plurality of nodes each having a respective SaaS agent; applying a local firewall policy on the first node to block incoming connections associated with the source address; broadcasting, from the first node, an alert to the respective SaaS agents of the plurality of nodes in the network, wherein the broadcast alert comprises the source address of the source node from which the threat originated, wherein broadcasting the alert comprises broadcasting the local firewall policy; identifying, by the first node, a presence of an SaaS firewall module of the source node; and responsive to identifying the presence of the SaaS firewall module on the source node, communicating to the source node to apply a remote firewall policy to block outgoing connections from the source node to the plurality of nodes in the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Logic encoded in one or more non-transitory media that includes code for execution and when executed by one or more processors is operable to perform operations comprising:
-
detecting, at a first node having a security-as-a-service (SaaS) agent, a threat originating from a source node having a source address in a network, wherein the network includes at least the first node and a plurality of nodes each having a respective SaaS agent; applying a local firewall policy on the first node to block incoming connections associated with the source address; broadcasting, from the first node, an alert to the respective SaaS agents of the plurality of nodes in the network, wherein the broadcast alert comprises the source address of the source node from which the threat originated, wherein broadcasting the alert comprises broadcasting the local firewall policy; identifying, by the first node, a presence of an SaaS firewall module of the source node; and responsive to identifying the presence of the SaaS firewall module on the source node, communicating to the source node to apply a remote firewall policy to block outgoing connections from the source node to the plurality of nodes in the network. - View Dependent Claims (8, 9, 10)
-
-
11. A first node, comprising:
-
an antivirus module; a local firewall module; a dynamic policy module; and one or more processors operable to execute instructions associated with the antivirus module, the local firewall module, and the dynamic policy module such that the first node is configured for; detecting, at a first node having a security-as-a-service (SaaS) agent, a threat originating from a source node having a source address in a network, wherein the network includes at least the first node and a plurality of nodes each having a respective SaaS agent; applying a local firewall policy on the first node to block incoming connections associated with the source address; broadcasting, from the first node, an alert to the respective SaaS agents of the plurality of nodes in the network, wherein the broadcast alert comprises the source address of the source node from which the threat originated, wherein broadcasting the alert comprises broadcasting the local firewall policy; identifying, by the first node, a presence of an SaaS firewall module of the source node; and responsive to identifying the presence of the SaaS firewall module on the source node, communicating to the source node to apply a remote firewall policy to block outgoing connections from the source node to the plurality of nodes in the network. - View Dependent Claims (12, 13, 14)
-
Specification