-
公开(公告)号:US07647632B1
公开(公告)日:2010-01-12
申请号:US11029920
申请日:2005-01-04
申请人: Chad Ward , Ankur Lahoti , Kenny Tidwell
发明人: Chad Ward , Ankur Lahoti , Kenny Tidwell
CPC分类号: H04L63/1416 , G06F21/552 , G06F2221/2143 , G06F2221/2145 , H04L29/12141 , H04L61/1558 , Y10S707/99944 , Y10S707/99945 , Y10S707/99946 , Y10S707/99947
摘要: A system can be configured using configuration objects that have the ability to refer to one another. In one embodiment, the present invention includes such a system having a plurality of objects used to configure the system, each object having a uniform resource identifier (URI), and an object reference table to enable the plurality of objects to reference each other without using URIs.
摘要翻译: 可以使用具有彼此参考的能力的配置对象来配置系统。 在一个实施例中,本发明包括这样的系统,其具有用于配置系统的多个对象,每个对象具有统一资源标识符(URI)和对象参考表,以使多个对象能够彼此参考,而不使用 URI。
-
公开(公告)号:US08065732B1
公开(公告)日:2011-11-22
申请号:US12630573
申请日:2009-12-03
申请人: Chad Ward , Ankur Lahoti , Kenny Tidwell
发明人: Chad Ward , Ankur Lahoti , Kenny Tidwell
CPC分类号: H04L63/1416 , G06F21/552 , G06F2221/2143 , G06F2221/2145 , H04L29/12141 , H04L61/1558 , Y10S707/99944 , Y10S707/99945 , Y10S707/99946 , Y10S707/99947
摘要: A system can be configured using configuration objects that have the ability to refer to one another. In one embodiment, the present invention includes such a system having a plurality of objects used to configure the system, each object having a uniform resource identifier (URI), and an object reference table to enable the plurality of objects to reference each other without using URIs.
摘要翻译: 可以使用具有彼此参考的能力的配置对象来配置系统。 在一个实施例中,本发明包括这样的系统,其具有用于配置系统的多个对象,每个对象具有统一资源标识符(URI)和对象参考表,以使多个对象能够彼此参考,而不使用 URI。
-
公开(公告)号:US08528077B1
公开(公告)日:2013-09-03
申请号:US10821459
申请日:2004-04-09
申请人: Kenny Tidwell , Debabrata Dash
发明人: Kenny Tidwell , Debabrata Dash
IPC分类号: G06F11/00
CPC分类号: G06F21/552 , H04L43/026 , H04L63/0209 , H04L63/1408
摘要: Events are received from a plurality of security devices (which may be similar or different devices, e.g., intrusion detection systems configured to monitor network traffic) and divided into a plurality of event flows. Comparing the event flows (e.g., using statistical correlation methods) then generates one or more meta-events. The received events may be divided into different event flows on the basis of the security device which generated the events. The meta-events may be generated by evaluating a perimeter defense device through comparison of the different event flows. In some cases, various ones of the security devices may be inside or outside a perimeter defined by the perimeter defense device.
摘要翻译: 从多个安全设备(其可以是相似或不同的设备,例如被配置为监视网络业务的入侵检测系统)接收事件并被划分为多个事件流。 比较事件流(例如,使用统计相关方法)然后生成一个或多个元事件。 接收到的事件可以根据产生事件的安全设备划分成不同的事件流。 元事件可以通过比较不同事件流来评估周边防御设备来生成。 在一些情况下,各种安全装置可以在由周边防御装置限定的周边的内部或外部。
-
公开(公告)号:US08015604B1
公开(公告)日:2011-09-06
申请号:US10683221
申请日:2003-10-10
IPC分类号: G06F11/00
CPC分类号: H04L41/0631 , H04L41/046 , H04L63/1416 , H04L63/1441 , H04L67/10 , H04L67/12
摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the security events. Each of the subsystems can report the correlated events to a global manager module coupled to the plurality of subsystems, and the global manager module can correlate the correlated events from each manager module.
摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括被配置为从监控设备收集安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过相关 安全事件。 每个子系统可以将相关事件报告给耦合到多个子系统的全局管理器模块,并且全局管理器模块可以将来自每个管理器模块的相关事件相关联。
-
公开(公告)号:US07260844B1
公开(公告)日:2007-08-21
申请号:US10655062
申请日:2003-09-03
IPC分类号: G06F11/00
CPC分类号: H04L63/1433 , G06F21/577 , H04L63/1425
摘要: A network security system is provided that receives information from various sensors and can analyse the received information. In one embodiment of the present invention, such a system receives a security event from a software agent. The received security event includes a target address and an event signature, as generated by the software agent. The event signature can be used to determine a set of vulnerabilities exploited by the received security event, and the target address can be used to identify a target asset within the network. By accessing a model of the target asset, a set of vulnerabilities exposed by the target asset can be retrieved. Then, a threat can be detected by comparing the set of vulnerabilities exploited by the security event to the set of vulnerabilities exposed by the target asset.
摘要翻译: 提供一种从各种传感器接收信息并且可以分析所接收的信息的网络安全系统。 在本发明的一个实施例中,这样的系统从软件代理接收安全事件。 所接收的安全事件包括由软件代理产生的目标地址和事件签名。 可以使用事件签名来确定接收的安全事件利用的一组漏洞,并且可以使用目标地址来识别网络内的目标资产。 通过访问目标资产的模型,可以检索目标资产公开的一组漏洞。 然后,可以通过将安全事件利用的一组漏洞与目标资产公开的一组漏洞进行比较来检测威胁。
-
公开(公告)号:US09027120B1
公开(公告)日:2015-05-05
申请号:US10683191
申请日:2003-10-10
CPC分类号: G06F21/606 , G06F21/552 , H04L41/044 , H04L41/046 , H04L41/0604 , H04L41/0631 , H04L63/1416 , H04L63/20
摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect base security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the base security events. Each subsystem can also include a filter coupled to the manager module to select which base security events are to be processed further. The selected base security events are passed to a global manager module coupled to the plurality of subsystems that generates global correlated events by correlating the base security events selected for further processing by each filter of each subsystem.
摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括配置成从监视器设备收集基本安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过 关联基础安全事件。 每个子系统还可以包括耦合到管理器模块的过滤器,以选择要进一步处理哪些基本安全事件。 所选择的基本安全事件被传递到耦合到多个子系统的全局管理器模块,其通过将每个子系统的每个过滤器选择用于进一步处理的基本安全事件相关联来生成全局相关事件。
-
公开(公告)号:US09100422B1
公开(公告)日:2015-08-04
申请号:US10974105
申请日:2004-10-27
申请人: Kenny Tidwell , Christian Beedgen
发明人: Kenny Tidwell , Christian Beedgen
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L63/02 , H04L63/101 , H04L63/1408 , H04L63/20
摘要: Different network segments can have overlapping address spaces. In one embodiment, the present invention includes a distributed agent of a security system receiving a security event from a network device monitored by the agent. In one embodiment, the agent normalizes the security event into an event schema including one or more zone fields. In one embodiment, the agent also determines one or more zones associated with the received security event, the one or more zones each describing a part of a network, and populates the one or more zone fields using the determined one or more zones.
摘要翻译: 不同的网段可以具有重叠的地址空间。 在一个实施例中,本发明包括从代理监视的网络设备接收安全事件的安全系统的分布式代理。 在一个实施例中,代理将安全事件规范化为包括一个或多个区域字段的事件模式。 在一个实施例中,代理还确定与所接收的安全事件相关联的一个或多个区域,所述一个或多个区域每个描述网络的一部分,并且使用所确定的一个或多个区域来填充所述一个或多个区域域。
-
公开(公告)号:US07509677B2
公开(公告)日:2009-03-24
申请号:US10839613
申请日:2004-05-04
申请人: Kumar Saurabh , Kenny Tidwell
发明人: Kumar Saurabh , Kenny Tidwell
CPC分类号: H04L63/1416 , G06F21/552
摘要: Patterns can be discovered in security events collected by a network security system. In one embodiment, the present invention includes collecting and storing security events from a variety of monitor devices. In one embodiment, a subset of the stored security events is provided to a manager as an event stream. In one embodiment, the present invention further includes the manager discovering one or more previously unknown event patterns in the event stream.
摘要翻译: 可以在网络安全系统收集的安全事件中发现模式。 在一个实施例中,本发明包括收集和存储来自各种监视器装置的安全事件。 在一个实施例中,存储的安全事件的子集作为事件流被提供给管理器。 在一个实施例中,本发明还包括管理器发现事件流中的一个或多个先前未知的事件模式。
-
公开(公告)号:US20090064333A1
公开(公告)日:2009-03-05
申请号:US12243838
申请日:2008-10-01
申请人: Kumar Saurabh , Kenny Tidwell
发明人: Kumar Saurabh , Kenny Tidwell
IPC分类号: G06F21/00
CPC分类号: H04L63/1416 , G06F21/552
摘要: Patterns can be discovered in events collected by a network system. In one embodiment, the present invention includes collecting and storing events from a variety of monitor devices. In one embodiment, a subset of the stored events is provided to a manager as an event stream. In one embodiment, the present invention further includes the manager discovering one or more previously unknown event patterns in the event stream.
摘要翻译: 可以在网络系统收集的事件中发现模式。 在一个实施例中,本发明包括收集和存储来自各种监视器装置的事件。 在一个实施例中,存储的事件的子集作为事件流被提供给管理器。 在一个实施例中,本发明还包括管理器发现事件流中的一个或多个先前未知的事件模式。
-
公开(公告)号:US20080104046A1
公开(公告)日:2008-05-01
申请号:US11923502
申请日:2007-10-24
申请人: Anurag Singla , Kumar Saurabh , Kenny Tidwell
发明人: Anurag Singla , Kumar Saurabh , Kenny Tidwell
IPC分类号: G06F17/30
CPC分类号: G06F17/30333 , G06F17/30492 , G06F17/30551 , H04L29/12783 , H04L61/35 , H04L63/1408 , H04L63/20 , H04L67/142
摘要: A session table includes one or more records, where each record represents a session. Session record information is stored in various fields, such as key fields, value fields, and timestamp fields. Session information is described as keys and values in order to support query/lookup operations. A session table is associated with a filter, which describes a set of keys that can be used for records in that table. A session table is populated using data contained in security information/events. Rules are created to identify events related to session information, extract the session information, and use the session information to modify a session table. A session table is partitioned so that the number of records in each session table partition is decreased. A session table is processed periodically so that active sessions are moved to the current partition.
摘要翻译: 会话表包括一个或多个记录,其中每个记录表示会话。 会话记录信息存储在各种字段中,例如键字段,值字段和时间戳字段。 会话信息被描述为键和值以支持查询/查找操作。 会话表与过滤器相关联,过滤器描述了可用于该表中的记录的一组密钥。 使用安全信息/事件中包含的数据填充会话表。 创建规则以识别与会话信息相关的事件,提取会话信息,并使用会话信息来修改会话表。 会话表被分区,使得每个会话表分区中的记录数量减少。 周期性地处理会话表,以便将活动会话移动到当前分区。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.018 秒)
