Scalable network security detection and prevention platform
First Claim
1. A system, comprising:
- a proxy site to receive Internet traffic for a client network;
intrusion monitoring circuitry to analyze the Internet traffic received at the proxy site to detect a threat using distributed threats analytics;
circuitry that implements at least one selective additional security service from a plurality of different security services, each security service as a respective virtual machine, wherein each respective virtual machine is a virtual platform that emulates an instruction set and enables scalability of the plurality of different security services;
a translation layer coupling the intrusion monitoring circuitry and each selected additional security service, in a manner where the at least one additional selected security service is automatically responsive to the intrusion monitoring circuitry;
forwarding circuitry to forward at least part of the Internet traffic to the client network, subject to performance of a function of the at least one selected additional security service, the forwarding circuitry comprising a device at each data center of at least two data centers that are geographically separated; and
a hardware platform that implements, as a virtual machine, a service to route at least a portion of the Internet traffic received at the proxy site to a receiving device at a selective one of the at least two data centers;
wherein;
the at least one additional selected security service includes an antivirus service;
the translation layer generates a template responsive to a trigger from the intrusion monitoring circuitry representing a detected threat;
the forwarding circuitry automatically, responsive to the template, forward at least a portion of the Internet traffic received at the proxy site to the virtual machine implementing the antivirus service;
the antivirus service automatically screens the at least a portion of the Internet traffic for viruses to produce screened traffic; and
the forwarding circuitry forwards the screened traffic to the client network.
3 Assignments
0 Petitions
Accused Products
Abstract
This disclosure provides a network security architecture that permits installation of different software security products as virtual machines (VMs). By relying on a common data format and standardized communication structure (e.g., using pre-established, cross-platform messaging), a general architecture can be created and used to dynamically build and reconfigure interaction between both similar and dissimilar security products. Examples are provided where an intrusion monitoring system (IMS) can be used to detect network threats based on distributed threat analytics, passing detected threats to other security products (e.g., products with different capabilities from different vendors) to trigger automatic, dynamically configured communication and reaction. A network security provider using this infrastructure can provide hosted or managed boundary security to a diverse set of clients, each on a customized basis.
-
Citations
21 Claims
-
1. A system, comprising:
-
a proxy site to receive Internet traffic for a client network; intrusion monitoring circuitry to analyze the Internet traffic received at the proxy site to detect a threat using distributed threats analytics; circuitry that implements at least one selective additional security service from a plurality of different security services, each security service as a respective virtual machine, wherein each respective virtual machine is a virtual platform that emulates an instruction set and enables scalability of the plurality of different security services; a translation layer coupling the intrusion monitoring circuitry and each selected additional security service, in a manner where the at least one additional selected security service is automatically responsive to the intrusion monitoring circuitry; forwarding circuitry to forward at least part of the Internet traffic to the client network, subject to performance of a function of the at least one selected additional security service, the forwarding circuitry comprising a device at each data center of at least two data centers that are geographically separated; and a hardware platform that implements, as a virtual machine, a service to route at least a portion of the Internet traffic received at the proxy site to a receiving device at a selective one of the at least two data centers; wherein; the at least one additional selected security service includes an antivirus service; the translation layer generates a template responsive to a trigger from the intrusion monitoring circuitry representing a detected threat; the forwarding circuitry automatically, responsive to the template, forward at least a portion of the Internet traffic received at the proxy site to the virtual machine implementing the antivirus service; the antivirus service automatically screens the at least a portion of the Internet traffic for viruses to produce screened traffic; and the forwarding circuitry forwards the screened traffic to the client network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A tangible, non-transitory, machine-readable medium, comprising machine-readable instructions that, when executed by one or more processors, cause the one or more processors to:
-
receive, via a proxy site, Internet traffic of a client network; analyze, via intrusion monitoring circuitry, the Internet traffic to detect a threat using distributed threat analytics; implement, via circuitry, at least one selective additional security service from a plurality of different security services, each security service as a respective virtual machine, wherein each respective virtual machine is a virtual platform that emulates an instruction set and enables scalability of the plurality of different security services; forward, via forwarding circuitry, at least part of the Internet traffic to the client network subject to performance of a function of the at least one selected additional security service, the forwarding circuitry comprising a device at each data center of at least two data centers that are geographic ally separated; and implement, via a hardware platform, a service as a virtual machine to route at least a portion of the Internet traffic received at the proxy site to a receiving device at a selective one of the at least two data centers; wherein; wherein a translation layer is coupled to the intrusion monitoring circuitry and each selected additional security service in a manner where the at least one additional selected security service is automatically responsive to the intrusion monitoring circuitry; the at least one additional selected security service includes an antivirus service; the translation layer generates a template responsive to a trigger from the intrusion monitoring circuitry representing a detected threat; the forwarding circuitry automatically, responsive to the template, forwards at least a portion of the Internet traffic received at the proxy site to the virtual machine implementing the antivirus service; the antivirus service automatically screens the at least a portion of the Internet traffic for viruses to produce screened traffic; and the forwarding circuitry forwards the screened traffic to the client network. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification