Big data analytics in a converged infrastructure system

US 10,185,830 B1
Filed: 12/31/2014
Issued: 01/22/2019
Est. Priority Date: 12/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method for analyzing data in a converged infrastructure system, the converged infrastructure comprising a data network, a network switch, and a storage network, the method comprising:

capturing metadata associated with network traffic in the converged infrastructure via a Switch port analyzer (SPAN port) on the network switch enabled to collect the metadata from the data network;

wherein components of the converged infrastructure reside on a single rack;

capturing content data associated with the metadata via the SPAN port on the network switch enabled to collect the metadata from the data network;

capturing storage data associated with the metadata from the storage network connected to the network switch of the converged infrastructure;

sending, via the SPAN port, the storage data, the content data, and the metadata to a network monitoring connection; and

reconstructing network traffic path data corresponding to passwords that are stored in the storage network, identifying abnormal access patterns for the passwords and generating an indication of the abnormal access patterns by unknown destination devices by performing data analytics on the metadata, storage data, and the content data, wherein the abnormal access patterns include transmission of the passwords from different ranges of source IP addresses to one or more unknown destination devices.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a computer program product, a system for analyzing data in a converged infrastructure system, comprising capturing metadata associated with a network path via a port on a network switch enabled to collect metadata; capturing content data associated with the metadata via the port on the network switch enabled to collect metadata; and performing data analytics on the metadata and the content data.

23 Citations

15 Claims

1. A method for analyzing data in a converged infrastructure system, the converged infrastructure comprising a data network, a network switch, and a storage network, the method comprising:
- capturing metadata associated with network traffic in the converged infrastructure via a Switch port analyzer (SPAN port) on the network switch enabled to collect the metadata from the data network;
  
  wherein components of the converged infrastructure reside on a single rack;
  
  capturing content data associated with the metadata via the SPAN port on the network switch enabled to collect the metadata from the data network;
  
  capturing storage data associated with the metadata from the storage network connected to the network switch of the converged infrastructure;
  
  sending, via the SPAN port, the storage data, the content data, and the metadata to a network monitoring connection; and
  
  reconstructing network traffic path data corresponding to passwords that are stored in the storage network, identifying abnormal access patterns for the passwords and generating an indication of the abnormal access patterns by unknown destination devices by performing data analytics on the metadata, storage data, and the content data, wherein the abnormal access patterns include transmission of the passwords from different ranges of source IP addresses to one or more unknown destination devices.
- View Dependent Claims (2, 7, 8, 9)
- - 2. The method of claim 1, wherein the captured metadata and the captured storage data are transmitted to compute nodes running data analytics tasks.
  - 7. The method of claim 1, wherein the abnormal access patterns further include a surge of volume of sensitive data.
  - 8. The method of claim 1, wherein performing the analytics further includes launching a visualization program for visualizing network data.
  - 9. The method of claim 1, wherein identifying abnormal access patterns includes identifying abnormal access patterns that are caused by malware.

3. A computer program product for analyzing data in a converged infrastructure system including a data network, a network switch, and a storage network, the computer program product comprising:
- a non-transitory computer readable medium encoded with computer executable program code, the code configured to enable one or more processor to execute;
  
  capturing metadata associated with network traffic in the converged infrastructure via a Switch port analyzer (SPAN port) on the network switch enabled to collect the metadata from the data network;
  
  wherein components of the converged infrastructure reside on a single rack;
  
  capturing content data associated with the metadata via the SPAN port on the network switch enabled to collect the metadata from the data network;
  
  capturing storage data associated with the metadata from the storage network connected to the network switch of the converged infrastructure;
  
  sending, via the SPAN port, the storage data, the content data, and the metadata to a network monitoring connection; and
  
  reconstructing network traffic path data corresponding to passwords that are stored in the storage network, identifying abnormal access patterns for the passwords and generating an indication of the abnormal access patterns by unknown destination devices by performing data analytics on the metadata, storage data, and the content data, wherein the abnormal access patterns include transmission of the passwords from different ranges of source IP addresses to one or more unknown destination devices.
- View Dependent Claims (4, 10, 11, 12)
- - 4. The computer program product of claim 3, wherein the captured metadata from and the captured storage data are transmitted to compute nodes running data analytics tasks.
  - 10. The computer program product of claim 3, wherein the abnormal access patterns further include a surge of volume of sensitive data.
  - 11. The computer program product of claim 3, wherein performing the analytics further includes launching a visualization program for visualizing network data.
  - 12. The computer program product of claim 3, wherein identifying abnormal access patterns includes identifying abnormal access patterns that are caused by malware.

5. A system for analyzing data in a converged infrastructure system, the system comprising:
- a data network;
  
  a storage network;
  
  a network switch; and
  
  computer-executable logic operating in memory, wherein the computer-executable logic is configured for execution of;
  
  capturing metadata associated with network in the converged infrastructure via a Switch port analyzer (SPAN port) on the network switch enabled to collect the metadata from the data network;
  
  wherein components of the converged infrastructure reside on a single rack;
  
  capturing content data associated with the metadata via the SPAN port on the network switch enabled to collect the metadata from the data network;
  
  capturing storage data associated with the metadata from the storage network connected to the network switch of the converged infrastructure;
  
  sending, via the SPAN port, the storage data, the content data, and the metadata to a network monitoring connection; and
  
  reconstructing network traffic path data corresponding to passwords that are stored in the storage network, identifying abnormal access patterns for the passwords and generating an indication of the abnormal access patterns by unknown destination devices by performing data analytics on the metadata, storage data, and the content data, wherein the abnormal access patterns include transmission of the passwords from different ranges of source IP addresses to one or more unknown destination devices.
- View Dependent Claims (6, 13, 14, 15)
- - 6. The system of claim 5, wherein the captured metadata and the captured storage data are transmitted to compute nodes running data analytics tasks.
  - 13. The system of claim 5, wherein the abnormal access patterns further include a surge of volume of sensitive data.
  - 14. The system of claim 5, wherein performing the analytics further includes launching a visualization program for visualizing network data.
  - 15. The system of claim 5, wherein identifying abnormal access patterns includes identifying abnormal access patterns that are caused by malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Qin, Xiaohong, Durazzo, Kenneth, Kumar, Suresh B., Mistry, Nalinkumar N.
Primary Examiner(s)
Feild, Lynn D
Assistant Examiner(s)
Cattungal, Dereena T

Application Number

US14/587,345
Time in Patent Office

1,483 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Big data analytics in a converged infrastructure system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Big data analytics in a converged infrastructure system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links