Escalated inspection of traffic via SDN
First Claim
Patent Images
1. A method comprising:
- monitoring an indicator indicative of a presence of malware in a selected flow in a local area network;
when the indicator suggests the presence of malware in the selected flow, requesting a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, wherein the requesting comprises sending a message to a software defined network controller that is configured to control the network device; and
causing the security appliance to be reconfigured in response to the indicator when the indicator suggests the presence of malware in the selected flow, by supplying an indication of an inspection profile to the security appliance by using a virtual local area network (VLAN) associated with a desired inspection profile,wherein the selected flow would otherwise go uninspected.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and related apparatus for performing inspection of flows within a software defined network includes monitoring an indicator indicative of a presence of malware in a selected flow in an electronic communications network, when the indicator suggests the presence of malware in the selected flow, requesting a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, and causing the security appliance to be reconfigured in response to the indicator that suggest the presence of malware in the selected flow.
-
Citations
20 Claims
-
1. A method comprising:
-
monitoring an indicator indicative of a presence of malware in a selected flow in a local area network; when the indicator suggests the presence of malware in the selected flow, requesting a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, wherein the requesting comprises sending a message to a software defined network controller that is configured to control the network device; and causing the security appliance to be reconfigured in response to the indicator when the indicator suggests the presence of malware in the selected flow, by supplying an indication of an inspection profile to the security appliance by using a virtual local area network (VLAN) associated with a desired inspection profile, wherein the selected flow would otherwise go uninspected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a network interface unit configured to enable communications via a local area network; a memory configured to store logic instructions; and at least one processor, when executing the logic instructions, is configured to; monitor an indicator indicative of a presence of malware in a selected flow in the local area network; when the indicator suggests the presence of malware in the selected flow, request a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, wherein the request is performed by sending a message to a software defined network controller that is configured to control the network device; and cause the security appliance to be reconfigured in response to the indicator when the indicator suggests the presence of malware in the selected flow, by supplying an indication of an inspection profile to the security appliance by using a virtual local area network (VLAN) associated with a desired inspection profile, wherein the selected flow would otherwise go uninspected. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory tangible computer readable storage media encoded with instructions that, when executed by at least one processor, is configured to cause the processor to:
-
monitor an indicator indicative of a presence of malware in a selected flow in a local area network; when the indicator suggests the presence of malware in the selected flow, request a network device to redirect the selected flow, or to copy the selected flow and send a resulting copy of the selected flow, to a security appliance, wherein the request is performed by sending a message to a software defined network controller that is configured to control the network device; and cause the security appliance to be reconfigured in response to the indicator when the indicator suggests the presence of malware in the selected flow, by supplying an indication of an inspection profile to the security appliance by using a virtual local area network (VLAN) associated with a desired inspection profile, wherein the selected flow would otherwise go uninspected. - View Dependent Claims (18, 19, 20)
-
Specification