JP2011527856A - 自動的に分散されるネットワーク保護 - Google Patents
自動的に分散されるネットワーク保護 Download PDFInfo
- Publication number
- JP2011527856A JP2011527856A JP2011517473A JP2011517473A JP2011527856A JP 2011527856 A JP2011527856 A JP 2011527856A JP 2011517473 A JP2011517473 A JP 2011517473A JP 2011517473 A JP2011517473 A JP 2011517473A JP 2011527856 A JP2011527856 A JP 2011527856A
- Authority
- JP
- Japan
- Prior art keywords
- client
- security
- gateway
- network
- compliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0637—Strategic management or analysis, e.g. setting a goal or target of an organisation; Planning actions based on goals; Analysis or evaluation of effectiveness of goals
- G06Q10/06375—Prediction of business process outcome or impact based on a proposed change
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/04—Billing or invoicing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1475—Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored
Abstract
Description
Claims (15)
- 自動的に分散されるネットワーク保護をクライアント(121)に提供するための、ネットワークセキュリティゲートウェイ(126)において実行する方法であって、
前記クライアントのセキュリティ機能、および前記クライアントのヘルスまたはガバナンスに関する1つもしくは複数のポリシーに対する前記クライアントの準拠状態の列挙を受信するステップ(205)と、
前記クライアントにおけるセキュリティ機能準拠の前記列挙に応じて、前記ネットワークセキュリティゲートウェイと前記クライアントとの間のセキュリティ関連処理の割り当てを調節するステップ(212)と、
前記クライアントのためにセキュリティ関連プロセスを実行するとき、前記ネットワークセキュリティゲートウェイが消費するリソースのレベルのログを取るステップ(225)と
を含むことを特徴とする方法。 - 前記ログを取ったリソースのレベルを使用して、前記クライアントに適用される課金情報を生成するさらなるステップを含むことを特徴とする請求項1に記載の方法。
- 前記クライアントは、企業ネットワーク内のコンピューティングデバイスであり、前記コンピューティングデバイスはPC、ワークステーション、またはサーバーのうちの1つであることを特徴とする請求項1に記載の方法。
- 前記ネットワークセキュリティゲートウェイは、コンテンツ検査、ウイルス対策スキャニング、マルウェアブロッキング、情報漏洩防止、ファイアウォールサービス、またはセキュリティポリシーの実行のうちの少なくとも1つを行うように構成されることを特徴とする請求項1に記載の方法。
- 前記割り当てるステップは、セキュリティ関連プロセスを、前記ネットワークセキュリティゲートウェイから前記クライアントにオフロードするステップを含むことを特徴とする請求項1に記載の方法。
- 前記クライアントの準拠状態を、周期的に再チェックするさらなるステップを含むことを特徴とする請求項1に記載の方法。
- 前記クライアントが非準拠になるとき、前記オフロードするステップを終了するさらなるステップを含むことを特徴とする請求項5に記載の方法。
- セキュリティ機能および準拠状態の前記列挙は、NAPインターフェイス、ネットワークチャネル、またはESASセキュリティアセスメントのうちの1つを介して受信されることを特徴とする請求項1に記載の方法。
- AAAサービスを実行するさらなるステップを含むことを特徴とする請求項1に記載の方法。
- 1つまたは複数のさらなるゲートウェイへの、前記セキュリティ関連処理の負荷分散を実行するさらなるステップを含むことを特徴とする請求項1に記載の方法。
- クラウドサービスをサポートするように構成されるネットワークセキュリティゲートウェイによって実行されることを特徴とする請求項1に記載の方法。
- 前記クライアントのために前記ゲートウェイにおいて実行されるセキュリティ関連処理に伴うリソースの消費に対して、ペナルティを課すさらなるステップを含むことを特徴とする請求項1に記載の方法。
- 前記クライアントにおけるより高いレベルのセキュリティ関連処理を刺激するよう、前記ペナルティは金銭的であることを特徴とする請求項12に記載の方法。
- 前記クライアントは、ダウンストリームゲートウェイを含むことを特徴とする請求項1に記載の方法。
- 前記セキュリティ関連処理は、コンテンツ検査、ウイルス対策スキャニング、マルウェアブロッキング、情報漏洩防止、ファイアウォールサービス、またはセキュリティポリシーの実行のうちの少なくとも1つを含むことを特徴とする請求項1に記載の方法。
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US7892808P | 2008-07-08 | 2008-07-08 | |
US61/078,928 | 2008-07-08 | ||
US12/277,089 | 2008-11-24 | ||
US12/277,089 US20100011432A1 (en) | 2008-07-08 | 2008-11-24 | Automatically distributed network protection |
PCT/US2009/048898 WO2010005814A2 (en) | 2008-07-08 | 2009-06-26 | Automatically distributed network protection |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2011527856A true JP2011527856A (ja) | 2011-11-04 |
JP5492200B2 JP5492200B2 (ja) | 2014-05-14 |
Family
ID=41506280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2011517473A Expired - Fee Related JP5492200B2 (ja) | 2008-07-08 | 2009-06-26 | 自動的に分散されるネットワーク保護 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20100011432A1 (ja) |
EP (1) | EP2297899A4 (ja) |
JP (1) | JP5492200B2 (ja) |
CN (1) | CN102090019B (ja) |
WO (1) | WO2010005814A2 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016506115A (ja) * | 2012-11-27 | 2016-02-25 | シマンテック コーポレーションSymantec Corporation | ネットワークデータパケットに対する冗長セキュリティ分析を排除するためのシステム及び方法 |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8341720B2 (en) * | 2009-01-09 | 2012-12-25 | Microsoft Corporation | Information protection applied by an intermediary device |
US8977750B2 (en) * | 2009-02-24 | 2015-03-10 | Red Hat, Inc. | Extending security platforms to cloud-based networks |
US8510838B1 (en) * | 2009-04-08 | 2013-08-13 | Trend Micro, Inc. | Malware protection using file input/output virtualization |
US9479357B1 (en) * | 2010-03-05 | 2016-10-25 | Symantec Corporation | Detecting malware on mobile devices based on mobile behavior analysis |
US9552478B2 (en) * | 2010-05-18 | 2017-01-24 | AO Kaspersky Lab | Team security for portable information devices |
US8806638B1 (en) * | 2010-12-10 | 2014-08-12 | Symantec Corporation | Systems and methods for protecting networks from infected computing devices |
US8713674B1 (en) * | 2010-12-17 | 2014-04-29 | Zscaler, Inc. | Systems and methods for excluding undesirable network transactions |
RU2453917C1 (ru) * | 2010-12-30 | 2012-06-20 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ для оптимизации выполнения антивирусных задач в локальной сети |
US8782750B2 (en) * | 2011-04-25 | 2014-07-15 | Next Level Security Systems, Inc. | Collaborative gateway |
US8621630B2 (en) | 2011-06-17 | 2013-12-31 | Microsoft Corporation | System, method and device for cloud-based content inspection for mobile devices |
TWI561535B (en) | 2011-10-06 | 2016-12-11 | Bvw Holding Ag | Copolymers of hydrophobic and hydrophilic segments that reduce protein adsorption |
US8813173B2 (en) * | 2011-12-22 | 2014-08-19 | Next Level Security Systems, Inc. | Mobile communication device surveillance system |
US9548962B2 (en) * | 2012-05-11 | 2017-01-17 | Alcatel Lucent | Apparatus and method for providing a fluid security layer |
US20130329047A1 (en) * | 2012-06-06 | 2013-12-12 | Next Level Security Systems, Inc. | Escort security surveillance system |
CN102752290B (zh) * | 2012-06-13 | 2016-06-01 | 深圳市腾讯计算机系统有限公司 | 一种云安全系统中的未知文件安全信息确定方法和装置 |
US8925076B2 (en) | 2012-12-11 | 2014-12-30 | Kaspersky Lab Zao | Application-specific re-adjustment of computer security settings |
US20140254878A1 (en) * | 2013-03-08 | 2014-09-11 | Next Level Security Systems, Inc. | System and method for scanning vehicle license plates |
US20140254877A1 (en) * | 2013-03-08 | 2014-09-11 | Next Level Security Systems, Inc. | System and method for identifying a vehicle license plate |
US20140254866A1 (en) * | 2013-03-08 | 2014-09-11 | Next Level Security Systems, Inc. | Predictive analysis using vehicle license plate recognition |
CN104283844A (zh) * | 2013-07-03 | 2015-01-14 | 北京宝利明威软件技术有限公司 | 一种分布式云安全系统及控制方法 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004185622A (ja) * | 2002-12-04 | 2004-07-02 | Docomo Communications Laboratories Usa Inc | 動的ファイアウォールシステム |
JP2005250761A (ja) * | 2004-03-03 | 2005-09-15 | Ntt Data Corp | アクセス制御システム |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5968176A (en) * | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
CA2228687A1 (en) * | 1998-02-04 | 1999-08-04 | Brett Howard | Secured virtual private networks |
US6728886B1 (en) * | 1999-12-01 | 2004-04-27 | Trend Micro Incorporated | Distributed virus scanning arrangements and methods therefor |
WO2002056139A2 (en) * | 2000-10-26 | 2002-07-18 | Digimarc Corporation | Method and system for internet access |
US7480713B2 (en) * | 2000-12-15 | 2009-01-20 | International Business Machines Corporation | Method and system for network management with redundant monitoring and categorization of endpoints |
US7640434B2 (en) * | 2001-05-31 | 2009-12-29 | Trend Micro, Inc. | Identification of undesirable content in responses sent in reply to a user request for content |
US6981280B2 (en) * | 2001-06-29 | 2005-12-27 | Mcafee, Inc. | Intelligent network scanning system and method |
US7415723B2 (en) * | 2002-06-11 | 2008-08-19 | Pandya Ashish A | Distributed network security system and a hardware processor therefor |
US7380002B2 (en) * | 2002-06-28 | 2008-05-27 | Microsoft Corporation | Bi-directional affinity within a load-balancing multi-node network interface |
US20040073716A1 (en) * | 2002-10-14 | 2004-04-15 | Boom Douglas D. | System, device and method for media data offload processing |
US20060182083A1 (en) * | 2002-10-17 | 2006-08-17 | Junya Nakata | Secured virtual private network with mobile nodes |
CN100433899C (zh) * | 2004-12-28 | 2008-11-12 | 华为技术有限公司 | 一种保证移动通信系统数据业务安全的方法及系统 |
US7844700B2 (en) * | 2005-03-31 | 2010-11-30 | Microsoft Corporation | Latency free scanning of malware at a network transit point |
US7636938B2 (en) | 2005-06-30 | 2009-12-22 | Microsoft Corporation | Controlling network access |
US7627893B2 (en) * | 2005-10-20 | 2009-12-01 | International Business Machines Corporation | Method and system for dynamic adjustment of computer security based on network activity of users |
US7437755B2 (en) * | 2005-10-26 | 2008-10-14 | Cisco Technology, Inc. | Unified network and physical premises access control server |
US7805752B2 (en) * | 2005-11-09 | 2010-09-28 | Symantec Corporation | Dynamic endpoint compliance policy configuration |
US8381297B2 (en) * | 2005-12-13 | 2013-02-19 | Yoggie Security Systems Ltd. | System and method for providing network security to mobile devices |
US7735116B1 (en) * | 2006-03-24 | 2010-06-08 | Symantec Corporation | System and method for unified threat management with a relational rules methodology |
US8935416B2 (en) * | 2006-04-21 | 2015-01-13 | Fortinet, Inc. | Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer |
US20080022401A1 (en) * | 2006-07-21 | 2008-01-24 | Sensory Networks Inc. | Apparatus and Method for Multicore Network Security Processing |
CN101193432B (zh) * | 2006-11-21 | 2011-01-05 | 中兴通讯股份有限公司 | 实现移动增值安全业务的方法和系统 |
US8959568B2 (en) * | 2007-03-14 | 2015-02-17 | Microsoft Corporation | Enterprise security assessment sharing |
-
2008
- 2008-11-24 US US12/277,089 patent/US20100011432A1/en not_active Abandoned
-
2009
- 2009-06-26 CN CN200980127126.2A patent/CN102090019B/zh not_active Expired - Fee Related
- 2009-06-26 JP JP2011517473A patent/JP5492200B2/ja not_active Expired - Fee Related
- 2009-06-26 WO PCT/US2009/048898 patent/WO2010005814A2/en active Application Filing
- 2009-06-26 EP EP09794973.9A patent/EP2297899A4/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004185622A (ja) * | 2002-12-04 | 2004-07-02 | Docomo Communications Laboratories Usa Inc | 動的ファイアウォールシステム |
JP2005250761A (ja) * | 2004-03-03 | 2005-09-15 | Ntt Data Corp | アクセス制御システム |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016506115A (ja) * | 2012-11-27 | 2016-02-25 | シマンテック コーポレーションSymantec Corporation | ネットワークデータパケットに対する冗長セキュリティ分析を排除するためのシステム及び方法 |
Also Published As
Publication number | Publication date |
---|---|
EP2297899A2 (en) | 2011-03-23 |
EP2297899A4 (en) | 2014-08-06 |
US20100011432A1 (en) | 2010-01-14 |
CN102090019A (zh) | 2011-06-08 |
WO2010005814A3 (en) | 2010-04-01 |
JP5492200B2 (ja) | 2014-05-14 |
WO2010005814A2 (en) | 2010-01-14 |
CN102090019B (zh) | 2014-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5492200B2 (ja) | 自動的に分散されるネットワーク保護 | |
US11388200B2 (en) | Scalable network security detection and prevention platform | |
US8910268B2 (en) | Enterprise security assessment sharing for consumers using globally distributed infrastructure | |
USRE47924E1 (en) | Caching network generated security certificates | |
Salah et al. | Using cloud computing to implement a security overlay network | |
US10616266B1 (en) | Distributed malware detection system and submission workflow thereof | |
US8713665B2 (en) | Systems, methods, and media for firewall control via remote system information | |
US11888871B2 (en) | Man-in-the-middle (MITM) checkpoint in a cloud database service environment | |
US8484726B1 (en) | Key security indicators | |
EP2415207B1 (en) | System and method for access management and security protection for network accessible computer services | |
US10601863B1 (en) | System and method for managing sensor enrollment | |
US8272041B2 (en) | Firewall control via process interrogation | |
Raza et al. | Cloud and fog computing: A survey to the concept and challenges | |
US20210377222A1 (en) | ZTNA approach to secure sensitive mobile applications and prevent attacks | |
Fellah et al. | Mobile cloud computing: Architecture, advantages and security issues | |
US11736528B2 (en) | Low latency cloud-assisted network security with local cache | |
WO2012163587A1 (en) | Distributed access control across the network firewalls | |
CN115550171A (zh) | 一种基于软件定义的api网关的实现方法 | |
Zheng et al. | Terminal Virtualization for Mobile Services | |
Javaid | Member Vendor Advisory Council CompTIA |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20120314 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20130626 |
|
RD03 | Notification of appointment of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7423 Effective date: 20130701 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20130702 |
|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20131001 |
|
RD04 | Notification of resignation of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7424 Effective date: 20131009 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20140130 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20140228 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5492200 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |