Private computer networks are often interconnected to other networks, such as the Internet, and are therefore susceptible to intrusion. For this reason, many private networks are protected by some type of intrusion prevention system. An intrusion prevention system can be generally described as hardware and/or software for exercising access control to protect computers and other network resources from exploitation. There are several different types of intrusion prevention systems, including network intrusion prevention systems (“network IPS”) and host-based intrusion prevention systems (“host-based IPS”).
Network IPS are typically hardware and software platforms designed to analyze, detect and report on security related events. Network IPS inspect traffic and, based on their configuration or security policy, can drop malicious traffic. Network IPS are designed sit inline with network traffic flows and prevent attacks in real-time. In addition, most network IPS have the ability to decode certain communication protocols like HTTP, FTP, and SMTP, which provides greater awareness. Some network IPS, such as the Proventia® Network Multi-Function Security (also referred to as “Proventia® M”) by Internet Security Systems, Inc. of Atlanta Ga. (“ISS”), perform multiple network security functions, including firewall, VPN, anti-virus, Web filtering and anti-spam protection.
Host-based IPS run on a host, such as a client, workstation, server or other device, where packets have been decrypted and file-access and registry-access can be monitored granularly and accurately. As an example, Proventia® Desktop Endpoint Security by ISS is a host-based IPS that is designed to preemptively protect desktop workstations against viruses, worms and improper activity, while keeping operations running and enforcing system compliance. As another example, Proventia® Server Intrusion Prevention System by ISS is a host-based IPS that is designed to proactively stop threats which could compromise valuable and critical applications and assets residing on a network server. Host-based IPS are sometimes referred to as “desktop agents” or “protection agents” because they may be deployed to various network devices and controlled from a centralized management console. In some cases, a network-IPS may also function as a management console for protection agents deployed to devices within the same network.
Devices connected to a private network may be internal to the network (i.e., behind the network firewall) or external to the network (i.e., beyond the network firewall, but in communication with an internal network resource by way of a virtual private network session, etc.) In an optimal scenario, a protection agent will be deployed to each device connected to a private network. In this way, each device connected to the private network will be individually protected against unauthorized network communications, such as intrusions and virus infections. However, the configuration of a distributed computer network can change rapidly over time as servers, workstations, clients and other devices and resources are added, replaced, relocated and repurposed. Therefore, ensuring that protection agents are deployed to all relevant network devices can be cumbersome and time-consuming for a network administrator. Accordingly, there is a need in the art for an efficient and automated method for deploying protection agents to devices connected to a distributed computer network.