| 发明名称 | Policy-based selection of remediation | ||
| 摘要 | Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, information regarding a program-code-based operational state of a host asset is collected by a light weight sensor (LWS) running on the host asset via a survey tool. The information is transmitted by the LWS to a remote server via an external network. Multiple security policies are enforced by the remote server with respect to the host asset based on the received information including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies, by evaluating, the received information with respect to the security policies, each of which define at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack. | ||
| 申请公布号 | US9602550(B2) | 申请公布日期 | 2017.03.21 |
| 申请号 | US201615156004 | 申请日期 | 2016.05.16 |
| 申请人 | Fortinet, Inc. | 发明人 | Bezilla Daniel B.;Immordino John L.;Ogura James Le |
| 分类号 | H04L29/06;G06F9/44;G06F11/00;G06F21/55;G06F21/57;H04L12/26 | 主分类号 | H04L29/06 |
| 代理机构 | Hamilton, DeSanctis & Cha LLP | 代理人 | Hamilton, DeSanctis & Cha LLP |
| 主权项 | 1. A method comprising: collecting, by a light weigh sensor (LWS) running on a host asset of a plurality of monitored, networked host assets of an enterprise network, survey data, which collectively characterize a program-code-based operational state of the host asset, from a survey tool installed on the host asset; transmitting, by the LWS, the survey data to a remote server that is in a client-server relationship with the LWS via an external network coupling the enterprise network and the remote server in communication; and enforcing, by the remote server, a plurality of security policies with respect to the host asset based on the survey data including determining whether the program-code-based operational state of the host asset represents a violation of one or more security policies of the plurality of security policies, by evaluating, the survey data with reference to the plurality of security policies, wherein each security policy of the plurality of security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the host asset or manipulation of the host asset making the host asset vulnerable to attack. | ||
| 地址 | Sunnyvale CA US | ||