System and method for managing security events on a network

US 20020019945A1
Filed: 04/27/2001
Published: 02/14/2002
Est. Priority Date: 04/28/2000
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for gathering security event data and rendering result data in a manageable format comprising the steps of:

creating scope criteria for analyzing security event data;

collecting the security event data from a plurality of security devices located at a first location;

storing the collected security event data at a second location;

analyzing the collected security event data with the scope criteria to produce result data, the result data accessible by a plurality of clients; and

rendering the result data in a manageable format for the plurality of clients.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system for managing security event data collected from a computing network. The system employs an event managing software module that can reside on a computing network that is being monitored with security devices. The event managing software collects security event data from security devices located in the monitored computing network and can process the security event data. In processing the security event data, the event manager module can format the data and create manageable summaries of the data. The event manager also supports storage of the security event data and the results of any processing performed on the data. Security event data can be identified by the event manager for use in responding to a security event.

298 Citations

30 Claims

1. A computer-implemented method for gathering security event data and rendering result data in a manageable format comprising the steps of:
- creating scope criteria for analyzing security event data;
  
  collecting the security event data from a plurality of security devices located at a first location;
  
  storing the collected security event data at a second location;
  
  analyzing the collected security event data with the scope criteria to produce result data, the result data accessible by a plurality of clients; and
  
  rendering the result data in a manageable format for the plurality of clients.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 28, 29, 30)
- - 2. The method of claim 1, further comprising storing one or more of the scope criteria and the result data.
  - 3. The method of claim 1, wherein the first location is a distributed computing environment.
  - 4. The method of claim 1, wherein the second location is a database server.
  - 5. The method of claim 1, wherein the analyzing is performed at an application server to which the plurality of clients are coupled.
  - 6. The method of claim 1, further comprising searching the stored security event data for additional information identifying a security event.
  - 7. The method of claim 1, further comprising:
    - polling a database server for current stored security event data;
      
      analyzing the current stored security event data to produce current result data; and
      
      rendering the current result data.
  - 8. The method of claim 1, further comprising polling for messages containing information about scope criteria, security event data, or result data.
  - 9. The method of claim 1, further comprising pushing messages to a client wherein the messages contain information about scope criteria, security event data, or result data.
  - 10. The method of claim 1, wherein the step of rendering result data comprises presenting the result data in a chart format.
  - 11. The method of claim 1, wherein in response to analyzing the collected security event data, an action is executed.
  - 12. The method of claim 11, wherein the action is clearing security event data from storage.
  - 13. The method of claim 11, wherein the action is creating an incident from result data for preparing a response.
  - 14. The method of claim 1, wherein the step of collecting security event data further comprises converting the data to a uniform format.
  - 15. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 1.
  - 17. The method of claim 16, further comprising rendering the result in a rendering for output.
  - 18. The method of claim 16, wherein the first location is a distributed computing environment.
  - 19. The method of claim 16, wherein the second location is a database server.
  - 20. The method of claim 16, wherein the result is accessible by a plurality of clients coupled to a distributed computing environment.
  - 21. The method of claim 16, further comprising storing one or more of the scope criteria, and the result.
  - 22. The method of claim 16, wherein in response to producing a result, an action is executed.
  - 23. The method of claim 22, wherein the action is clearing stored security event data.
  - 24. The method of claim 22, wherein the action is creating an incident from a result.
  - 25. The method of claim 16, further comprising applying the scope criteria to a plurality of results.
  - 26. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 16.
  - 28. The system of claim 27, wherein the database server is further operable for storing the collected security event data and the analyzed security event data.
  - 29. The system of claim 27, wherein the application server is further operable for creating an incident from the security event data for preparing a response.
  - 30. The system of claim 27, wherein the security devices are coupled to a distributed computing network.

16. A method for managing security event data collected from a plurality of security devices comprising the steps of:
- creating scope criteria for filtering security event data;
  
  collecting security event data from a plurality of security devices located at a first location;
  
  storing the collected security event data at a second location; and
  
  applying the scope criteria to the collected security event data to produce a result, the result accessible by a plurality of clients.

27. A computer-implemented system for managing security event data collected from a plurality of security devices comprising:
- a plurality of security devices operable for generating security event data;
  
  a database server coupled to the security devices, the database server operable for collecting security event data from the security devices;
  
  an application server coupled to the database server, the application server operable for analyzing the security event data; and
  
  a client coupled to the application server, the client operable for receiving a rendering of the analyzed security event data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Internet Security Systems Incorporated (International Business Machines Corporation)
Inventors
Embar, Sridhar, Kobsa, Christian D., Williams, Bryan Douglas, Nikitaides, Michael George, Di Iorio, Matthew Thaddeus, Houston, Gregory Neil

Granted Patent

US 7,921,459 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 41/0604   using filtering, e.g. reduc...

H04L 41/069   using logs of notifications...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 43/00   Arrangements for monitoring...

H04L 43/028   by filtering

H04L 43/045   for graphical visualisation...

H04L 43/06   Generation of reports

H04L 43/10   Active monitoring, e.g. hea...

H04L 43/18   Protocol analysers

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

System and method for managing security events on a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

298 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

System and method for managing security events on a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

298 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others