Advanced persistent threat mitigation
First Claim
Patent Images
1. A method comprising:
- at a network controller, receiving management plane information associated with a configuration of one or more network devices in a network;
determining whether the configuration of the one or more network devices has changed based on the management plane information;
receiving a list of one or more interfaces connecting one or more neighbor devices to the one or more network devices when a configuration change has occurred on the one or more network devices or the one or more network devices has not responded to one or more polling signals; and
in response to determining that the configuration of the one or more network devices has changed, executing one or more mitigation actions in the network, the one or more mitigation actions comprising tearing down the one or more interfaces connecting the one or more neighbor devices to the one or more network devices when a configuration change has occurred or the one or more network devices is determined to not be reachable.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is presented in which a system reduces the risk of an advanced persistent threat (“APT”) detected at one or more network devices by implementing one or more mitigation actions depending on the nature of the detected threat. Accordingly, in response to detecting the risk of an APT at one or more network devices, a centralized controller implements one or more mitigation actions to minimize the vulnerability of an enterprise network to unauthorized access to one or more network resources. A centralized controller may therefore instruct one or more network devices to take appropriate mitigation actions depending on the nature of an APT detected on one or more network devices.
18 Citations
20 Claims
-
1. A method comprising:
-
at a network controller, receiving management plane information associated with a configuration of one or more network devices in a network; determining whether the configuration of the one or more network devices has changed based on the management plane information; receiving a list of one or more interfaces connecting one or more neighbor devices to the one or more network devices when a configuration change has occurred on the one or more network devices or the one or more network devices has not responded to one or more polling signals; and in response to determining that the configuration of the one or more network devices has changed, executing one or more mitigation actions in the network, the one or more mitigation actions comprising tearing down the one or more interfaces connecting the one or more neighbor devices to the one or more network devices when a configuration change has occurred or the one or more network devices is determined to not be reachable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a network interface unit that enables network communications with one or more network devices; and a processor, coupled to the network interface unit, and configured to; receive management plane information associated with a configuration of the one or more network devices in a network; determine whether the configuration of the one or more network devices has changed based on the management plane information; receive a list of one or more interfaces connecting one or more neighbor devices to the one or more network devices when a configuration change has occurred on the one or more network devices or the one or more network devices has not responded to one or more polling signals; and in response to determining that the configuration of the one or more network devices has changed, execute one or more mitigation actions in the network, the one or more mitigation actions comprising tearing down the one or more interfaces connecting the one or more neighbor devices to the one or more network devices when a configuration change has occurred or the one or more network devices is determined to not be reachable. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory processor readable medium storing instructions that, when executed by a processor of a network controller associated with network devices in a network, cause the processor to:
-
receive management plane information associated with a configuration of the one or more network devices in the network; determine whether the configuration of the one or more network devices has changed based on the management plane information; receive a list of one or more interfaces connecting one or more neighbor devices to the one or more network devices when a configuration change has occurred on the one or more network devices or the one or more network devices has not responded to one or more polling signals; and in response to determining that the configuration of the one or more network devices has changed, execute one or more mitigation actions in the network, the one or more mitigation actions comprising tearing down the one or more interfaces connecting the one or more neighbor devices to the one or more network devices when a configuration change has occurred or the one or more network devices is determined to not be reachable. - View Dependent Claims (19, 20)
-
Specification