| 发明名称 | Policy-based selection of remediation | ||
| 摘要 | Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a computer system is periodically sampled. A determination is made regarding whether the program-code-based operational state represents a violation of a security policy by evaluating the information with respect to multiple security policies each of with defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the computer system or manipulation of the computer system to make the computer system vulnerable to attack. When a violation exists then a remediation is identified and deployed to the computer system. The violation is based at least in part on one or more of: whether a particular process is running; the existence, version or status of a particular application; and a version, type or configuration of an operating system installed. | ||
| 申请公布号 | US8914846(B2) | 申请公布日期 | 2014.12.16 |
| 申请号 | US201414280586 | 申请日期 | 2014.05.17 |
| 申请人 | Fortinet, Inc. | 发明人 | Bezilla Daniel B.;Immordino John L.;Ogura James Le |
| 分类号 | H04L29/06;G06F21/55 | 主分类号 | H04L29/06 |
| 代理机构 | Hamilton, DeSanctis & Cha LLP | 代理人 | Hamilton, DeSanctis & Cha LLP |
| 主权项 | 1. A computer-implemented method comprising: periodically sampling, by a first computer system, information regarding a program-code-based operational state of a second computer system; determining whether the program-code-based operational state of the second computer system represents a violation of one or more security policies of a network to which the second computer system is connected by causing to be evaluated, by the first computer system, the information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; when a result of the determining is affirmative, then: causing, by the first computer system, a remediation to be identified that can be applied to the second computer system to address the violation; andcausing, by the first computer system, the identified remediation to be deployed to the second computer system; andwherein the violation is based at least in part on one or more of:whether a particular process is running on the second computer system;existence or non-existence of a particular application on the second computer system;a version of the particular application installed on the second computer system;a status of the particular application with respect to whether a patch associated with the particular application has been installed on the second computer system;a version of an operating system installed on the second computer system;a type of the operating system; anda configuration of the operating system. | ||
| 地址 | Sunnyvale CA US | ||