System, method, and computer program for preventing infections from spreading in a network environment using dynamic application of a firewall policy

摘要

A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.

主权项

1. A method, comprising:
detecting, at a first node having a security-as-a-service (SaaS) agent, a threat originating from a source node having a source address in a network, wherein the network includes at least the first node and a plurality of nodes each having a respective SaaS agent; applying a local firewall policy on the first node to block incoming connections associated with the source address; broadcasting, from the first node, an alert to the respective SaaS agents of the plurality of nodes in the network, wherein the broadcast alert comprises the source address of the source node from which the threat originated, wherein broadcasting the alert comprises broadcasting the local firewall policy; identifying, by the first node, a presence of an SaaS firewall module of the source node; and responsive to identifying the presence of the SaaS firewall module on the source node, communicating to the source node to apply a remote firewall policy to block outgoing connections from the source node to the plurality of nodes in the network.