This specification relates to security provisioning.
The prevalence and accessibility of computer networks requires security measures to protect valuable information. An enterprise, for example, can implement such security measures by use of a layered security system. Such a layered security system can be implemented at the network edge of the enterprise, e.g., firewalls, gateway security agents, etc. Additionally, a layered security system can also include security processes and agents that are implemented throughout the enterprises, e.g., virus scanning software on each computer device within the enterprise, content filtering software, content monitoring software, on the enterprise gateway, etc.
Many layered security systems also cannot readily maintain a central data store of threat data that classifies content items such as files, URLs, e-mails according to security classifications (e.g. virus, malware, spam mail, etc.). Such layered security systems also do not implement a distribution infrastructure to communicate and share content intelligence. This results in repeated processing of both good and bad content. For example, information related to a virus outbreak detected in an enterprise location can not be readily propagated to a central office or other branches of the enterprise; uniform resource locators (URLs) found to include malicious software (“malware”) or objectionable content can not be readily propagated to a central office or other branches of the enterprises, etc.
If a security system is provided beyond a network edge, the implementation of a central data store at an authority node and the distribution of threat data to and from processing nodes can improve system performance. One approach is to distribute security messages, e.g., requests for threat data, guard table data, update notifications, etc., to and from a centralized data store or to or from a distributed authority data store. However, depending on the particular circumstances at a processing node or an authority node, awaiting requests and/or sending responses to such requests may not realize a performance increase. Furthermore, in some situations, awaiting requests and/or sending responses to such requests may actually degrade overall system performance.