System and method for providing computer network security
First Claim
Patent Images
1. A method for providing computer network security, the method comprising:
- gathering, via a processor, real-time threat information from one or more sources;
deriving, via the processor, security intelligence based on the real-time threat information;
determining, via the processor, a security measure based on the security intelligence; and
dynamically applying, via the processor, the security measure to a computer network using a set of virtual appliances and a set of virtual switches,wherein dynamically applying comprises;
mapping the security measure to the set of virtual appliances, the set of virtual switches, and to a plurality of packet filters,dynamically instantiating each virtual appliance in the set of virtual appliances based on the mapping using software defined networking,service chaining virtual appliances in the set to connect the instantiated virtual appliances according to the mapping, anddynamically programming, based on the mapping, the set of virtual switches using the plurality of packet filters to steer network traffic to the instantiated set of virtual appliances.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure relates generally to computer network, and more particularly to a system and method for providing computer network security. In one embodiment, a method is provided for providing computer network security. The method comprises gathering threat information from one or more sources, deriving security intelligence based on the threat information, determining a security measure based on the security intelligence, and dynamically applying the security measure to a computer network using a set of virtual appliances and a set of virtual switches.
-
Citations
14 Claims
-
1. A method for providing computer network security, the method comprising:
-
gathering, via a processor, real-time threat information from one or more sources; deriving, via the processor, security intelligence based on the real-time threat information; determining, via the processor, a security measure based on the security intelligence; and dynamically applying, via the processor, the security measure to a computer network using a set of virtual appliances and a set of virtual switches, wherein dynamically applying comprises; mapping the security measure to the set of virtual appliances, the set of virtual switches, and to a plurality of packet filters, dynamically instantiating each virtual appliance in the set of virtual appliances based on the mapping using software defined networking, service chaining virtual appliances in the set to connect the instantiated virtual appliances according to the mapping, and dynamically programming, based on the mapping, the set of virtual switches using the plurality of packet filters to steer network traffic to the instantiated set of virtual appliances. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for providing computer network security, the system comprising:
-
at least one microprocessor; and a memory storing instructions that, when executed by the at least one microprocessor, cause the at least one microprocessor to perform operations comprising; gathering real-time threat information from one or more sources; deriving security intelligence based on the real-time threat information; determining a security measure based on the security intelligence; and dynamically applying the security measure to a computer network using a set of virtual appliances and a set of virtual switches, wherein dynamically applying comprises; mapping the security measure to the set of virtual appliances, the set of virtual switches, and a plurality of packet filters, dynamically instantiating each virtual appliance in the set of virtual appliances based on the mapping using software defined networking, service chaining virtual appliances in the set to connect the instantiated virtual appliances according to the mapping, and dynamically programming, based on the mapping, the set of virtual switches using the plurality of packet filters to steer network traffic to the instantiated set of virtual appliances. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium storing computer-executable instructions for:
-
gathering real-time threat information from one or more sources; deriving security intelligence based on the real-time threat information; determining a security measure based on the security intelligence; and dynamically applying the security measure to a computer network using a set of virtual appliances and a set of virtual switches, wherein dynamically applying comprises; mapping the security measure to the set of virtual appliances, the set of virtual switches, and a plurality of packet filters, dynamically instantiating each virtual appliance in the set of virtual appliances based on the mapping using software defined networking, service chaining virtual appliances in the set to connect the instantiated virtual appliances according to the mapping, and dynamically programming, based on the mapping, the set of virtual switches using the plurality of packet filters to steer network traffic to the instantiated set of virtual appliances. - View Dependent Claims (14)
-
Specification