-
公开(公告)号:US08990947B2
公开(公告)日:2015-03-24
申请号:US12141897
申请日:2008-06-18
申请人: Efim Hudis , Eyal Zangi , Moshe Sapir , Tomer Weisberg , Yair Helman , Shai Aharon Rubin , Yosef Dinerstein , Lior Arzi
发明人: Efim Hudis , Eyal Zangi , Moshe Sapir , Tomer Weisberg , Yair Helman , Shai Aharon Rubin , Yosef Dinerstein , Lior Arzi
CPC分类号: G06F21/577 , G06F21/6209 , G06F2221/2145 , G06F2221/2151 , G06N5/025 , H04L63/1433
摘要: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.
摘要翻译: 本文描述的主题的方面涉及用于评估安全性的机制。 在一些方面,提供了分析引擎,其管理安全系统的各个组件之间的执行,信息存储和数据传递。 当数据可用于分析时,分析引擎确定要执行哪些安全组件以及执行安全组件的顺序,在某些情况下,并行执行两个或多个组件。 然后,分析引擎按照所确定的顺序执行组件,并将组件的输出传递到组件,这是由组件之间的依赖关系决定的。 直到产生或更新安全评估为止。 分析引擎简化了创建和集成各种安全组件的工作。
-
公开(公告)号:US08490187B2
公开(公告)日:2013-07-16
申请号:US12408453
申请日:2009-03-20
申请人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
CPC分类号: G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
-
公开(公告)号:US20100241974A1
公开(公告)日:2010-09-23
申请号:US12408453
申请日:2009-03-20
申请人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
发明人: Shai A. Rubin , Yosef Dinerstein , Efim Hudis , Yair Helman , Uri Barash , Arie Friedman
CPC分类号: G06F21/56 , G06F3/0484 , G06F21/554 , H04L63/0263 , H04L63/1416 , H04L63/1425
摘要: Systems, methods, and computer program products are described for controlling malicious activity detection with respect to information technology assets based on behavioral models associated with the respective information technology assets. Protection rules and corresponding sensitivities associated with the behavioral models are applied by protection services to detect malicious activity with respect to the information technology assets.
摘要翻译: 描述了系统,方法和计算机程序产品,用于基于与相应的信息技术资产相关联的行为模型来控制关于信息技术资产的恶意活动检测。 与行为模型相关的保护规则和相应的敏感性被保护服务应用于检测信息技术资产的恶意活动。
-
公开(公告)号:US08353020B2
公开(公告)日:2013-01-08
申请号:US11453778
申请日:2006-06-14
IPC分类号: H04L29/06
CPC分类号: H04L63/0227
摘要: A generic master-slave mechanism enables a single processor of a cluster of firewall processors to define the behavior of the other processors in the cluster for a specific logical connection. The cluster of firewall processors utilizes virtual adapters representing physical adapters on other processors in the firewall cluster. This virtualization allows each cluster member to act as though it is a standalone machine that owns all local IP addresses of the entire cluster. When traffic is received by a firewall processor, the firewall processor determines if there is a master associated with the logical connection for the traffic. If so, the traffic is routed to the master. If no master is associated, in an example configuration, the receiving firewall processor becomes the master. A message traffic logical connection has a single master. A master remains the master of a logical connection until the connection is terminated.
摘要翻译: 通用主从机制使得防火墙处理器群集的单个处理器可以定义集群中其他处理器的特定逻辑连接的行为。 防火墙处理器集群利用虚拟适配器代表防火墙集群中其他处理器上的物理适配器。 这种虚拟化允许每个集群成员就像是拥有整个集群的所有本地IP地址的独立机器一样。 当防火墙处理器接收到流量时,防火墙处理器确定是否存在与流量的逻辑连接相关联的主机。 如果是,则流量被路由到主服务器。 如果没有与主机相关联,则在示例配置中,接收防火墙处理器成为主设备。 消息流量逻辑连接具有单个主服务器。 在连接终止之前,主器件保持逻辑连接的主器件。
-
公开(公告)号:US07603333B2
公开(公告)日:2009-10-13
申请号:US11454042
申请日:2006-06-14
IPC分类号: G06N5/02 , G06F15/173
CPC分类号: G06N5/025
摘要: The evaluation of a policy can be delayed until all rules criteria needed for evaluation are available. Also, new types of rules criteria can be registered without requiring changes to a rules engine. A policy manager allows rules to be evaluated and decisions made at different stages of the request handling. The policy manager facilitates interaction with the rules engine until all criteria are evaluated. The policy manager also allows modules developed by third parties to provide notification when criteria can be decided and thus complete evaluation.
摘要翻译: 可以推迟对政策的评估,直到评估所需的所有规则标准可用。 此外,可以注册新类型的规则标准,而不需要更改规则引擎。 策略管理器允许对请求处理的不同阶段进行评估和决策。 策略管理器促进与规则引擎的交互,直到评估所有标准。 政策经理还允许第三方开发的模块在可以决定标准的情况下提供通知,从而完成评估。
-
公开(公告)号:US20090199265A1
公开(公告)日:2009-08-06
申请号:US12141897
申请日:2008-06-18
申请人: Efim Hudis , Eyal Zangi , Moshe Sapir , Tomer Weisberg , Yair Helman , Shai Aharon Rubin , Yosef Dinerstein , Lior Arzi
发明人: Efim Hudis , Eyal Zangi , Moshe Sapir , Tomer Weisberg , Yair Helman , Shai Aharon Rubin , Yosef Dinerstein , Lior Arzi
CPC分类号: G06F21/577 , G06F21/6209 , G06F2221/2145 , G06F2221/2151 , G06N5/025 , H04L63/1433
摘要: Aspects of the subject matter described herein relate to a mechanism for assessing security. In aspects, an analytics engine is provided that manages execution, information storage, and data passing between various components of a security system. When data is available for analysis, the analytics engine determines which security components to execute and the order in which to execute the security components, where in some instances two or more components may be executed in parallel. The analytics engine then executes the components in the order determined and passes output from component to component as dictated by dependencies between the components. This is repeated until a security assessment is generated or updated. The analytics engine simplifies the work of creating and integrating various security components.
摘要翻译: 本文描述的主题的方面涉及用于评估安全性的机制。 在一些方面,提供了分析引擎,其管理安全系统的各个组件之间的执行,信息存储和数据传递。 当数据可用于分析时,分析引擎确定要执行哪些安全组件以及执行安全组件的顺序,在某些情况下,并行执行两个或多个组件。 然后,分析引擎按照所确定的顺序执行组件,并将组件的输出传递到组件,这是由组件之间的依赖关系决定的。 直到产生或更新安全评估为止。 分析引擎简化了创建和集成各种安全组件的工作。
-
公开(公告)号:US20070294754A1
公开(公告)日:2007-12-20
申请号:US11453778
申请日:2006-06-14
IPC分类号: G06F15/16
CPC分类号: H04L63/0227
摘要: A generic master-slave mechanism enables a single processor of a cluster of firewall processors to define the behavior of the other processors in the cluster for a specific logical connection. The cluster of firewall processors utilizes virtual adapters representing physical adapters on other processors in the firewall cluster. This virtualization allows each cluster member to act as though it is a standalone machine that owns all local IP addresses of the entire cluster. When traffic is received by a firewall processor, the firewall processor determines if there is a master associated with the logical connection for the traffic. If so, the traffic is routed to the master. If no master is associated, in an example configuration, the receiving firewall processor becomes the master. A message traffic logical connection has a single master. A master remains the master of a logical connection until the connection is terminated.
摘要翻译: 通用主从机制使得防火墙处理器群集的单个处理器可以定义集群中其他处理器的特定逻辑连接的行为。 防火墙处理器集群利用虚拟适配器代表防火墙集群中其他处理器上的物理适配器。 这种虚拟化允许每个集群成员就像是拥有整个集群的所有本地IP地址的独立机器一样。 当防火墙处理器接收到流量时,防火墙处理器确定是否存在与流量的逻辑连接相关联的主机。 如果是,则流量被路由到主服务器。 如果没有与主机相关联,则在示例配置中,接收防火墙处理器成为主设备。 消息流量逻辑连接具有单个主服务器。 在连接终止之前,主器件保持逻辑连接的主器件。
-
公开(公告)号:US20070294198A1
公开(公告)日:2007-12-20
申请号:US11454042
申请日:2006-06-14
IPC分类号: G06N5/02
CPC分类号: G06N5/025
摘要: The evaluation of a policy can be delayed until all rules criteria needed for evaluation are available. Also, new types of rules criteria can be registered without requiring changes to a rules engine. A policy manager allows rules to be evaluated and decisions made at different stages of the request handling. The policy manager facilitates interaction with the rules engine until all criteria are evaluated. The policy manager also allows modules developed by third parties to provide notification when criteria can be decided and thus complete evaluation.
摘要翻译: 可以推迟对政策的评估,直到评估所需的所有规则标准可用。 此外,可以注册新类型的规则标准,而不需要更改规则引擎。 策略管理器允许对请求处理的不同阶段进行评估和决策。 策略管理器促进与规则引擎的交互,直到评估所有标准。 政策经理还允许第三方开发的模块在可以决定标准的情况下提供通知,从而完成评估。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.012 秒)
