CPC H04L 63/1416 (2013.01) [H04L 63/0227 (2013.01); H04L 63/0236 (2013.01); H04L 63/1425 (2013.01); H04L 63/145 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A method comprising:
receiving, at a gateway, a heartbeat from an endpoint, wherein
the gateway is interposed between an enterprise network and an external network,
the heartbeat is addressed to the gateway,
the heartbeat encodes a security health status of the endpoint evaluated by a local security agent executing on the endpoint, and
the security health status of the heartbeat indicates an uncompromised security health status when no compromise of the endpoint is detected by the local security agent;
detecting a change in the security health status included in the heartbeat at the gateway;
following detecting the change of the security health status included in the heartbeat received at the gateway, receiving, at the gateway, network traffic other than the heartbeat from the endpoint; and
responding to the change in the security health status included in the heartbeat, combination with the network traffic received following the change, by initiating a remediation of the enterprise network, wherein the remediation includes a quarantine of the endpoint.
|