Abstract: A Network State Database (NSD) can comprise information regarding the network-centric state of one or more computing devices connected to a network. The information contained in the NSD can be passively received by the NSD, or it can be actively obtained by the NSD. Additionally the NSD can comprise either a centralized collection of information, or a distributed collection of information independently maintained and conceptualized as a single entity. The information of the NSD can be used by a Network Risk Management Service (NRMS) to appropriately respond and protect the network. The NRMS can provide relevant information from the NSD to subscribers, which can independently act to protect the network. The NRMS can likewise itself instruct computing devices regarding an appropriate action, or it can itself instruct the performance of such action.

Abstract: Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.

Abstract: A method and system for dynamically protecting against exploitation of a vulnerability is provided. The dynamic protection system identifies the security level of an instance of an application that is to execute on a computer system. If the security level of the instance of the application is not appropriate, the dynamic protection system places a limitation on the execution of the instance of that application.

Abstract: A Network State Database (NSD) can comprise information regarding the network-centric state of one or more computing devices connected to a network. The information contained in the NSD can be passively received by the NSD, or it can be actively obtained by the NSD. Additionally the NSD can comprise either a centralized collection of information, or a distributed collection of information independently maintained and conceptualized as a single entity. The information of the NSD can be used by a Network Risk Management Service (NRMS) to appropriately respond and protect the network. The NRMS can provide relevant information from the NSD to subscribers, which can independently act to protect the network. The NRMS can likewise itself instruct computing devices regarding an appropriate action, or it can itself instruct the performance of such action.

Abstract: A new network load balancing/firewall node for use in a system including multiple network load balancing/firewall nodes is disclosed. The network load balancing/firewall applies bi-directional load balancing affinity with regard to requests from external clients and corresponding responses from internal network servers. An external network load balancing adapter executes a load-balancing algorithm to determine whether a received client request is accepted by the network load balancing/firewall node. A firewall utility processes the received client request and maintains state information associated with the received client request. An internal network load balancing adapter ensures that the same network load balancing/firewall node accepts a response from an internal network server corresponding to the received client request.

Abstract: Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.

Abstract: A facility is described for providing a firewall for dynamically activated resources. In various embodiments, the facility registers a component for processing a message. The registration includes storing a unique identifier associated with the component. When the facility receives a message, it determines whether the message contains a unique identifier and, if so, identifies a component for processing the message based on the identifier and forwards the message to the identified component.

Abstract: In accordance with the present invention, a system, method, and computer-readable medium for sharing information between computers, computing devices, and computing systems in a networking environment to determine whether a network is under attack by malware is provided. In instances when the network is under attack, one or more restrictive security policies that protect computers and/or resources available from the network are implemented.

Abstract: In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware. More specifically, the method comprises: using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.

Abstract: Languages for expressing security policies are provided. The languages comprise rules that specify conditions and actions. The rules may be enforced by a security engine when a security enforcement event occurs. The languages support data separation, dynamic evaluation, and ordered rule scope. By separating data from logic, security engines may only need to be updated with a portion of rules that change. With dynamic evaluation, expressions of rules may be evaluated dynamically, such as by querying a database, when a security engine enforces a rule. With ordered rule scope, when a security enforcement event implicates a number of rules simultaneously, the rules may be enforced in a deterministic and logically organized manner.

Abstract: A method and system for dynamically protecting against exploitation of a vulnerability is provided. The dynamic protection system identifies the security level of an instance of an application that is to execute on a computer system. If the security level of the instance of the application is not appropriate, the dynamic protection system places a limitation on the execution of the instance of that application.

Abstract: A new network load balancing/firewall node for use in a system including multiple network load balancing/firewall nodes is disclosed. The network load balancing/firewall applies bi-directional load balancing affinity with regard to requests from external clients and corresponding responses from internal network servers. An external network load balancing adapter executes a load-balancing algorithm to determine whether a received client request is accepted by the network load balancing/firewall node. A firewall utility processes the received client request and maintains state information associated with the received client request. An internal network load balancing adapter ensures that the same network load balancing/firewall node accepts a response from an internal network server corresponding to the received client request.