Network attacks are growing in numbers and the cost of resulting damages are a concern for enterprises connected to networks. Given the variety of different networks that an enterprise system encounters, it is desirable that protection mechanisms be present at endpoint systems. With increasing complexity of detecting virus signatures, endpoint systems should perform deeper packet inspection that may include maintaining state information and take actions autonomously based on pre-configured policies.
Software tools, such as personal firewalls that run within the host operating system (OS) environment, are the traditional solutions for endpoint network security. However, given the un-trusted OS environments where they run, software tools are prone to tampering and circumvention making it hard to enforce solutions for enterprise network managers. Future solutions should comprehend intelligent policies and mechanisms that not only detect network attacks and problems, but also take needed actions autonomously by the endpoints to protect or recover from those attacks.
Prior art systems for packet inspection may be implemented in software, such as personal firewalls, running in the host operating environment. Such an implementation takes away compute cycles from application processing, thus degrading performance of the host operating environment. Software solutions are subject to security issues such as attacks by malicious viruses, accidental disabling, and the like. Software solutions are affected by changes introduced with different versions and flavors of the OS, which may be changed by the user who is in control of the physical machine and its software configuration.