Herd based scan avoidance system in a network environment
First Claim
1. A method comprising:
- generating a signature for an object in a compute node in a herd of compute nodes in a network;
searching a herd cache in a memory element for the signature, wherein the herd cache is replicated across the herd of compute nodes;
responsive to determining the herd cache in the memory element does not contain the signature, scanning the object with a scan module to obtain a scan result;
updating the herd cache in the memory element with the scan result including the signature of the object and a threat level of the object; and
synchronizing the updated herd cache in the memory element of the compute node with the herd caches of one or more other compute nodes in the herd, wherein the synchronizing includes sending the scan result to the one or more other compute nodes and receiving, from at least one other compute node in the herd, one or more scan results for one or more objects to be stored in the updated herd cache of the compute node.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one example embodiment includes generating a signature for an object in a compute node in a network, searching a memory element for the signature, and responsive to determining the memory element does not contain the signature, scanning the object. The method also includes updating the memory element with a scan result, and synchronizing the memory element of the compute node with one or more memory elements of one or more other compute nodes in the network. In specific embodiments, the scan result includes the signature of the object and a threat level of the object. In further embodiments, the synchronizing includes sending the scan result to one or more other compute nodes in the network. In more specific embodiments, the scan result is sent with one or more other scan results after a predetermined interval of time from a previous synchronization.
362 Citations
25 Claims
-
1. A method comprising:
-
generating a signature for an object in a compute node in a herd of compute nodes in a network; searching a herd cache in a memory element for the signature, wherein the herd cache is replicated across the herd of compute nodes; responsive to determining the herd cache in the memory element does not contain the signature, scanning the object with a scan module to obtain a scan result; updating the herd cache in the memory element with the scan result including the signature of the object and a threat level of the object; and synchronizing the updated herd cache in the memory element of the compute node with the herd caches of one or more other compute nodes in the herd, wherein the synchronizing includes sending the scan result to the one or more other compute nodes and receiving, from at least one other compute node in the herd, one or more scan results for one or more objects to be stored in the updated herd cache of the compute node. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. At least one non-transitory machine readable storage medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
-
generate a signature for an object in a compute node in a herd of compute nodes in a network; search a herd cache in a memory element for the signature, wherein the herd cache is replicated across the herd of compute nodes; responsive to determining the herd cache in the memory element does not contain the signature, scan the object with a scan module to obtain a scan result; update the herd cache in the memory element with the scan result including the signature of the object and a threat level of the object; and synchronize the updated herd cache in the memory element of the compute node with the herd caches of one or more other compute nodes in the herd, wherein the synchronizing includes sending the scan result to the one or more other compute nodes and receiving, from at least one other compute node in the herd, one or more scan results for one or more objects to be stored in the updated herd cache of the compute node. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus, comprising:
-
a processor; a scan module executing on the processor, the scan module configured to; generate a signature for an object in a compute node in a herd of compute nodes in a network; search a herd cache in a memory element for the signature, wherein the herd cache is replicated across the herd of compute nodes; responsive to determining the herd cache in the memory element does not contain the signature, scan the object to obtain a scan result; update the herd cache in the memory element with the scan result including the signature of the object and a threat level of the object; and a synchronization module executing on the processor, the synchronization module configured to synchronize the updated herd cache in the memory element of the compute node with the herd caches of one or more other compute nodes in the herd, wherein the synchronizing includes sending the scan result to the one or more other compute nodes and receiving, from at least one other compute node in the herd, one or more scan results for one or more objects to be stored in the updated herd cache of the compute node. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. At least one non-transitory machine readable storage medium having instructions stored thereon, the instructions when executed by a processor cause the processor to:
-
generate a signature for an object received from an external source by a compute node in a herd of compute nodes in a network; search a herd cache in a local memory element of the compute node for the signature; responsive to determining the herd cache in the local memory element does not contain the signature, send a request to a central server for a threat level associated with the signature; responsive to receiving a response indicating that the signature is not found, scan the object with a scan module in the compute node to obtain a scan result; update the herd cache in the local memory element with the scan result including the signature of the object and the threat level of the object; and synchronize the updated herd cache in the memory element of the compute node with a central cache in the central server containing object signatures and corresponding threat levels, wherein the synchronizing includes sending the scan result to the central server. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification