主权项 |
1. A computer security system comprising:
a plurality of host computers operating on at least one network, each host computer executing a respective endpoint agent configured to gate network connections; and at least one server computer operating on one or more of the at least one network, the at least one server computer executing a controller in network communication with each of the endpoint agents, wherein each endpoint agent is configured to, for a respective network connection:
obtain metadata for the network connection,send a connection escalation request containing the obtained metadata to the controller,hold the network connection, preventing the passage of data, pending a response from the controller,receive a response from the controller including an action for handling the network connection, andhandle the network connection in accordance with the action, and wherein the controller is configured to:
maintain a plurality of rules that specify actions for handling network connections based on obtained metadata,receive connection escalation requests from the endpoint agents,match metadata received in the connection escalation requests with rules from the plurality of rules, andreply to the connection escalation requests with responses including actions for handling network connections based on the matched rules. |