Network security monitoring system employing bi-directional communication
    1.
    发明授权
    Network security monitoring system employing bi-directional communication 有权
    网络安全监控系统采用双向通信

    公开(公告)号:US07650638B1

    公开(公告)日:2010-01-19

    申请号:US10308417

    申请日:2002-12-02

    IPC分类号: G06F11/00 H04L9/32

    摘要: The present invention provides for the receipt of a heartbeat message transmitted from a software agent within a host machine to a server-based agent manager. The server-based agent manager analyzes the heartbeat message to determine the identity of the sending software agent. The server-based agent manager then determines what information is to be included in a response message to the software agent. The server-based agent manager prepares the response message to be sent to the software agent. The server-based agent manager transmits the response message to the software agent over a bi-directional communication link between the software agent and the server-based agent manager. The software agent receives the response message; deserializes the response message; reviews the instructions within the response message; and performs operations necessary to carry out the instructions delivered in the response message.

    摘要翻译: 本发明提供从主机中的软件代理发送到基于服务器的代理管理器的心跳消息的接收。 基于服务器的代理管理器分析心跳消息以确定发送软件代理的身份。 然后,基于服务器的代理管理器确定要在软件代理的响应消息中包括哪些信息。 基于服务器的代理管理器准备要发送给软件代理的响应消息。 基于服务器的代理管理器通过软件代理和基于服务器的代理管理器之间的双向通信链路将响应消息发送到软件代理。 软件代理收到响应消息; 反序列化响应消息; 回顾响应消息中的指示; 并执行必要的操作来执行在响应消息中传送的指令。

    Hierarchical architecture in a network security system
    2.
    发明授权
    Hierarchical architecture in a network security system 有权
    网络安全系统中的层次结构

    公开(公告)号:US09027120B1

    公开(公告)日:2015-05-05

    申请号:US10683191

    申请日:2003-10-10

    IPC分类号: G06F12/14 G06F21/60

    摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect base security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the base security events. Each subsystem can also include a filter coupled to the manager module to select which base security events are to be processed further. The selected base security events are passed to a global manager module coupled to the plurality of subsystems that generates global correlated events by correlating the base security events selected for further processing by each filter of each subsystem.

    摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括配置成从监视器设备收集基本安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过 关联基础安全事件。 每个子系统还可以包括耦合到管理器模块的过滤器,以选择要进一步处理哪些基本安全事件。 所选择的基本安全事件被传递到耦合到多个子系统的全局管理器模块,其通过将每个子系统的每个过滤器选择用于进一步处理的基本安全事件相关联来生成全局相关事件。

    META-EVENT GENERATION BASED ON TIME ATTRIBUTES
    3.
    发明申请
    META-EVENT GENERATION BASED ON TIME ATTRIBUTES 审中-公开
    基于时间特征的元生成

    公开(公告)号:US20120260306A1

    公开(公告)日:2012-10-11

    申请号:US13443682

    申请日:2012-04-10

    IPC分类号: G06F21/00

    CPC分类号: G06F21/554 G06Q10/06

    摘要: First stage meta-events are generated based on analyzing time attributes of base events received from a network component. Second stage meta-events are generated based on a number of the first stage meta-events that have a time attribute falling within a time period. An amount of time that has passed since a most-recent second stage meta-event was generated is determined, and if a threshold time period does not exceed the amount of time that has passed since the most-recent second stage meta-event was detected, a third stage meta-event is determined.

    摘要翻译: 基于从网络组件接收的基本事件的时间属性分析,生成第一阶段元事件。 基于具有落在时间段内的时间属性的第一级元事件的数量来生成第二级元事件。 确定从最近的第二阶段元事件生成以来已经过去的时间量,并且如果阈值时间段不超过从检测到最近的第二阶段元事件以来已经过去的时间量 ,确定第三阶段元事件。

    Correlation engine with support for time-based rules
    4.
    发明授权
    Correlation engine with support for time-based rules 有权
    相关引擎,支持基于时间的规则

    公开(公告)号:US08176527B1

    公开(公告)日:2012-05-08

    申请号:US10308767

    申请日:2002-12-02

    IPC分类号: G06F7/04

    CPC分类号: G06F21/554 G06Q10/06

    摘要: A rules engine with support for time-based rules is disclosed. A method performed by the rules engine, comprises receiving security events generated by a number of network devices. The security events are aggregated. One or more time-based rules are provided to a RETE engine. The aggregated security events are provided to the RETE engine at specific times associated with the time-based rules. The security events are cross-correlated with the one or more time-based rules; and one or more first stage meta-events are reported.

    摘要翻译: 公布了支持基于时间的规则的规则引擎。 由规则引擎执行的方法包括接收由多个网络设备产生的安全事件。 安全事件被聚合。 一个或多个基于时间的规则提供给RETE引擎。 聚合的安全事件在与时间规则相关联的特定时间提供给RETE引擎。 安全事件与一个或多个基于时间的规则相互关联; 并报告一个或多个第一阶段元事件。

    Real time monitoring and analysis of events from multiple network security devices
    5.
    发明授权
    Real time monitoring and analysis of events from multiple network security devices 有权
    实时监控和分析来自多个网络安全设备的事件

    公开(公告)号:US07376969B1

    公开(公告)日:2008-05-20

    申请号:US10308415

    申请日:2002-12-02

    IPC分类号: G06F21/00 G06F15/16

    CPC分类号: H04L63/1425 G06F21/55

    摘要: Security events generated by a number of network devices are gathered and normalized to produce normalized security events in a common schema. The normalized security events are cross-correlated according to rules to generate meta-events. The security events may be gathered remotely from a system at which the cross-correlating is performed. Any meta-events that are generated may be reported by generating alerts for display at one or more computer consoles, or by sending an e-mail message, a pager message, a telephone message, and/or a facsimile message to an operator or other individual. In addition to reporting the meta-events, the present system allows for taking other actions specified by the rules, for example executing scripts or other programs to reconfigure one or more of the network devices, and or to modify or update access lists, etc.

    摘要翻译: 收集并归一化由多个网络设备生成的安全事件,以在公共模式中生成归一化的安全事件。 归一化的安全事件根据规则进行交叉相关,以生成元事件。 可以从执行交叉相关的系统远程收集安全事件。 生成的任何元事件可以通过生成用于在一个或多个计算机控制台上显示的警报来报告,或者通过向操作者或其他人发送电子邮件消息,寻呼机消息,电话消息和/或传真消息来报告 个人。 除了报告元事件之外,本系统允许采取规则指定的其他动作,例如执行脚本或其他程序来重新配置一个或多个网络设备,以及修改或更新访问列表等。

    Hierarchical architecture in a network security system
    6.
    发明授权
    Hierarchical architecture in a network security system 有权
    网络安全系统中的层次结构

    公开(公告)号:US08015604B1

    公开(公告)日:2011-09-06

    申请号:US10683221

    申请日:2003-10-10

    IPC分类号: G06F11/00

    摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the security events. Each of the subsystems can report the correlated events to a global manager module coupled to the plurality of subsystems, and the global manager module can correlate the correlated events from each manager module.

    摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括被配置为从监控设备收集安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过相关 安全事件。 每个子系统可以将相关事件报告给耦合到多个子系统的全局管理器模块,并且全局管理器模块可以将来自每个管理器模块的相关事件相关联。

    Threat detection in a network security system
    7.
    发明授权
    Threat detection in a network security system 有权
    网络安全系统中的威胁检测

    公开(公告)号:US07260844B1

    公开(公告)日:2007-08-21

    申请号:US10655062

    申请日:2003-09-03

    IPC分类号: G06F11/00

    摘要: A network security system is provided that receives information from various sensors and can analyse the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.

    摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 可以使用事件签名来确定接收的安全事件利用的一组漏洞,并且可以使用目标地址来识别网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。

    Real time monitoring and analysis of events from multiple network security devices
    8.
    发明授权
    Real time monitoring and analysis of events from multiple network security devices 有权
    实时监控和分析来自多个网络安全设备的事件

    公开(公告)号:US08056130B1

    公开(公告)日:2011-11-08

    申请号:US12098322

    申请日:2008-04-04

    IPC分类号: G06F21/00 G06F15/16

    CPC分类号: H04L63/1425 G06F21/55

    摘要: Security events generated by a number of network devices are gathered and normalized to produce normalized security events in a common schema. The normalized security events are cross-correlated according to rules to generate meta-events. The security events may be gathered remotely from a system at which the cross-correlating is performed. Any meta-events that are generated may be reported by generating alerts for display at one or more computer consoles, or by sending an e-mail message, a pager message, a telephone message, and/or a facsimile message to an operator or other individual. In addition to reporting the meta-events, the present system allows for taking other actions specified by the rules, for example executing scripts or other programs to reconfigure one or more of the network devices, and or to modify or update access lists, etc.

    摘要翻译: 收集并归一化由多个网络设备生成的安全事件,以在公共模式中生成归一化的安全事件。 归一化的安全事件根据规则进行交叉相关,以生成元事件。 可以从执行交叉相关的系统远程收集安全事件。 生成的任何元事件可以通过生成用于在一个或多个计算机控制台上显示的警报来报告,或者通过向操作者或其他人发送电子邮件消息,寻呼机消息,电话消息和/或传真消息来报告 个人。 除了报告元事件之外,本系统允许采取规则指定的其他动作,例如执行脚本或其他程序来重新配置一个或多个网络设备,以及修改或更新访问列表等。

    Threat detection in a network security system
    9.
    发明授权
    Threat detection in a network security system 有权
    网络安全系统中的威胁检测

    公开(公告)号:US07861299B1

    公开(公告)日:2010-12-28

    申请号:US11836251

    申请日:2007-08-09

    IPC分类号: G06F11/00

    摘要: A network security system is provided that receives information from various sensors and can analyze the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.

    摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 事件签名可用于确定接收到的安全事件利用的一组漏洞,并且目标地址可用于标识网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。

    Iterative constraint collection scheme for preparation of custom manufacturing contracts
    10.
    发明授权
    Iterative constraint collection scheme for preparation of custom manufacturing contracts 有权
    制定定制制造合同的迭代约束收集方案

    公开(公告)号:US07587336B1

    公开(公告)日:2009-09-08

    申请号:US09328983

    申请日:1999-06-09

    IPC分类号: G06Q30/00

    摘要: A series of iterative customer submissions and vendor responses are used to collect sufficient information concerning a custom manufacturing project so as to produce a sufficiently constrained job request as to allow at least one of the vendors to submit a quote for the project. The submissions and responses are preferably made through Web forms and, in one example, the custom manufacturing project is a print job. The collection process is preferably computer assisted so as to incrementally add constraints to an initially under-constrained job request to produce the sufficiently constrained job request.

    摘要翻译: 使用一系列迭代的客户提交和供应商响应来收集有关定制制造项目的足够信息,以便产生足够约束的作业请求,以允许至少一个供应商提交项目的报价。 提交和响应最好通过Web表单进行,在一个示例中,定制制造项目是打印作业。 收集过程优选地被计算机辅助,以便向最初的受限制的作业请求递增地添加约束以产生足够约束的作业请求。