Situational awareness and perimeter protection orchestration
First Claim
Patent Images
1. A system, comprising:
- a memory configured to store computer-executable instructions; and
a processor, communicatively coupled to the memory, configured to execute the computer-executable instructions to perform operations, the operations comprising;
receiving network data from a plurality of network elements in a network, wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element;
determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data;
predicting an occurrence and intensity of a network attack on the network element based on the network data;
determining a service that can counteract the network attack before the occurrence; and
displaying the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods provide for a situational awareness and perimeter protection orchestration system to determine when network attacks are occurring or are about to occur, and provide tools and services to mitigate the attacks. The attacks can be denial of service attacks or distributed denial of service attacks or other types of attacks designed to disable and degrade a network. The dashboard can collect intelligence on what is happening on the network, and also streams of information from third parties that can be used to predict imminent network attacks. The dashboard can also determine what tools and services are available to the network operator in order to counteract the attacks.
-
Citations
16 Claims
-
1. A system, comprising:
-
a memory configured to store computer-executable instructions; and a processor, communicatively coupled to the memory, configured to execute the computer-executable instructions to perform operations, the operations comprising; receiving network data from a plurality of network elements in a network, wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element; determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data; predicting an occurrence and intensity of a network attack on the network element based on the network data; determining a service that can counteract the network attack before the occurrence; and displaying the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing a dashboard for network attack mitigation, comprising:
-
receiving, by a device comprising a processor, network data from a plurality of network elements in a network, wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element; determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data; predicting, by the device, an occurrence and intensity of a network attack on the network element based on the network data; determining, by the device, a service that can counteract the network attack before the occurrence; and displaying, by the device, the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium, comprising instructions, that when executed by a computer processor, perform operations, comprising:
-
receiving network data from a plurality of network elements in a network wherein the network data comprises a sample of packet flow comprising data relating to protocol types, interface information, metrics, and speed of packets arriving at the network element; determining a baseline level of bandwidth that a network element of the plurality of network elements can handle, and determining a risk level to the network element based on a deviation from the baseline level of bandwidth, wherein the deviation is determined based on the network data; predicting an occurrence and intensity of a network attack on the network element based on the network data; determining a service that can counteract the network attack before the occurrence; and displaying the network data, the risk level to the network element, information about the network attack, and information about the service on a user interface. - View Dependent Claims (16)
-
Specification