| 发明名称 | Policy-based selection of remediation | ||
| 摘要 | Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies. Each security policy defines a parameter condition violation of which is potentially indicative of unauthorized activity on or manipulation of the second computer system to make it vulnerable to attack. When a result of the determination is affirmative, then a remediation is identified by the first computer system that can be applied to the second computer system to address the violation; and the remediation is deployed to the second computer system. | ||
| 申请公布号 | US9154523(B2) | 申请公布日期 | 2015.10.06 |
| 申请号 | US201514622753 | 申请日期 | 2015.02.13 |
| 申请人 | Fortinet, Inc. | 发明人 | Bezilla Daniel B.;Immordino John L.;Ogura James Le |
| 分类号 | H04L29/06;G06F9/44;G06F11/00;G06F21/55;G06F21/57 | 主分类号 | H04L29/06 |
| 代理机构 | Hamilton, DeSanctis & Cha LLP | 代理人 | Hamilton, DeSanctis & Cha LLP |
| 主权项 | 1. A computer-implemented method comprising: receiving, by a first computer system, information regarding an operational state of a second computer system at a particular time; determining whether the operational state of the second computer system represents a violation of one or more security policies that have been applied to or are active in regard to the second computer system by evaluating, by the first computer system, the received information with respect to the one or more security policies, wherein each security policy of the one or more security policies defines at least one parameter condition violation of which is potentially indicative of unauthorized activity on the second computer system or manipulation of the second computer system to make the second computer system vulnerable to attack; and when a result of the determining is affirmative, then: identifying, by the first computer system, a remediation that can be applied to the second computer system to address the violation; andcausing, by the first computer system, the remediation to be deployed to the second computer system. | ||
| 地址 | Sunnyvale CA US | ||