Automated deployment of protection agents to devices connected to a distributed computer network

摘要

Network traffic is monitored to detect attempted inter-network communications, including attempts by devices internal to the network to communicate with resources external to the network and attempts by devices external to the network to establish VPN sessions with resources internal to the network. Upon detecting an attempted inter-network communication, the device responsible for initiating such communication is identified. Then, it is determined whether the identified device is running a valid protection agent. If so, the attempted inter-network communication is permitted. If not, the attempted inter-network communication is blocked in compliance with a network security policy and the identified device is prompted to download and install a protection agent from a designated storage location, or to activate a previously installed protection device. The prompt may include a hyperlink for initiating download of the protection agent.

主权项

1. A method for intrusion prevention, the method comprising the steps of:
an intrusion prevention device, comprising a computer, receiving from a client computing device at multiple successive times, re-registration information for a program agent installed on the client computing device to detect malicious intrusion, the re-registration information notifying the intrusion prevention device that the program agent is still installed on the client computing device; subsequently, the intrusion prevention device detecting a request sent by the client computing device addressed to a remote web server for a web page, and in response, the intrusion prevention device determining, whether the client computing device has re-registered the program agent within a predetermined time interval from a time of the request; and if so, the intrusion prevention device propagating the request to the web server, and if not, the intrusion prevention device: blocking the request so it cannot be sent to the web server, and if the program agent is not installed on the client computing device, and delivering the program agent to detect malicious intrusions to the client computing device for installation at the client computing device without a request by the client computing device to receive the program agent.