Apparatus and methods thereof for inspecting events in a computerized environment respective of a unified index for granular access control
First Claim
1. An apparatus for events inspection in a computerized network environment respective of a unified index, the apparatus comprising:
- an interface to a data network;
a processor;
a non-transitory computer memory coupled to the processor, the memory contains therein instructions that are translatable by the processor to perform;
identifying at least one event that occurred in the data network;
determining whether the at least one event was previously handled by the apparatus by querying a database for identifiers stored in the database;
responsive to the at least one event having not been handled by the apparatus, generating an identifier respective of the at least one event;
storing the generated identifier in the database in association with the at least one event;
analyzing the at least one event to generate metadata associated therewith, wherein the metadata is generated based on at least one of;
a content of the at least one event, a header associated with the at least one event, or a metatag;
matching the metadata to a unified index stored in a database communicatively coupled to the apparatus via the interface to determine whether the at least one event matches a predefined policy, the unified index enabling unified classification of events occurring in the data network;
determining whether the at least one event is potentially a security incident respective of the match; and
performing an action required by the predefined policy.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus collects data from a data network for the purpose of detection and interception of security incidents therein. The apparatus identifies at least one event in the data network. The apparatus then inspects the event to identify its properties and metadata associated therewith. Based on the inspection, the apparatus identifies at least a type of the event, an operation and a resource associated with the event, and a device associated with the event. The metadata is the matched to a unified index stored in a database communicatively coupled to the apparatus via a network. Based on the match the apparatus determines whether the event is potentially a security incident. In case a determination of a potential security incident is made, the apparatus queries a set of set of policy rules to determine a type of action required respective of the metadata. The apparatus then performs the required action.
4 Citations
20 Claims
-
1. An apparatus for events inspection in a computerized network environment respective of a unified index, the apparatus comprising:
-
an interface to a data network; a processor; a non-transitory computer memory coupled to the processor, the memory contains therein instructions that are translatable by the processor to perform; identifying at least one event that occurred in the data network; determining whether the at least one event was previously handled by the apparatus by querying a database for identifiers stored in the database; responsive to the at least one event having not been handled by the apparatus, generating an identifier respective of the at least one event; storing the generated identifier in the database in association with the at least one event; analyzing the at least one event to generate metadata associated therewith, wherein the metadata is generated based on at least one of;
a content of the at least one event, a header associated with the at least one event, or a metatag;matching the metadata to a unified index stored in a database communicatively coupled to the apparatus via the interface to determine whether the at least one event matches a predefined policy, the unified index enabling unified classification of events occurring in the data network; determining whether the at least one event is potentially a security incident respective of the match; and performing an action required by the predefined policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for inspecting events in a computerized network environment respective of a unified index, the method comprising:
-
identifying, by a proxy server computer, at least one event in a data network communicatively coupled to the proxy server computer; determining, by the proxy server computer, whether the at least one event was previously handled by the proxy server computer by querying a database for identifiers stored in the database; responsive to the at least one event having not been handled by the proxy server computer, generating, by the proxy server computer, an identifier respective of the at least one event; storing, by the proxy server computer, the generated identifier in the database in association with the at least one event; analyzing, by the proxy server computer, the at least one event to generate metadata associated therewith, wherein the metadata is generated based on at least one of;
a content of the at least one event, a header associated with the at least one event, or a metatag;matching, by the proxy server computer, the metadata to a unified index stored in a database communicatively coupled to the proxy server computer to determine whether the at least one event matches a predefined policy, the unified index enabling unified classification of events occurring in the data network; determining, by the proxy server computer, whether the at least one event is potentially a security incident respective of the match; and performing, by the proxy server computer, an action required by the predefined policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer software product comprising a non-transitory computer-readable medium containing instructions that are translatable by a computer to perform:
-
identifying at least one event that occurred in a data network; determining whether the at least one event was previously handled by the computer by querying a database for identifiers stored in the database; responsive to the at least one event having not been handled by the computer, generating an identifier respective of the at least one event; storing the generated identifier in the database in association with the at least one event; analyzing the at least one event to generate metadata associated therewith, wherein the metadata is generated based on at least one of;
a content of the at least one event, a header associated with the at least one event, or a metatag;matching the metadata to a unified index stored in a database communicatively coupled to the computer to determine whether the at least one event matches a predefined policy, the unified index enabling unified classification of events occurring in the data network; determining whether the at least one event is potentially a security incident respective of the match; and performing an action required by the predefined policy. - View Dependent Claims (18, 19, 20)
-
Specification