-
公开(公告)号:US08015604B1
公开(公告)日:2011-09-06
申请号:US10683221
申请日:2003-10-10
IPC分类号: G06F11/00
CPC分类号: H04L41/0631 , H04L41/046 , H04L63/1416 , H04L63/1441 , H04L67/10 , H04L67/12
摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the security events. Each of the subsystems can report the correlated events to a global manager module coupled to the plurality of subsystems, and the global manager module can correlate the correlated events from each manager module.
摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括被配置为从监控设备收集安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过相关 安全事件。 每个子系统可以将相关事件报告给耦合到多个子系统的全局管理器模块,并且全局管理器模块可以将来自每个管理器模块的相关事件相关联。
-
公开(公告)号:US09027120B1
公开(公告)日:2015-05-05
申请号:US10683191
申请日:2003-10-10
CPC分类号: G06F21/606 , G06F21/552 , H04L41/044 , H04L41/046 , H04L41/0604 , H04L41/0631 , H04L63/1416 , H04L63/20
摘要: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect base security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the base security events. Each subsystem can also include a filter coupled to the manager module to select which base security events are to be processed further. The selected base security events are passed to a global manager module coupled to the plurality of subsystems that generates global correlated events by correlating the base security events selected for further processing by each filter of each subsystem.
摘要翻译: 提供具有层次结构的网络安全系统。 在一个实施例中,本发明包括多个子系统,其中每个子系统包括配置成从监视器设备收集基本安全事件的多个分布式软件代理,以及耦合到多个分布式软件代理的本地管理器模块,以通过 关联基础安全事件。 每个子系统还可以包括耦合到管理器模块的过滤器,以选择要进一步处理哪些基本安全事件。 所选择的基本安全事件被传递到耦合到多个子系统的全局管理器模块,其通过将每个子系统的每个过滤器选择用于进一步处理的基本安全事件相关联来生成全局相关事件。
-
公开(公告)号:US09100422B1
公开(公告)日:2015-08-04
申请号:US10974105
申请日:2004-10-27
申请人: Kenny Tidwell , Christian Beedgen
发明人: Kenny Tidwell , Christian Beedgen
IPC分类号: H04L29/06
CPC分类号: H04L63/10 , H04L63/02 , H04L63/101 , H04L63/1408 , H04L63/20
摘要: Different network segments can have overlapping address spaces. In one embodiment, the present invention includes a distributed agent of a security system receiving a security event from a network device monitored by the agent. In one embodiment, the agent normalizes the security event into an event schema including one or more zone fields. In one embodiment, the agent also determines one or more zones associated with the received security event, the one or more zones each describing a part of a network, and populates the one or more zone fields using the determined one or more zones.
摘要翻译: 不同的网段可以具有重叠的地址空间。 在一个实施例中,本发明包括从代理监视的网络设备接收安全事件的安全系统的分布式代理。 在一个实施例中,代理将安全事件规范化为包括一个或多个区域字段的事件模式。 在一个实施例中,代理还确定与所接收的安全事件相关联的一个或多个区域,所述一个或多个区域每个描述网络的一部分,并且使用所确定的一个或多个区域来填充所述一个或多个区域域。
-
4.发明授权公开(公告)号:US07424742B1
公开(公告)日:2008-09-09
申请号:US10976075
申请日:2004-10-27
申请人: Debabrata Dash , Christian Beedgen
发明人: Debabrata Dash , Christian Beedgen
IPC分类号: G06F11/00
CPC分类号: H04L63/1425 , G06F21/55
摘要: A query for security event can be represented as an event channel. The event channel may be displayed as a grid of events. In one embodiment, the events included in the event channel are dynamic and can change after initial observation. In one embodiment, the present invention includes creating an event channel defined by a timeframe and an event filter, the event channel including security events stored in an event database that satisfy the timeframe and the event filter. When a security event changes after the event channel has been created, one embodiment of the invention further includes observing a change to a security event stored in the event database, and dynamically updating the event channel based on the observed change.
摘要翻译: 对安全事件的查询可以表示为事件通道。 事件通道可以显示为事件网格。 在一个实施例中,包括在事件通道中的事件是动态的,并且可以在初始观察之后改变。 在一个实施例中,本发明包括创建由时间帧和事件过滤器定义的事件通道,事件通道包括存储在满足时间框架和事件过滤器的事件数据库中的安全事件。 当安全事件在事件通道被创建之后改变时,本发明的一个实施例还包括观察对存储在事件数据库中的安全事件的改变,以及基于观察到的改变来动态地更新事件通道。
-
5.发明申请Real-Time Identification of an Asset Model and Categorization of an Asset to Assist in Computer Network Security 有权资产模型的实时识别和资产分类以协助计算机网络安全公开(公告)号:US20080104276A1
公开(公告)日:2008-05-01
申请号:US11923513
申请日:2007-10-24
申请人: Ankur Lahoti , Hui Huang , Christian Beedgen
发明人: Ankur Lahoti , Hui Huang , Christian Beedgen
IPC分类号: G06F15/16
CPC分类号: G06F21/6218 , G06F21/577 , G06F2221/2101 , G06F2221/2129 , H04L29/12018 , H04L41/046 , H04L41/069 , H04L41/16 , H04L61/10 , H04L63/1416 , H04L69/22
摘要: A unique identifier is assigned to a network node and is used to obtain an “asset model” corresponding to the node and to determine whether the node is a member of a particular category. An asset model is a set of information about a node (e.g., the node's role within the enterprise, software installed on the node, and known vulnerabilities/weaknesses of the node). An identifier lookup module determines a node's identifier based on characteristics of the node (such as IP address, host name, network zone, and/or MAC address), which are used as keys into lookup data structures. A category lookup module determines whether a particular node is a member of (i.e., within) a particular category using a transitive closure to model the categories (properties) that can be attached to an asset model. A transitive closure for a particular asset category is stored as a bitmap, similar to bitmap indexing.
摘要翻译: 唯一标识符被分配给网络节点,并且用于获得与节点对应的“资产模型”,并且确定该节点是否是特定类别的成员。 资产模型是关于节点的一组信息(例如,节点在企业内的角色,安装在节点上的软件以及节点的已知漏洞/弱点)。 标识符查找模块基于用作查找数据结构中的键的节点的特性(诸如IP地址,主机名,网络区域和/或MAC地址)来确定节点的标识符。 类别查找模块使用传递闭包来确定特定节点是否是特定类别的成员(即,在特定类别之内),以模拟可附加到资产模型的类别(属性)。 特定资产类别的传递闭包存储为位图,类似于位图索引。
-
-
-
-
搜索结果
5 条记录 (耗时 0.012 秒)
