Globally distributed infrastructure for secure content management
Abstract
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
Claims
exact text as granted — not AI-modified1 . An infrastructure for providing a security protection service to an IT device, comprising:
a plurality of POPs, each POP including a suite of security products, each product in the suite arranged for providing one or more security functionalities, one of the security products comprising a forward proxy server for forwarding traffic from the IT device to resource servers on the Internet; a hub operatively coupled to one or more POPs, the hub providing configuration management for forward proxy servers disposed in the hub, and further providing identity management to authenticate and authorize a user of the IT device for the security protection service; and a management operations center operatively coupled to the hub for implementing centralized management for the infrastructure, the centralized management including monitoring and auditing.
2 . The infrastructure of claim 1 further including at least one of edge firewall, host security gateway product, NIDs security product, NAP security product, SEM product, SIM product, UTM product, operational health monitoring product, configuration management product, anti-virus product, anti-spyware product, anti-malware product, information leakage prevention, or anti-spam product among the security products in the suite.
3 . The infrastructure of claim 2 further including an administrator console functionality in one or more of the POPs.
4 . The infrastructure of claim 3 in which the security products in the suite are operated in response to security policies.
5 . The infrastructure of claim 4 in which the securities policies are disposed in a database located in either a POP or the hub.
6 . The infrastructure of claim 5 in which the user accesses the security protection service using a connection to the Internet.
7 . A method for providing a security protection service for IT devices, the method comprising the steps of:
utilizing an infrastructure that is accessible by users from the Internet, the infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet; authenticating and authorizing users of the IT devices for the security protection service; and securing user interactions to the resource servers using one or more security products located in the POP.
8 . The method of claim 7 including a further step of monitoring clicks performed by the user on web content hosted by the resource servers
9 . The method of claim 8 including a further step of generating a profile of the user based on the monitoring.
10 . The method of claim 8 including a further step of providing content or processes to the user based on the profile.
11 . The method of claim 10 in which the content or processes are personalized to the user.
12 . The method of claim 11 in which the content or processes comprise one of advertising, search results, or web-based experience.
13 . The method of claim 12 in which the search results are cleaned by the security protection service.
14 . The method of claim 13 in which the security protection service is subscription based.
15 . A method for providing a security protection service for IT devices, the method comprising the steps of:
utilizing an infrastructure that is accessible by users from the Internet, the infrastructure including a plurality of POPs, each POP in the plurality including at least a forward proxy server for forwarding traffic from the IT devices to resource servers that are accessible on the Internet; authenticating and authorizing users of the IT devices for the security protection service; redirecting a user to a co-located POP, a POP being co-located when a set of parameters is optimized including network latency compared with non-co-located POPs and localization of a user experience may be implemented; and managing the forward proxy servers in the POPs using an enterprise management subsystem located in a hub that is coupled to one or more POPs
16 . The method of claim 15 in which the securing is performed according to predefined security policies, at least a subset of such security policies being part of security policies pertaining to an enterprise.
17 . The method of claim 15 including a further step of managing the security protection service through one or more centralized management centers, at least one of the centralized management centers being operatively coupled to the hub.
18 . The method of claim 17 including a further step of performing network optimization in a POP, the network optimization including one of caching, HTTP compression, or QoS enforcement.
19 . The method of claim 15 including a further step of redirecting a user to a co-located POP, a POP being co-located when network latency is minimized compared with non-co-located POPs and localization of a user experience may be implemented.
20 . The method of claim 19 in which the localization is performed with at least one of language, time zone, currency, or character set.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.