COMPUTER NETWORK SECURITY SYSTEM

摘要

A computer network security system includes a central controller in communication with software-based endpoint agents operating on individual host computers. The endpoint agents monitor new connection requests to and from their respective hosts, comparing the connections to cached rules obtained from the controller, and holding new connections while escalating requests for applicable rules and/or directives to the controller in real-time when no applicable rules are available in their caches. The endpoint agents can be configured to present a pop-up dialog requesting enhanced authentication credentials from a user on a host in response to a connection request from a restricted network-based application. The pop-up dialog enables enhanced or two-factor authentication functionality to be overlaid on any networked application regardless of the application's inherent authentication capability.

主权项

1. A computer security system comprising:
a plurality of host computers operating on at least one network, each host computer executing a respective endpoint agent configured to gate network connections; and at least one server computer operating on one or more of the at least one network, the at least one server computer executing a controller in network communication with each of the endpoint agents, wherein each endpoint agent is configured to, for a respective network connection:
obtain metadata for the network connection,send a connection escalation request containing the obtained metadata to the controller,hold the network connection, preventing the passage of data, pending a response from the controller,receive a response from the controller including an action for handling the network connection, andhandle the network connection in accordance with the action, and wherein the controller is configured to:
maintain a plurality of rules that specify actions for handling network connections based on obtained metadata,receive connection escalation requests from the endpoint agents,match metadata received in the connection escalation requests with rules from the plurality of rules, andreply to the connection escalation requests with responses including actions for handling network connections based on the matched rules.